| As the growing concern on network security, network managers have paid more and more attention to the security of firewall which is the most basic network security device. To ensure the compliance with security policy and the correctness, firewall rules must be checked to find out the abnormal existed in rules that will influence the security policy.This paper analyzes the technology of firewall security policy management, focusing on Firewalking and the Firewalk tool. Then, how to detect firewall rule compliance is studied. We summarize the modeling methods of firewall rules, the classification of rules abnormity and the algorithms to detect the abnormity. Based on the policy-tree algorithm, we propose the multi-policy-tree detecting algorithm with protocol classification, which can improve the performace efficiently. Finally, we design a firewall security policy management system. Except normal management functions provided by security management system, we add firewall policy consistency checking and rule compliance validation functions. Finally, key modules of the system are implemented and tested. |
PDF Full Text Request