S-VPN gateways are today core elements in network security infrastructure. As networks and services become more complex, managing IPSec access rules becomes an error-prone task. Conflicts in a policy can cause holes in security, and often they can be hard to find when performing only visual or manual inspection. We have defined firstly a methodology to systematically classify the severity of rule conflicts and secondly we have proposed two different solutions to automatically resolve conflicts in an access list, implementing and testing one of them.
S-VPN policy: Access list conflict automatic analysis and resolution / Simone, Ferraresi; Stefano, Pesic; Livia, Trazza; Baiocchi, Andrea. - (2006), pp. 266-274. (Intervento presentato al convegno 8th Annual Information Security Solutions Europe Conference, ISSE 2006 tenutosi a Rome; Italy nel 10 October 2006 through 12 October 2006) [10.1007/978-3-8348-9195-2_29].
S-VPN policy: Access list conflict automatic analysis and resolution
BAIOCCHI, Andrea
2006
Abstract
S-VPN gateways are today core elements in network security infrastructure. As networks and services become more complex, managing IPSec access rules becomes an error-prone task. Conflicts in a policy can cause holes in security, and often they can be hard to find when performing only visual or manual inspection. We have defined firstly a methodology to systematically classify the severity of rule conflicts and secondly we have proposed two different solutions to automatically resolve conflicts in an access list, implementing and testing one of them.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
