Network security can be increased by filtering packets at a firewall. Packet filtering examines network packets and decides whether to accept or deny them, and these decisions are made according to policies that are established by the network administrator and implemented by specific filters. An administrator who finds it hard to understand and maintain a policy, will not easily find problems that occur when the filters are changed (added, deleted, or replaced) or when hierarchical firewalls are used and will therefore not be certain that the intended policies are implemented correctly and completely. In this paper, we consider the relations of filters as spatial relations, and propose three analysis methods (Impact Inferring, Equality Judgment, and Composition Analysis) to determine anomalies of firewall policies by using spatial relations between filters.
展开▼