Contributions to Proceedings:
M. Tempesta, C. Bodei, P. Degano, R. Forcardi, L. Galletta, L. Veronese:
"Firewall Management With FireWall Synthesizer";
issued by: Italian Conference on CyberSecurity (ITASEC);
Firewalls are notoriously hard to configure and maintain. Policies are written in low-level, system-specific languages where rules are inspected and enforced along non-trivialcontrol flow paths. Moreover, firewalls are tightly related to Network Address Translation(NAT) since filters need to be specified taking into account the possible translations ofpacket addresses, further complicating the task of network administrators. To simplifythis job, we proposeFireWall Synthesizer(FWS), a tool that decompiles real firewallconfigurations from different systems into an abstract specification. This representationhighlights the meaning of a configuration, i.e., the allowed connections with possible addresstranslations. We show the usage of FWS in analyzing and maintaining a configuration ona simple (yet realistic) scenario and we discuss how the tool scales on real-world policies
Electronic version of the publication:
Created from the Publication Database of the Vienna University of Technology.