Visible to the public IPsec/Firewall Security Policy Analysis: A Survey

TitleIPsec/Firewall Security Policy Analysis: A Survey
Publication TypeConference Paper
Year of Publication2018
AuthorsKhelf, Roumaissa, Ghoualmi-Zine, Nacira
Conference Name2018 International Conference on Signal, Image, Vision and their Applications (SIVA)
Keywordsauthorisation, Communication networks, computer network security, computer networks, Conflicts analysis, Correlation, Filtering, firewall, Firewall Security policy analysis, Firewalls (computing), formal verification, internetworking, IP networks, IPsec, IPsec gateways, IPsec security policy analysis, Logic gates, network safety, Network security, network security protection, policy analysis, policy-based governance, pubcrawl, Security Policies Analysis, security policy, Security policy anomalies, security policy management, security policy misconfigurations, security policy verification, Traffic Control, Virtual private networks
AbstractAs the technology reliance increases, computer networks are getting bigger and larger and so are threats and attacks. Therefore Network security becomes a major concern during this last decade. Network Security requires a combination of hardware devices and software applications. Namely, Firewalls and IPsec gateways are two technologies that provide network security protection and repose on security policies which are maintained to ensure traffic control and network safety. Nevertheless, security policy misconfigurations and inconsistency between the policy's rules produce errors and conflicts, which are often very hard to detect and consequently cause security holes and compromise the entire system functionality. In This paper, we review the related approaches which have been proposed for security policy management along with surveying the literature for conflicts detection and resolution techniques. This work highlights the advantages and limitations of the proposed solutions for security policy verification in IPsec and Firewalls and gives an overall comparison and classification of the existing approaches.
DOI10.1109/SIVA.2018.8660973
Citation Keykhelf_ipsec/firewall_2018