A policy-based approach to firewall management

This paper describes a policy-based approach to firewall management. The Policy-Based Networking (PBN) architecture proposed by the Policy Framework Group of IETF is analysed, together with the communication protocols, policy specification languages, and the necessary information models. The paper continues with a description of an application of the PBN architecture to firewall management. The proposed architecture is presented and its implementation issues are analysed with some usage examples. The paper concludes with the evaluation of the policy-based approach to firewall management.

[1]  Andrea Westerinen,et al.  Policy Core Information Model - Version 1 Specification , 2001, RFC.

[2]  C. M. Sperberg-McQueen,et al.  Extensible markup language , 1997 .

[3]  Lixia Zhang,et al.  Resource ReSerVation Protocol (RSVP) - Version 1 Functional Specification , 1997, RFC.

[4]  Edmundo Monteiro,et al.  Descrição, Geração e Difusão de Políticas de Segurança , 2000 .

[5]  Geoffrey G. Xie,et al.  Network policy languages: a survey and a new approach , 2001, IEEE Netw..

[6]  Jim Boyle,et al.  Accept-Ranges : bytes Content-Length : 55967 Connection : close Content-Type : text / plain Internet Draft , 2012 .

[7]  Shai Herzog,et al.  Requirements for a Policy Management System , 2000 .

[8]  V. Tosic,et al.  The Common Information Model (CIM) standard - an analysis of features and open issues , 1999, 4th International Conference on Telecommunications in Modern Satellite, Cable and Broadcasting Services. TELSIKS'99 (Cat. No.99EX365).

[9]  Cengiz Alaettinoglu,et al.  Routing Policy Specification Language (RPSL) , 1998, RFC.

[10]  Keith McCloghrie,et al.  COPS Usage for Policy Provisioning (COPS-PR) , 2001, RFC.

[11]  Dinesh C. Verma,et al.  A policy framework for integrated and differentiated services in the Internet , 1999, IEEE Netw..

[12]  Anders Torger,et al.  Implementation and evaluation of the Common Open Policy Service (COPS) protocol and its use for policy provisioning , 2000 .

[13]  P. Hoffman Internet Draft , 1998 .

[14]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[15]  S. J. Shepard Policy-based networks: hype and hope , 2000 .