Firewalls - IT Library : ZDNet Asia

White Papers

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Inferring Higher Level Policies From Firewall Rules 2007-09-19 Stony Brook University

Packet filtering firewall is one of the most important mechanisms used by corporations to enforce their security policy. Recent years have seen a lot of research in the area of firewall management. Typically, firewalls use a large number of low-level filtering rules which are configured using vendor-specific tools. System administrators start off by writing rules which implement the security policy of the organization. They add/delete/change order of rules as the requirements change. For example, when a new machine is added to the network, new rules might be added to the firewall to enable certain services to/from that machine.

Integrated Edge Security Improves Media Company's Network Security and Performance 2007-09-05 Microsoft

Arvato Systems provides communication services for parent company Bertelsmann, a worldwide media corporation. The company needed to give remote employees more secure access to Web-based applications, but its firewall solution could not deliver application-level protection. The company also could not ensure consistent remote access to messaging because the high volume of connection requests overwhelmed the network. For network protection and stability, Arvato Systems implemented a solution based on Microsoft Internet Security and Acceleration Server 2006, part of the Microsoft Forefront line of business security products. Now employees have better remote access to applications and data, and the company has a more protected IT environment with application-level security. The security solution is also easy to maintain, resulting in better network stability and enhanced productivity.

Tags: Network Security, Security Management

FireCracker: A Framework for Inferring Firewall Policies Using Smart Probing 2007-09-05 DePaul University

A firewall policy that is correct and complete is crucial to the safety of a computer network. An adversary will benefit a lot from knowing the policy or its semantics. This paper proposes a framework that could be used to blindly discover a firewall policy remotely as a black box and without prior knowledge about the network configuration. It shows how an attacker can reconstruct a firewall's policy by probing the firewall with tailored packets into a network and forming an idea of what the policy looks like. The proposed methodology shows how to discover a policy that is semantically equivalent to the original one used in the deployed firewall.

Tags: Network Security, Security Tools

Design and Implementation of Cross-Domain Cooperative Firewall 2007-09-04 IBM

Security and privacy are two major concerns in supporting roaming users across administrative domains. In current practices, a roaming user often uses encrypted tunnels, e.g., Virtual Private Networks (VPNs), to protect the secrecy and privacy of her communications. However, due to its encrypted nature, the traffic flowing through these tunnels cannot be examined and regulated by the foreign network's firewall, which may lead the foreign network widely open to various attacks from the Internet. This threat can be alleviated if the users reveal their traffic to the foreign network or the foreign network reveals its firewall rules to the tunnel endpoints. This paper proposes a Cross-Domain Cooperative Firewall (CDCF) that allows two collaborative networks to enforce each other's firewall rules in an oblivious manner.

Tags: Network Security, Security Tools

Why Organizations Need Web Application Firewalls 2007-09-01 Breach Security

Web application firewalls offer immediate and effective protection for web applications and help organizations pass security audits that demonstrate regulatory compliance. In addition, web application firewalls facilitate secure coding initiatives by giving security teams visibility into their applications' defects, transactions, architectures, and communications. This paper will discuss why web application firewalls can offer the real-time, continuous, and customized security that web applications require.

Tags: Security Tools

Demystifying Web 2.0: Opportunities, Threats, Defenses 2007-08-25 Clearswift

Every new technology introduced into the enterprise brings with it new threats. Web 2.0 is no different, with threats including:

Infection and downtime -- caused by viruses, worms, Trojans and spyware

Data leaks -- as staff members intentionally share things they shouldn't

Legal prosecution -- for illegal activities or regulatory breaches

Productivity loss -- as users spend more time on blogs and social networking sites

Resource waste -- as servers and networks become congested

Reputation damage -- one of the above hits the headlines

These threats may look similar to the threat landscape associated with typical Web and e-mail use. But the unique nature of Web 2.0 technologies demand a new understanding and new defenses.

Tags: Security Management, Network Security, Intrusion Detection Systems, Spam - E-mail Fraud - Phishing

Securing Ad Hoc Wireless Networks Against Data Injection Attacks Using Firewalls 2007-08-23 University of Utah

This paper proposes to secure ad hoc networks against data injection attacks by placing firewall functionality at strategic locations in the ad hoc network. The paper first shows that, given the locations of attackers and victims, the problem of placement of firewall functionality at a fixed number of ad hoc nodes while minimizing the impact of the data injection attack is identical to the k-Coverage problem. This problem is known to be NPhard. Then, it develops a near-optimal approximate algorithm for placing firewall functions. The paper also incorporates the loss behavior of wireless links in the algorithm. Next, the paper develops an architecture to determine the location of the attackers.

Tags: Network Security, Mobile - Wireless Communications

Firewall Security Pays Dividends for Arizona Financial Institution 2007-08-10 Microsoft

Round-the-clock banking has become a standard expectation among customers, compelling most financial institutions to expand their banking services to include online delivery. Arizona State Savings & Credit Union (AZSTCU) was anxious to capitalize on that trend, but not before it could ensure the security of its online transactions and strong protection for its internal network. It deployed Microsoft Internet Security and Acceleration (ISA) Server because ISA offers granular control over incoming and outgoing traffic, disguises internal server IP addresses to external users, and controls and documents who can access the Internet from its internal network. As a result, AZSTCU has been able to prevent attacks, reduce business costs, and expand its market reach with little incremental cost.

Tags: Network Security

Emulating an Embedded Firewall 2007-08-10 University of Southern California

The Adventium Labs Embedded Distributed Firewall provides a simple interface for securely managing approved network flows between computers on a network. A "Conversation" manager provides a simple interface for managing flows, defining the connections authorized between nodes on a network. These policies are enforced in hardware embedded in the network interface card of each computer. The policies are managed to create groups of communicating machines and services and to exclude undesired traffic. This paper describes the emulation of the Adventium Labs distributed embedded firewall, using an additional node associated with each user node emulated on the DETER testbed. This paper provides observations on the implementation and current experiments, and discusses how the emulation can be used by other experimenters.

Tags: Security Tools

Better Security through Access-List Management 2007-08-09 Global Knowledge

Security concerns are becoming more common in every environment, regardless how big or small the network. You can get limited security with the access-list on your routers. This paper gives you the basics of access-list with implementations examples as covered in the CCNA certifications.

Tags: Best Practices, Network Security, Digital Signatures, Denial of Service

Jump to 1 2 3 4 [5] 6 7 8 9 10

Title	Date Added	Company
Inferring Higher Level Policies From Firewall Rules	2007-09-19	Stony Brook University
Packet filtering firewall is one of the most important mechanisms used by corporations to enforce their security policy. Recent years have seen a lot of research in the area of firewall management. Typically, firewalls use a large number of low-level filtering rules which are configured using vendor-specific tools. System administrators start off by writing rules which implement the security policy of the organization. They add/delete/change order of rules as the requirements change. For example, when a new machine is added to the network, new rules might be added to the firewall to enable certain services to/from that machine.
Integrated Edge Security Improves Media Company's Network Security and Performance	2007-09-05	Microsoft
Arvato Systems provides communication services for parent company Bertelsmann, a worldwide media corporation. The company needed to give remote employees more secure access to Web-based applications, but its firewall solution could not deliver application-level protection. The company also could not ensure consistent remote access to messaging because the high volume of connection requests overwhelmed the network. For network protection and stability, Arvato Systems implemented a solution based on Microsoft Internet Security and Acceleration Server 2006, part of the Microsoft Forefront line of business security products. Now employees have better remote access to applications and data, and the company has a more protected IT environment with application-level security. The security solution is also easy to maintain, resulting in better network stability and enhanced productivity. Tags: Network Security, Security Management
FireCracker: A Framework for Inferring Firewall Policies Using Smart Probing	2007-09-05	DePaul University
A firewall policy that is correct and complete is crucial to the safety of a computer network. An adversary will benefit a lot from knowing the policy or its semantics. This paper proposes a framework that could be used to blindly discover a firewall policy remotely as a black box and without prior knowledge about the network configuration. It shows how an attacker can reconstruct a firewall's policy by probing the firewall with tailored packets into a network and forming an idea of what the policy looks like. The proposed methodology shows how to discover a policy that is semantically equivalent to the original one used in the deployed firewall. Tags: Network Security, Security Tools
Design and Implementation of Cross-Domain Cooperative Firewall	2007-09-04	IBM
Security and privacy are two major concerns in supporting roaming users across administrative domains. In current practices, a roaming user often uses encrypted tunnels, e.g., Virtual Private Networks (VPNs), to protect the secrecy and privacy of her communications. However, due to its encrypted nature, the traffic flowing through these tunnels cannot be examined and regulated by the foreign network's firewall, which may lead the foreign network widely open to various attacks from the Internet. This threat can be alleviated if the users reveal their traffic to the foreign network or the foreign network reveals its firewall rules to the tunnel endpoints. This paper proposes a Cross-Domain Cooperative Firewall (CDCF) that allows two collaborative networks to enforce each other's firewall rules in an oblivious manner. Tags: Network Security, Security Tools
Why Organizations Need Web Application Firewalls	2007-09-01	Breach Security
Web application firewalls offer immediate and effective protection for web applications and help organizations pass security audits that demonstrate regulatory compliance. In addition, web application firewalls facilitate secure coding initiatives by giving security teams visibility into their applications' defects, transactions, architectures, and communications. This paper will discuss why web application firewalls can offer the real-time, continuous, and customized security that web applications require. Tags: Security Tools
Demystifying Web 2.0: Opportunities, Threats, Defenses	2007-08-25	Clearswift
Every new technology introduced into the enterprise brings with it new threats. Web 2.0 is no different, with threats including: Infection and downtime -- caused by viruses, worms, Trojans and spyware Data leaks -- as staff members intentionally share things they shouldn't Legal prosecution -- for illegal activities or regulatory breaches Productivity loss -- as users spend more time on blogs and social networking sites Resource waste -- as servers and networks become congested Reputation damage -- one of the above hits the headlines These threats may look similar to the threat landscape associated with typical Web and e-mail use. But the unique nature of Web 2.0 technologies demand a new understanding and new defenses. Tags: Security Management, Network Security, Intrusion Detection Systems, Spam - E-mail Fraud - Phishing
Securing Ad Hoc Wireless Networks Against Data Injection Attacks Using Firewalls	2007-08-23	University of Utah
This paper proposes to secure ad hoc networks against data injection attacks by placing firewall functionality at strategic locations in the ad hoc network. The paper first shows that, given the locations of attackers and victims, the problem of placement of firewall functionality at a fixed number of ad hoc nodes while minimizing the impact of the data injection attack is identical to the k-Coverage problem. This problem is known to be NPhard. Then, it develops a near-optimal approximate algorithm for placing firewall functions. The paper also incorporates the loss behavior of wireless links in the algorithm. Next, the paper develops an architecture to determine the location of the attackers. Tags: Network Security, Mobile - Wireless Communications
Firewall Security Pays Dividends for Arizona Financial Institution	2007-08-10	Microsoft
Round-the-clock banking has become a standard expectation among customers, compelling most financial institutions to expand their banking services to include online delivery. Arizona State Savings & Credit Union (AZSTCU) was anxious to capitalize on that trend, but not before it could ensure the security of its online transactions and strong protection for its internal network. It deployed Microsoft Internet Security and Acceleration (ISA) Server because ISA offers granular control over incoming and outgoing traffic, disguises internal server IP addresses to external users, and controls and documents who can access the Internet from its internal network. As a result, AZSTCU has been able to prevent attacks, reduce business costs, and expand its market reach with little incremental cost. Tags: Network Security
Emulating an Embedded Firewall	2007-08-10	University of Southern California
The Adventium Labs Embedded Distributed Firewall provides a simple interface for securely managing approved network flows between computers on a network. A "Conversation" manager provides a simple interface for managing flows, defining the connections authorized between nodes on a network. These policies are enforced in hardware embedded in the network interface card of each computer. The policies are managed to create groups of communicating machines and services and to exclude undesired traffic. This paper describes the emulation of the Adventium Labs distributed embedded firewall, using an additional node associated with each user node emulated on the DETER testbed. This paper provides observations on the implementation and current experiments, and discusses how the emulation can be used by other experimenters. Tags: Security Tools
Better Security through Access-List Management	2007-08-09	Global Knowledge
Security concerns are becoming more common in every environment, regardless how big or small the network. You can get limited security with the access-list on your routers. This paper gives you the basics of access-list with implementations examples as covered in the CCNA certifications. Tags: Best Practices, Network Security, Digital Signatures, Denial of Service

Security

Featured Whitepapers

Member Login

Webcast: Maximizing Data Protection with Disk-Based Backup

HP Simply StorageWorks D2D Backup System

Industry Watch: Healthcare