In recent years, packet filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and widespread deployment. In contrast, firewall and security management technology is lacking. We present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entity relationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity relationship model; (3) a model compiler translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator. We demonstrate Firmato's capabilities on a realistic example, thus showing that firewall management can be done successfully at an appropriate level of abstraction. We implemented our toolkit to work with a commercially available firewall product. We believe that our approach is an important step towards streamlining the process of configuring and managing firewalls, especially in complex, multi firewall installations.
|Original language||American English|
|Title of host publication||Proceedings of the 1999 IEEE Symposium on Security and Privacy|
|Publisher||Institute of Electrical and Electronics Engineers Inc.|
|Number of pages||15|
|State||Published - 1999|
|Event||1999 IEEE Symposium on Security and Privacy - Oakland, United States|
Duration: 9 May 1999 → 12 May 1999
|Name||Proceedings - IEEE Symposium on Security and Privacy|
|Conference||1999 IEEE Symposium on Security and Privacy|
|Period||9/05/99 → 12/05/99|
Bibliographical notePublisher Copyright:
© 1999 IEEE.