Firmato: A novel firewall management toolkit

Yair Bartal*, Alain Mayer, Kobbi Nissim, Avishai Wool

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

115 Scopus citations

Abstract

In recent years packet-filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and wide-spread deployment. In contrast, fire-wall and security management technology is lacking. In this paper we present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entity-relationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity-relationship model; (3) a model compiler, translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator. We implemented a prototype of our toolkit to work with several commercially available fire-wall products. This prototype was used to control an operational firewall for several months. We believe that our approach is an important step toward streamlining the process of configuring and managing firewalls, especially in complex, multi-firewall installations.

Original languageEnglish
Pages (from-to)381-420
Number of pages40
JournalACM Transactions on Computer Systems
Volume22
Issue number4
DOIs
StatePublished - Nov 2004

Fingerprint

Dive into the research topics of 'Firmato: A novel firewall management toolkit'. Together they form a unique fingerprint.

Cite this