Sciweavers

SP
2000
IEEE

Fang: A Firewall Analysis Engine

14 years 3 months ago
Fang: A Firewall Analysis Engine
Today, even a moderately sized corporate intranet contains multiple firewalls and routers, which are all used to enforce various aspects of the global corporate security policy. Configuring these devices to work in unison is difficult, especially if they are made by different vendors. Even testing or reverse-engineering an existing configuration (say, when a new security administrator takes over) is hard. Firewall configuration files are written in low-level formalisms, whose readability is comparable to assembly code, and the global policy is spread over all the firewalls that are involved. To alleviate some of these difficulties, we designed and implemented a novel firewall analysis tool. Our software allows the administrator to easily discover and test the global firewall policy (either a deployed policy or a planned one). Our tool uses a minimal description of the network topology, and directly parses the various vendor-specific lowlevel configuration files. It intera...
Alain J. Mayer, Avishai Wool, Elisha Ziskind
Added 01 Aug 2010
Updated 01 Aug 2010
Type Conference
Year 2000
Where SP
Authors Alain J. Mayer, Avishai Wool, Elisha Ziskind
Comments (0)