A Study on Firewall Policy Anomaly Representation Techniques
A firewall is a system that acts as an interface between private network and a public network. It implements the security policy based on the rules defined by the network administrator; which decides the packets can be allowed or blocked to the organization's private network. Manual definition of rules often results in anomalies in the policy. Existing research on this problem have been focused on analysis and detection of firewall policy anomalies. This paper discusses about two major firewall policy anomaly representations that is policy tree representation and a rule-based segmentation mechanism which uses grid-based representation. This grid-based segmentation mechanism overcomes some limitations of policy tree representation.