CRIS Current Research Information System
IRIS è la soluzione IT che facilita la raccolta e la gestione dei dati relativi alle attività e ai prodotti della ricerca. Fornisce a ricercatori, amministratori e valutatori gli strumenti per monitorare i risultati della ricerca, aumentarne la visibilità e allocare in modo efficace le risorse disponibili.
EnglishPacket filtering represents an important, yet only the first, step towards system and network security. The deployment of a packet filter, however, is often complicated by the commonly available configuration languages, which are designed to give fine-grained control rather than expressiveness. The resulting rule sets are verbose and their correctness hard to verify. Portability is also an issue: a successful effort in configuring a particular packet filter can be frustrated by the need of changing or simply upgrading the underlying system. This paper illustrates a configuration tool aimed at the broadest audience, that is, both expert and non-expert users, designed to overcome the aforementioned problems. The core feature of the proposed architecture is a platform-independent rule definition language (Firewall Architecture Independent Rules, or FAIR). FAIR rules are easily verifiable and modifiable by an expert operator, who can benefit of their high-level syntax for manually programming filtering behaviors without having to deal with specific OS-dependent tools. Two software modules complete the system: a wizard-like interface to make the production of FAIR rule-sets easier, and a translator to convert FAIR sets into actual firewall programming commands. Experimental results supporting the validity of the outlined approach are given with reference to the Linux operating system.
| Titolo: | A MULTI-PLATFORM TOOLKIT FOR THE CONFIGURATION OF PACKET-FILTERING FIREWALLS | |
| Autore/i: | PRANDINI, MARCO | |
| Autore/i Unibo: | ||
| Anno: | 2005 | |
| Titolo del libro: | Proceedings of The IASTED International Conference on Communication, Network and Information Security (CNIS 2005) | |
| Pagina iniziale: | 141 | |
| Pagina finale: | 148 | |
| Abstract: | Packet filtering represents an important, yet only the first, step towards system and network security. The deployment of a packet filter, however, is often complicated by the commonly available configuration languages, which are designed to give fine-grained control rather than expressiveness. The resulting rule sets are verbose and their correctness hard to verify. Portability is also an issue: a successful effort in configuring a particular packet filter can be frustrated by the need of changing or simply upgrading the underlying system. This paper illustrates a configuration tool aimed at the broadest audience, that is, both expert and non-expert users, designed to overcome the aforementioned problems. The core feature of the proposed architecture is a platform-independent rule definition language (Firewall Architecture Independent Rules, or FAIR). FAIR rules are easily verifiable and modifiable by an expert operator, who can benefit of their high-level syntax for manually programming filtering behaviors without having to deal with specific OS-dependent tools. Two software modules complete the system: a wizard-like interface to make the production of FAIR rule-sets easier, and a translator to convert FAIR sets into actual firewall programming commands. Experimental results supporting the validity of the outlined approach are given with reference to the Linux operating system. | |
| Data prodotto definitivo in UGOV: | 7-feb-2006 | |
| Appare nelle tipologie: | 4.01 Contributo in Atti di convegno |
File in questo prodotto:
Copyright © 2021