Automatic Detection of Firewall Misconfigurations Using Firewall and Network Routing Policies

Free registration required

Executive Summary

Firewalls are the most prevalent and important means of enforcing security policies inside networks and across organizational boundaries. However, effective and fault free firewall management in large and fast growing networks becomes increasingly more challenging. Firewall security policies are complex and their interaction with routing policies and applications further complicates policy configurations. It is often that routing is ignored in firewall management. Configuration problems can occur in a device or multiple devices along several network paths that change over time according to routing. The paper presents an application, Prometheus, which implements mechanisms for automatic detection of firewall configuration problems that are extremely difficult to resolve manually. In addition to firewall configurations, Prometheus incorporates and analyzes dynamic routing information.

  • Format: PDF
  • Size: 367.9 KB