Tel-Aviv University - Computer Science Colloquium
Sunday, January 30, 14:15-15:15
at 14:00
Schreiber Building, Room 309
Tools for Firewall Management
Avishai Wool
Bell Laboratories, Lucent Technologies Inc.
Abstract:
In recent years packet-filtering firewalls have seen some impressive
technological advances (e.g., stateful inspection, transparency,
performance, etc.) and wide-spread deployment. In contrast,
firewall
and security management technology is lacking. In this talk I will
present Firmato, a firewall management toolkit, with the following
distinguishing properties and components: (1) an entity-relationship
model containing, in a unified form, global knowledge of the security
policy and of the network topology; (2) a model definition language,
which we use as an interface to define an instance of the
entity-relationship model; (3) a model compiler, translating the
global knowledge of the model into firewall-specific configuration
files; and (4) a graphical firewall rule illustrator. Firmato has
been implemented to work with several commercially available
firewall products. We believe that our approach is an important
step
towards streamlining the process of configuring and managing
firewalls, especially in complex, multi-firewall installations.
Joint work with Yair Bartal, Alain Mayer, Kobbi Nissim, and Elisha
Ziskind.
For colloquium schedule, see
http://www.math.tau.ac.il/~zwick/colloq.html