Click here for full text:
Enhancements to the Vantage Firewall Analyzer
Bhatt, Sandeep; Rao, Prasad
HP Laboratories
HPL-2007-154R1
Keyword(s): firewall; rule set; overlap; analysis; rectangle intersection
Abstract: The Vantage firewall analysis toolkit simplifies the complexity of managing firewall access control rule sets. Firewall rule sets typically become increasingly unwieldy over time. It is common for firewalls to have hundreds, or even thousands, of rules. As a result, administrators do not know how rules interact with each other. In a previous technical report [BHR], we presented our tool to analyze Checkpoint firewalls. Given two rule sets, the tool produces a comprehensive list of the traffic that one rule set will let through but not the other one. As such, we can use it to compare the existing rule set with a second rule set containing the proposed changes. The administrator can visually check if the difference in traffic patterns corresponds to what he or she intended in proposing the changes. This report presents improvements and extensions to the toolkit. In particular, we present faster underlying algorithms and improved software architecture. We also extend the toolkit to analyze HP_UX IPFilter rule sets.
19 Pages
External Posting Date: June 7, 2008 [Fulltext]. Approved for External Publication
Internal Posting Date: June 7, 2008 [Fulltext]
Back to Index
| 
Printable version
