By Topic

FACE: a firewall analysis and configuration engine

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Pavan Verma ; Dept. of Electr. Eng. & Comput. Sci., Michigan Univ., Ann Arbor, MI, USA ; Atul Prakash

Firewalls play a critical role in protecting networks and enforcing security policies. Traditionally, firewalls have been deployed at an organization's periphery to protect it from Internet traffic. Today, however, this model no longer holds true as organizations try to safeguard themselves against other types of threats. This has led to the advent of the distributed firewall where potentially every router or end-host can run a firewall. As it is, firewalls are extremely hard to analyze and configure correctly due to complexities of network topology, routing, and administrative issues. Distributed firewalls make the situation even worse since there are multiple firewalls. This paper describes FACE - a tool that helps in analysis and configuration of distributed firewalls. Using FACE, administrators can automatically generate and analyze configurations for all firewalls in the network by specifying the filtering policy and a threat model in which a distributed firewall must provide defense against spoofed traffic from specified nodes in a network.

Published in:

The 2005 Symposium on Applications and the Internet

Date of Conference:

31 Jan.-4 Feb. 2005