Firewall Configuration Errors Revisited

Download Now Date Added: Nov 2009
Format: PDF

Practically every corporation that is connected to the Internet uses firewalls as the first line of its cyber-defense. However, the protection that these firewalls provide is only as good as the policy they are configured to implement. The first quantitative evaluation of the quality of corporate firewall configurations appeared in 2004, based on Check Point FireWall-1 rule-sets. In general that survey indicated that corporate firewalls were often enforcing poorly written rule-sets, containing many errors. One important finding was that high rule-set complexity was positively correlated with the number of detected configuration errors. Another finding was an indication that rule-sets from later software versions had slightly fewer errors.