Ontology-based tools for automating integration and validation of firewall rules

Abstract

Firewalls are recognized as efficient instruments in deploying security in computer networks. But, they may become useless in cases when network administrators do not possess enough skills and expertise to properly configure them. Nowadays, firewall rules are integrated in the broader scope of enterprise security management. Thus, deriving correct and consistent rules for firewalls is mandatory and they need to be assimilated in the global security policy of the enterprise. In this paper we present tools for managing firewalls using ontologies and semantic-rich languages. With our approach, network managers can develop new firewall rules, automatically verify and validate their correctness and consistency and integrate them with previous existing rules. © 2009 Springer Berlin Heidelberg.