Publikation: Visual analysis of complex firewall configurations
Dateien
Datum
Autor:innen
Herausgeber:innen
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
URI (zitierfähiger Link)
DOI (zitierfähiger Link)
Internationale Patentnummer
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Core Facility der Universität Konstanz
Titel in einer weiteren Sprache
Publikationstyp
Publikationsstatus
Erschienen in
Zusammenfassung
Firewalls have become essential components in the security concept of almost any modern computer network. Due to their relevance and central location in the network, their programming logic often survives several generations of administrators and hardware. Understanding the logic behind a firewall configuration is thus an important but challenging task for a network administrator. In general, there is a tendency to add new rules while old rules are only rarely changed or removed due to unexpected consequences in the network. In this paper we present a visualization tool to support the network administrator in this complex task of understanding firewall rule sets and object group definitions. The tool consists of a hierarchical sunburst visualization, which logically groups rules or object groups according to their common characteristics, a color-linked configuration editor and classical tree view components for rules and object groups. All these components are interactively linked to enable both exploratory and hypotheses testing tasks aimed at understanding the complex functionality of a firewall configuration. To verify our design, we present two case studies on the analysis of rule usage and on nested object groups and collected feedback from five firewall administrators.
Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
Schlagwörter
Konferenz
Rezension
Zitieren
ISO 690
MANSMANN, Florian, Timo GÖBEL, William CHESWICK, 2012. Visual analysis of complex firewall configurations. the Ninth International Symposium. Seattle, Washington, 15. Okt. 2012 - 15. Okt. 2012. In: Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12. New York, New York, USA: ACM Press, 2012, pp. 1-8. ISBN 978-1-4503-1413-8. Available under: doi: 10.1145/2379690.2379691BibTex
@inproceedings{Mansmann2012Visua-22284,
year={2012},
doi={10.1145/2379690.2379691},
title={Visual analysis of complex firewall configurations},
isbn={978-1-4503-1413-8},
publisher={ACM Press},
address={New York, New York, USA},
booktitle={Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12},
pages={1--8},
author={Mansmann, Florian and Göbel, Timo and Cheswick, William}
}RDF
<rdf:RDF
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:bibo="http://purl.org/ontology/bibo/"
xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
xmlns:foaf="http://xmlns.com/foaf/0.1/"
xmlns:void="http://rdfs.org/ns/void#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema#" >
<rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/22284">
<dc:language>eng</dc:language>
<dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
<dc:contributor>Mansmann, Florian</dc:contributor>
<dc:contributor>Göbel, Timo</dc:contributor>
<dc:creator>Mansmann, Florian</dc:creator>
<foaf:homepage rdf:resource="http://localhost:8080/"/>
<dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2013-03-01T14:11:40Z</dcterms:available>
<dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dc:rights>terms-of-use</dc:rights>
<bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/22284"/>
<dcterms:bibliographicCitation>Proceedings of the Ninth International Symposium on Visualization for Cyber Security. - New York, NY : ACM, 2012. - S. 1-8. - ISBN 978-1-4503-1413-8</dcterms:bibliographicCitation>
<dc:creator>Cheswick, William</dc:creator>
<dcterms:abstract xml:lang="eng">Firewalls have become essential components in the security concept of almost any modern computer network. Due to their relevance and central location in the network, their programming logic often survives several generations of administrators and hardware. Understanding the logic behind a firewall configuration is thus an important but challenging task for a network administrator. In general, there is a tendency to add new rules while old rules are only rarely changed or removed due to unexpected consequences in the network. In this paper we present a visualization tool to support the network administrator in this complex task of understanding firewall rule sets and object group definitions. The tool consists of a hierarchical sunburst visualization, which logically groups rules or object groups according to their common characteristics, a color-linked configuration editor and classical tree view components for rules and object groups. All these components are interactively linked to enable both exploratory and hypotheses testing tasks aimed at understanding the complex functionality of a firewall configuration. To verify our design, we present two case studies on the analysis of rule usage and on nested object groups and collected feedback from five firewall administrators.</dcterms:abstract>
<dc:contributor>Cheswick, William</dc:contributor>
<void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
<dc:creator>Göbel, Timo</dc:creator>
<dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2013-03-01T14:11:40Z</dc:date>
<dcterms:title>Visual analysis of complex firewall configurations</dcterms:title>
<dcterms:issued>2012</dcterms:issued>
</rdf:Description>
</rdf:RDF>
