Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010267195 | TK5105.59 L57 2011 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
This unique book represents the first rigorous and comprehensive study of firewall policy design and analysis. Firewalls are the most critical and widely deployed intrusion prevention systems. Designing new firewall policies and analyzing existing firewall policies have been difficult and error-prone. This book presents scientifically sound and practically useful methods for designing and analyzing firewall policies.
This book is useful to a variety of readers. First, it can be used as a handbook for network/firewall administrators and network security professionals. Second, it can be used as an advanced textbook for graduate students and senior undergraduate students in computer science and engineering. Third, it is also suitable for non-experts in network security who wish to understand more about firewalls. The presentation of the book is detailed enough to capture the interest of curious readers, and complete enough to provide the necessary background material needed to delve further into the subject of firewalls and network security.
Table of Contents
| Preface | p. vii |
| 1 Prologue | p. 1 |
| 1.1 Background and Motivation | p. 1 |
| 1.2 Previous Work | p. 3 |
| 1.2.1 Previous Work on Firewall Design | p. 3 |
| 1.2.2 Previous Work on Firewall Analysis | p. 4 |
| 1.3 Contributions of the Book | p. 5 |
| 1.3.1 Structured Firewall Design | p. 5 |
| 1.3.2 Diverse Firewall Design | p. 6 |
| 1.3.3 Stateful Firewall Model | p. 6 |
| 1.3.4 Firewall Queries | p. 7 |
| 1.3.5 Firewall Redundancy Detection | p. 8 |
| 1.4 Overview of the Book | p. 8 |
| 2 Structured Firewall Design | p. 9 |
| 2.1 Motivation | p. 9 |
| 2.1.1 Consistency, Completeness and Compactness | p. 9 |
| 2.1.2 Structured Firewall Design | p. 12 |
| 2.2 Firewall Decision Diagrams | p. 13 |
| 2.3 FDD Reduction | p. 17 |
| 2.4 FDD Marking | p. 18 |
| 2.5 Firewall Generation | p. 21 |
| 2.6 Firewall Compaction | p. 23 |
| 2.7 Firewall Simplification | p. 26 |
| 2.8 Summary of Structured Firewall Design | p. 28 |
| 3 Diverse Firewall Design | p. 31 |
| 3.1 Construction Algorithm | p. 35 |
| 3.2 Shaping Algorithm | p. 37 |
| 3.2.1 FDD Simplifying | p. 39 |
| 3.2.2 Node Shaping | p. 39 |
| 3.2.3 FDD Shaping | p. 43 |
| 3.3 Comparison Algorithm | p. 44 |
| 3.4 Experimental Results | p. 45 |
| 4 Stateful Firewall Model | p. 49 |
| 4.1 Firewall Model | p. 51 |
| 4.2 Firewall Examples | p. 56 |
| 4.2.1 Example I: Tracking Outgoing Packets | p. 56 |
| 4.2.2 Example II: Tracking FTP Ptotocol | p. 57 |
| 4.3 Removing Packets from Firewall State | p. 60 |
| 4.4 Firewall States | p. 62 |
| 4.4.1 Truly Stateful and Truly Stateless Firewalls | p. 63 |
| 4.4.2 Stateless Derivatives | p. 64 |
| 4.5 Firewall Properties | p. 65 |
| 4.5.1 Conforming Firewalls | p. 65 |
| 4.5.2 Proper Firewalls | p. 66 |
| 5 Firewall Queries | p. 69 |
| 5.1 Structured Firewall Query Language | p. 72 |
| 5.1.1 Firewalls | p. 72 |
| 5.1.2 Query Language | p. 73 |
| 5.2 Firewall Query Examples | p. 74 |
| 5.3 Firewall Query Processing | p. 77 |
| 5.4 FDT-based Firewall Query Processing Algorithm | p. 79 |
| 5.5 Experimental Results | p. 80 |
| 6 Firewall Redundancy Detection | p. 83 |
| 6.1 Firewall Redundant Rules | p. 86 |
| 6.2 Removing Upward Redundancy | p. 88 |
| 6.3 Removing Downward Redundancy | p. 94 |
| 6.4 Experimental Results | p. 98 |
| 7 Epilogue | p. 101 |
| 7.1 Conclusions | p. 101 |
| Acknowledgments | p. 103 |
| Bibliography | p. 105 |
| Index | p. 109 |
