Firmato: a novel firewall management toolkit. In recent years, packet filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and widespread deployment. In contrast, firewall and security management technology is lacking. We present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entity relationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity relationship model; (3) a model compiler translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator. We demonstrate Firmato’s capabilities on a realistic example, thus showing that firewall management can be done successfully at an appropriate level of abstraction. We implemented our toolkit to work with a commercially available firewall product. We believe that our approach is an important step towards streamlining the process of configuring and managing firewalls, especially in complex, multi firewall installations

References in zbMATH (referenced in 12 articles )

Showing results 1 to 12 of 12.
Sorted by year (citations)

  1. Diekmann, Cornelius; Hupel, Lars; Michaelis, Julius; Haslbeck, Maximilian; Carle, Georg: Verified iptables firewall analysis and verification (2018)
  2. Alfaro, J. G.; Boulahia-Cuppens, N.; Cuppens, F.: Complete analysis of configuration rules to guarantee reliable network security policies (2008) ioport
  3. Laborde, Romain; Kamel, Michel; Barrère, François; Benzekri, Abdelmalek: Implementation of a formal security policy refinement process in WBEM architecture (2007) ioport
  4. Mayer, Alain; Wool, Avishai; Ziskind, Elisha: Offline firewall analysis (2006) ioport
  5. Rathgeb, Erwin P.; Riebach, Stephan; Tödtmann, Birger: Neue herausforderungen für den schutz kritischer infrastrukturkomponenten in zukünftigen IP-netzen. (2006) ioport
  6. Guttman, Joshua D.; Herzog, Amy L.: Rigorous automated network security management (2005) ioport
  7. Bartal, Yair; Mayer, Alain J.; Nissim, Kobbi; Wool, Avishai: \textitfirmato: A novel firewall management toolkit. (2004) ioport
  8. Hassan, Ahmed AbdAllah; Hudec, Ladislav: Management and verification of firewall and router access lists (2004)
  9. Peltonen, Antti; Virtanen, Teemupekka; Turtiainen, Esa: Centralized management of virtual security zones in IP networks (2004)
  10. Reid, Jason; Cheong, Ian; Henricksen, Matthew; Smith, Jason: A novel use of RBAC to protect privacy in distributed health care information systems (2003)
  11. Jalili, Rasool; Rezvani, Mohsen: Specification and verification of security policies in firewalls (2002)
  12. Permpoontanalarp, Yongyuth; Rujimethabhas, Chaiwat: A unified methodology for verification and synthesis of firewall configurations (2001)