Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. The quality of protection provided by a firewall directly depends on the quality of its policy (i.e., configuration). Due to the lack of tools for analyzing firewall policies, most firewalls on the Internet have been plagued with policy errors. A firewall policy error either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which in turn could lead to irreparable, if not tragic, consequences. A major source of policy errors stem from policy changes. Firewall policies often need to be changed as networks evolve and new threats emerge. This paper presents the theory and algorithms for firewall policy change-impact analysis.
Did you find this white paper useful?
Related white papers
Balancing Security Against Productivity
What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Novell Zenworks Endpoint Security Management: Total Control from a Single Console
Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...
Information Security: Threats and Protection Mechanisms
This white paper offers a glimpse into the safeguards available in the world of information security to protect our communications against threats that are both perceived and actively employed.
Network Security Devices Share the Stage with the Forensic Network Audit
How hackers define themselves: hacker /n./ A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to...
Service Provisioning
In today's network service provider (NSP) environment, customer network access is most often provided as flat-rate, bulk access. As data speeds go higher and application response-time requirements - such as...
An Introduction to Effnet’s IP Packet-Processing Technology
The EffnetEdge Toolkit offers an algorithm-based technology for IP (Internet Protocol) packet processing. Whether installed as software or embedded in chip hardware, it is suitable for routing, firewall filtering and...
