Complete analysis of configuration rules to guarantee reliable network security policies

The use of different network security components, such as firewalls and network intrusion detection systems (NIDSs), is the dominant method to monitor and guarantee the security policy in current corporate networks. To properly configure these components, it is necessary to use several sets of secur...

Full description

Saved in:
Bibliographic Details
Published in:International journal of information security 2008-04, Vol.7 (2), p.103-122
Main Authors: Alfaro, J. G., Boulahia-Cuppens, N., Cuppens, F.
Format: Article
Language:English
Subjects:
Access control
Algorithms
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer networks
Computer Science
Computer security
Cortafuegos (Seguridad informática)
Cryptography and Security
Cryptology
Firewalls
Firewalls (Computer security)
Information systems
Informàtica
Informática
Internet
Intrusion detection systems
Management
Management of Computing and Information Systems
Medidas de seguridad
Mesures de seguretat
Network security
Networks
Operating Systems
Ordenadores, Redes de
Ordinadors, Xarxes d
Prevention
Roles
Security management
Security measures
Special Issue Paper
Studies
Tallafocs (Seguretat informàtica)
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The use of different network security components, such as firewalls and network intrusion detection systems (NIDSs), is the dominant method to monitor and guarantee the security policy in current corporate networks. To properly configure these components, it is necessary to use several sets of security rules. Nevertheless, the existence of anomalies between those rules, particularly in distributed multi-component scenarios, is very likely to degrade the network security policy. The discovery and removal of these anomalies is a serious and complex problem to solve. In this paper, we present a complete set of mechanisms for such a management.
ISSN:1615-5262
1615-5270
1615-5270
DOI:10.1007/s10207-007-0045-7