Learn More
Network security administrators cannot always accurately tell which end-to-end accesses are permitted within their network, and which ones are not. The problem is that every access is determined by the configurations of multiple, separately administered, components. As configurations evolve, a small change in one configuration file can have widespread(More)
We hypothesize that it is possible to obtain significant gains in operational efficiency through the application of simple analysis techniques to firewall rule sets. This paper describes our experiences with a firewall analysis tool and metrics that we have designed and used to help manage large production rule sets. Firewall rule sets typically become(More)
We hypothesize that it is possible to obtain significant gains in operational efficiency through the application of simple analysis techniques to firewall rule sets. This paper describes our experiences with a firewall analysis tool and metrics that we have designed and used to help manage large production rule sets. Firewall rule sets typically become(More)
  • 1