Computer Science – Cryptography and Security
Scientific paper
2009-11-06
Computer Science
Cryptography and Security
Scientific paper
The first quantitative evaluation of the quality of corporate firewall configurations appeared in 2004, based on Check Point FireWall-1 rule-sets. In general that survey indicated that corporate firewalls were often enforcing poorly written rule-sets, containing many mistakes. The goal of this work is to revisit the first survey. The current study is much larger. Moreover, for the first time, the study includes configurations from two major vendors. The study also introduce a novel "Firewall Complexity" (FC) measure, that applies to both types of firewalls. The findings of the current study indeed validate the 2004 study's main observations: firewalls are (still) poorly configured, and a rule-set's complexity is (still) positively correlated with the number of detected risk items. Thus we can conclude that, for well-configured firewalls, ``small is (still) beautiful''. However, unlike the 2004 study, we see no significant indication that later software versions have fewer errors (for both vendors).
No associations
LandOfFree
Firewall Configuration Errors Revisited does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Firewall Configuration Errors Revisited, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Firewall Configuration Errors Revisited will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-391211