Firewalls - IT Library : ZDNet Asia

White Papers

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Diverse Firewall Design 2007-11-26 Institute of Electrical and Electronics Engineers

Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. An error in a firewall policy either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which in turn could lead to irreparable, if not tragic, consequences. It has been observed that most firewall policies on the Internet are poorly designed and have many errors. Therefore, how to design firewall policies correctly is an important issue. This paper propose the method of diverse firewall design, which consists of three phases: a design phase, a comparison phase, and a resolution phase.

Tags: Security Tools

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations 2007-11-20 Cisco Systems

This case study describes how Cisco Systems uses Cisco PIX security appliances to protect its network assets from unauthorized access. The Cisco global network is a leading-edge enterprise environment that is one of the largest and most complex in the world. Cisco customers can draw on Cisco IT's real-world experience in this area to help support similar enterprise needs.

Tags: Network Security, Security Management

Formal Correctness of Conflict Detection for Firewalls 2007-11-02 Association for Computing Machinery

This paper describes the formalization of a correctness proof for a conflict detection algorithm for firewalls in the Coq Proof Assistant. First, it gives formal definitions in Coq of a firewall access rule and of an access request to a firewall. Formally, two rules are in conflict if there exists a request on which one rule would allow access and the other would deny it. The algorithms are expressed in Coq, and prove that it finds all conflicts in a set of rules.

Tags: Security Tools

TechNet Webcast: Windows Firewall With Advanced Security (Level 200) 2007-10-30 Microsoft

This webcast take a look at features of firewalls in general and specifically the firewall included with Windows operating systems. It uses some of the features in previous versions of Windows Firewall to highlight the new benefits of the Windows Firewall in Windows Vista. Windows Firewall in Windows Vista provides greater configuration options, resulting in greater security for different connection methods, such as Local Area Network (LAN) or wireless connections. This webcast discuss ways to configure exceptions for better control over incoming and outgoing traffic.

Tags: Windows Vista, Network Security

An NSIS-Based Approach for Firewall Traversal in Mobile IPv6 Networks 2007-10-24 Association for Computing Machinery

Firewalls have been successfully deployed in network infrastructure in various environments and will also be used in IPv6 networks. However, most of the current firewalls do not support Mobile IPv6, the best known standardized solution for mobility support in IPv6. As a result, Mobile IPv6 traffic will be most likely dropped when used without an appropriate firewall traversal solution. This paper describes the problems and impacts of having firewalls in Mobile IPv6 environments and presents a firewall traversal solution based on the IETF's Next Steps in Signaling framework to address these issues.

Tags: Security Tools

Dude!: You Say I Need an Application Layer Firewall?! 2007-10-18 Secure Computing

Internet firewalls have been a popular tool for security practitioners. Today, they are considered a mandatory component of any industry or government network. Unfortunately, many consumers of these fundamental networking tools buy and rely on them without understanding that there can be dramatic differences between firewalls that are manufactured by competing security practitioners and their unique engineering teams. Firewall products that are brought to market based on significantly different technical design philosophies and different go-to-market strategies quite naturally introduce consumer trade-offs that should be weighed when making buying decisions. Certain firewall design trade-offs, for example, favor security over convenience, and certain firewall go-to-market strategies favor platform performance over security.

Tags: Network Security, Security Tools

Assisted Firewall Policy Repair Using Examples and History 2007-10-17 College of William & Mary

Using examples and history mapping, a system administrator can easily identify the two or three critical rules in a rule set that lead to a serious firewall error. Detecting these faults greatly reduces the amount of time an administrator must spend in careful examination of the policy and makes it much easier to manage and maintain a large, restrictive firewall policy. Using counterexamples and witnesses, the system administrator also gains valuable knowledge about the circumstances under which an error occurs. Using rule history with equivalence classes allows the system administrator to quickly and easily detect both errors and faults in the policy without constructing a large number of complicated assertions.

Tags: Network Security, Security Tools

PolicyVis: Firewall Security Policy Visualization and Inspection 2007-10-08 University of Waterloo

Firewalls have an important role in network security. However, managing firewall policies is an extremely complex task because the large number of interacting rules in single or distributed firewalls significantly increases the possibility of policy misconfiguration and network vulnerabilities. Moreover, due to low-level representation of firewall rules, the semantic of firewall policies become very incomprehensible, which make inspecting of firewall policy's properties a difficult and error-prone task. This paper proposes a tool called PolicyVis which visualizes firewall rules and policies in such a way that efficiently enhances the understanding and inspecting firewall policies.

Tags: Security Tools

Securing a Major German Insurer Using a Personal Firewall in the Endpoint Security Solution From Symantec 2007-10-04 Symantec

Forewarned is forearmed. That could be the motto by which HUK-COBURG protects its business network and mobile terminals from Internet viruses. Only clients found to be clean in a virus protection test will in future be allowed to log in to the major German insurer, and it's made possible by the personal firewall in Symantec Sygate Enterprise Protection software. The solution not only enables the differentiated definition of security requirements to be met by the client for each employee and each location, it also means that the established guidelines on client security are kept under control. Missing updates are immediately detected and automatically carried out. If this is not possible, update gaps are 'Punished' by means of a restricted radius of action.

Tags: Anti-Virus, Mobile - Wireless Communications

Discussion of Conceptual Difference Between Cisco IOS Classic and Zone-Based Firewalls 2007-10-01 Cisco Systems

Cisco IOS has supported stateful inspection firewall capability since before Cisco IOS Software Version 12.0. Stateful Inspection Firewall features are supported through the Classic Firewall (formerly known as Context-Based Access Control, or CBAC). Cisco IOS Software introduced an additional configuration model for stateful inspection with the Zone-Based Policy Firewall (ZFW) in Cisco IOS Software version 12.4(6)T. Cisco IOS Software Classic Firewall will continue to be maintained for the foreseeable future, but will not be significantly enhanced with new features. Instead, the strategic development direction for Cisco IOS Software's stateful inspection firewall is carried by Zone-Based Policy firewall.

Tags: Security Applications

Jump to 1 2 3 [4] 5 6 7 8 9 10

Title	Date Added	Company
Diverse Firewall Design	2007-11-26	Institute of Electrical and Electronics Engineers
Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. An error in a firewall policy either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which in turn could lead to irreparable, if not tragic, consequences. It has been observed that most firewall policies on the Internet are poorly designed and have many errors. Therefore, how to design firewall policies correctly is an important issue. This paper propose the method of diverse firewall design, which consists of three phases: a design phase, a comparison phase, and a resolution phase. Tags: Security Tools
How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations	2007-11-20	Cisco Systems
This case study describes how Cisco Systems uses Cisco PIX security appliances to protect its network assets from unauthorized access. The Cisco global network is a leading-edge enterprise environment that is one of the largest and most complex in the world. Cisco customers can draw on Cisco IT's real-world experience in this area to help support similar enterprise needs. Tags: Network Security, Security Management
Formal Correctness of Conflict Detection for Firewalls	2007-11-02	Association for Computing Machinery
This paper describes the formalization of a correctness proof for a conflict detection algorithm for firewalls in the Coq Proof Assistant. First, it gives formal definitions in Coq of a firewall access rule and of an access request to a firewall. Formally, two rules are in conflict if there exists a request on which one rule would allow access and the other would deny it. The algorithms are expressed in Coq, and prove that it finds all conflicts in a set of rules. Tags: Security Tools
TechNet Webcast: Windows Firewall With Advanced Security (Level 200)	2007-10-30	Microsoft
This webcast take a look at features of firewalls in general and specifically the firewall included with Windows operating systems. It uses some of the features in previous versions of Windows Firewall to highlight the new benefits of the Windows Firewall in Windows Vista. Windows Firewall in Windows Vista provides greater configuration options, resulting in greater security for different connection methods, such as Local Area Network (LAN) or wireless connections. This webcast discuss ways to configure exceptions for better control over incoming and outgoing traffic. Tags: Windows Vista, Network Security
An NSIS-Based Approach for Firewall Traversal in Mobile IPv6 Networks	2007-10-24	Association for Computing Machinery
Firewalls have been successfully deployed in network infrastructure in various environments and will also be used in IPv6 networks. However, most of the current firewalls do not support Mobile IPv6, the best known standardized solution for mobility support in IPv6. As a result, Mobile IPv6 traffic will be most likely dropped when used without an appropriate firewall traversal solution. This paper describes the problems and impacts of having firewalls in Mobile IPv6 environments and presents a firewall traversal solution based on the IETF's Next Steps in Signaling framework to address these issues. Tags: Security Tools
Dude!: You Say I Need an Application Layer Firewall?!	2007-10-18	Secure Computing
Internet firewalls have been a popular tool for security practitioners. Today, they are considered a mandatory component of any industry or government network. Unfortunately, many consumers of these fundamental networking tools buy and rely on them without understanding that there can be dramatic differences between firewalls that are manufactured by competing security practitioners and their unique engineering teams. Firewall products that are brought to market based on significantly different technical design philosophies and different go-to-market strategies quite naturally introduce consumer trade-offs that should be weighed when making buying decisions. Certain firewall design trade-offs, for example, favor security over convenience, and certain firewall go-to-market strategies favor platform performance over security. Tags: Network Security, Security Tools
Assisted Firewall Policy Repair Using Examples and History	2007-10-17	College of William & Mary
Using examples and history mapping, a system administrator can easily identify the two or three critical rules in a rule set that lead to a serious firewall error. Detecting these faults greatly reduces the amount of time an administrator must spend in careful examination of the policy and makes it much easier to manage and maintain a large, restrictive firewall policy. Using counterexamples and witnesses, the system administrator also gains valuable knowledge about the circumstances under which an error occurs. Using rule history with equivalence classes allows the system administrator to quickly and easily detect both errors and faults in the policy without constructing a large number of complicated assertions. Tags: Network Security, Security Tools
PolicyVis: Firewall Security Policy Visualization and Inspection	2007-10-08	University of Waterloo
Firewalls have an important role in network security. However, managing firewall policies is an extremely complex task because the large number of interacting rules in single or distributed firewalls significantly increases the possibility of policy misconfiguration and network vulnerabilities. Moreover, due to low-level representation of firewall rules, the semantic of firewall policies become very incomprehensible, which make inspecting of firewall policy's properties a difficult and error-prone task. This paper proposes a tool called PolicyVis which visualizes firewall rules and policies in such a way that efficiently enhances the understanding and inspecting firewall policies. Tags: Security Tools
Securing a Major German Insurer Using a Personal Firewall in the Endpoint Security Solution From Symantec	2007-10-04	Symantec
Forewarned is forearmed. That could be the motto by which HUK-COBURG protects its business network and mobile terminals from Internet viruses. Only clients found to be clean in a virus protection test will in future be allowed to log in to the major German insurer, and it's made possible by the personal firewall in Symantec Sygate Enterprise Protection software. The solution not only enables the differentiated definition of security requirements to be met by the client for each employee and each location, it also means that the established guidelines on client security are kept under control. Missing updates are immediately detected and automatically carried out. If this is not possible, update gaps are 'Punished' by means of a restricted radius of action. Tags: Anti-Virus, Mobile - Wireless Communications
Discussion of Conceptual Difference Between Cisco IOS Classic and Zone-Based Firewalls	2007-10-01	Cisco Systems
Cisco IOS has supported stateful inspection firewall capability since before Cisco IOS Software Version 12.0. Stateful Inspection Firewall features are supported through the Classic Firewall (formerly known as Context-Based Access Control, or CBAC). Cisco IOS Software introduced an additional configuration model for stateful inspection with the Zone-Based Policy Firewall (ZFW) in Cisco IOS Software version 12.4(6)T. Cisco IOS Software Classic Firewall will continue to be maintained for the foreseeable future, but will not be significantly enhanced with new features. Instead, the strategic development direction for Cisco IOS Software's stateful inspection firewall is carried by Zone-Based Policy firewall. Tags: Security Applications

Security

Featured Whitepapers

Member Login

Oracle Technology Solutions for Midsize Businesses

Country Insight: China