TY - GEN
T1 - Firmato
T2 - 1999 IEEE Symposium on Security and Privacy
AU - Bartal, Yair
AU - Mayer, Alain
AU - Nissim, Kobbi
AU - Wool, Avishai
N1 - Publisher Copyright:
© 1999 IEEE.
PY - 1999/1/1
Y1 - 1999/1/1
N2 - In recent years, packet filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and widespread deployment. In contrast, firewall and security management technology is lacking. We present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entity relationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity relationship model; (3) a model compiler translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator. We demonstrate Firmato's capabilities on a realistic example, thus showing that firewall management can be done successfully at an appropriate level of abstraction. We implemented our toolkit to work with a commercially available firewall product. We believe that our approach is an important step towards streamlining the process of configuring and managing firewalls, especially in complex, multi firewall installations.
AB - In recent years, packet filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and widespread deployment. In contrast, firewall and security management technology is lacking. We present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entity relationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity relationship model; (3) a model compiler translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator. We demonstrate Firmato's capabilities on a realistic example, thus showing that firewall management can be done successfully at an appropriate level of abstraction. We implemented our toolkit to work with a commercially available firewall product. We believe that our approach is an important step towards streamlining the process of configuring and managing firewalls, especially in complex, multi firewall installations.
UR - http://www.scopus.com/inward/record.url?scp=84940102288&partnerID=8YFLogxK
U2 - 10.1109/SECPRI.1999.766714
DO - 10.1109/SECPRI.1999.766714
M3 - Conference contribution
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 17
EP - 31
BT - Proceedings of the 1999 IEEE Symposium on Security and Privacy
PB - Institute of Electrical and Electronics Engineers
Y2 - 9 May 1999 through 12 May 1999
ER -