| | |
Summary: 1
Taxonomy of Conflicts in Network Security Policies
Hazem Hamed and Ehab Al-Shaer
School of Computer Science, Telecommunications and Information Systems
DePaul University, Chicago, USA
Abstract-- Network security polices are essential elements in
Internet security devices that provide traffic filtering, integrity,
confidentiality and authentication. Network security perimeter
devices such as firewalls, IPSec and IDS/IPS devices operate
based on locally configured policies. However, configuring network
security policies remains a complex and error-prone task due
to the rule-dependency semantics, and the interaction between
policies in the network. This complexity is likely to increase as
the network size increases. A successful deployment of a network
security system requires global analysis of policy configurations of
all network security devices in order to avoid policy conflicts and
inconsistency. Policy conflicts may cause serious security breaches
and network vulnerability such as blocking legitimate traffic,
permitting unwanted traffic, and insecure data transmission.
This paper presents a comprehensive classification of security
|
