A Topology-Based Conflict Detection System for Firewall Policies Using Bit-Vector-Based Spatial Calculus

Firewalls use packet filtering to either accept or deny packets on the basis of a set of predefined rules called filters. The firewall forms the initial layer of defense and protects the network from unauthorized access. However, maintaining firewall policies is always an error prone task, because the policies are highly complex. Conflict is a misconfiguration that occurs when a packet matches two or more filters. The occurrence of conflicts in a firewall policy makes the filters either redundant or shadowed, and as a result, the network does not reflect the actual configuration of the firewall policy. Hence, it is necessary to detect conflicts to keep the filters meaningful.

Provided by: Scientific Research Topic: Security Date Added: Nov 2011 Format: PDF

Find By Topic