| Title | Date Added | Company | |
|---|---|---|---|
![]() |
Diverse Firewall Design | 2007-11-26 | Institute of Electrical and Electronics Engineers |
| Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. An error in a firewall policy either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which in turn could lead to irreparable, if not tragic, consequences. It has been observed that most firewall policies on the Internet are poorly designed and have many errors. Therefore, how to design firewall policies correctly is an important issue. This paper propose the method of diverse firewall design, which consists of three phases: a design phase, a comparison phase, and a resolution phase.
Tags: Security Tools |
|||
![]() |
How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations | 2007-11-20 | Cisco Systems |
| This case study describes how Cisco Systems uses Cisco PIX security appliances to protect its network assets from unauthorized access. The Cisco global network is a leading-edge enterprise environment that is one of the largest and most complex in the world. Cisco customers can draw on Cisco IT's real-world experience in this area to help support similar enterprise needs.
Tags: Network Security, Security Management |
|||
![]() |
Formal Correctness of Conflict Detection for Firewalls | 2007-11-02 | Association for Computing Machinery |
| This paper describes the formalization of a correctness proof for a conflict detection algorithm for firewalls in the Coq Proof Assistant. First, it gives formal definitions in Coq of a firewall access rule and of an access request to a firewall. Formally, two rules are in conflict if there exists a request on which one rule would allow access and the other would deny it. The algorithms are expressed in Coq, and prove that it finds all conflicts in a set of rules.
Tags: Security Tools |
|||
![]() |
TechNet Webcast: Windows Firewall With Advanced Security (Level 200) | 2007-10-30 | Microsoft |
| This webcast take a look at features of firewalls in general and specifically the firewall included with Windows operating systems. It uses some of the features in previous versions of Windows Firewall to highlight the new benefits of the Windows Firewall in Windows Vista. Windows Firewall in Windows Vista provides greater configuration options, resulting in greater security for different connection methods, such as Local Area Network (LAN) or wireless connections. This webcast discuss ways to configure exceptions for better control over incoming and outgoing traffic.
Tags: Windows Vista, Network Security |
|||
![]() |
An NSIS-Based Approach for Firewall Traversal in Mobile IPv6 Networks | 2007-10-24 | Association for Computing Machinery |
| Firewalls have been successfully deployed in network infrastructure in various environments and will also be used in IPv6 networks. However, most of the current firewalls do not support Mobile IPv6, the best known standardized solution for mobility support in IPv6. As a result, Mobile IPv6 traffic will be most likely dropped when used without an appropriate firewall traversal solution. This paper describes the problems and impacts of having firewalls in Mobile IPv6 environments and presents a firewall traversal solution based on the IETF's Next Steps in Signaling framework to address these issues.
Tags: Security Tools |
|||
![]() |
Dude!: You Say I Need an Application Layer Firewall?! | 2007-10-18 | Secure Computing |
| Internet firewalls have been a popular tool for security practitioners. Today, they are considered a mandatory component of any industry or government network. Unfortunately, many consumers of these fundamental networking tools buy and rely on them without understanding that there can be dramatic differences between firewalls that are manufactured by competing security practitioners and their unique engineering teams. Firewall products that are brought to market based on significantly different technical design philosophies and different go-to-market strategies quite naturally introduce consumer trade-offs that should be weighed when making buying decisions. Certain firewall design trade-offs, for example, favor security over convenience, and certain firewall go-to-market strategies favor platform performance over security.
Tags: Network Security, Security Tools |
|||
![]() |
Assisted Firewall Policy Repair Using Examples and History | 2007-10-17 | College of William & Mary |
| Using examples and history mapping, a system administrator can easily identify the two or three critical rules in a rule set that lead to a serious firewall error. Detecting these faults greatly reduces the amount of time an administrator must spend in careful examination of the policy and makes it much easier to manage and maintain a large, restrictive firewall policy. Using counterexamples and witnesses, the system administrator also gains valuable knowledge about the circumstances under which an error occurs. Using rule history with equivalence classes allows the system administrator to quickly and easily detect both errors and faults in the policy without constructing a large number of complicated assertions.
Tags: Network Security, Security Tools |
|||
![]() |
PolicyVis: Firewall Security Policy Visualization and Inspection | 2007-10-08 | University of Waterloo |
| Firewalls have an important role in network security. However, managing firewall policies is an extremely complex task because the large number of interacting rules in single or distributed firewalls significantly increases the possibility of policy misconfiguration and network vulnerabilities. Moreover, due to low-level representation of firewall rules, the semantic of firewall policies become very incomprehensible, which make inspecting of firewall policy's properties a difficult and error-prone task. This paper proposes a tool called PolicyVis which visualizes firewall rules and policies in such a way that efficiently enhances the understanding and inspecting firewall policies.
Tags: Security Tools |
|||
![]() |
Securing a Major German Insurer Using a Personal Firewall in the Endpoint Security Solution From Symantec | 2007-10-04 | Symantec |
| Forewarned is forearmed. That could be the motto by which HUK-COBURG protects its business network and mobile terminals from Internet viruses. Only clients found to be clean in a virus protection test will in future be allowed to log in to the major German insurer, and it's made possible by the personal firewall in Symantec Sygate Enterprise Protection software. The solution not only enables the differentiated definition of security requirements to be met by the client for each employee and each location, it also means that the established guidelines on client security are kept under control. Missing updates are immediately detected and automatically carried out. If this is not possible, update gaps are 'Punished' by means of a restricted radius of action.
Tags: Anti-Virus, Mobile - Wireless Communications |
|||
![]() |
Discussion of Conceptual Difference Between Cisco IOS Classic and Zone-Based Firewalls | 2007-10-01 | Cisco Systems |
| Cisco IOS has supported stateful inspection firewall capability since before Cisco IOS Software Version 12.0. Stateful Inspection Firewall features are supported through the Classic Firewall (formerly known as Context-Based Access Control, or CBAC). Cisco IOS Software introduced an additional configuration model for stateful inspection with the Zone-Based Policy Firewall (ZFW) in Cisco IOS Software version 12.4(6)T. Cisco IOS Software Classic Firewall will continue to be maintained for the foreseeable future, but will not be significantly enhanced with new features. Instead, the strategic development direction for Cisco IOS Software's stateful inspection firewall is carried by Zone-Based Policy firewall.
Tags: Security Applications |