Firewall Wizards mailing list archives
Re: Firewall Administration Survey
From: jdgorin () computer org
Date: Mon, 03 Dec 2007 13:19:54 +0100
Hi Mike, That kind of survey was done by Avishai Wool between 2000 and 2001 and published in Computer June 2004 [1]. But it was only about CheckPoint FW-1 rules. The results showed that rulesets complexity, default implicit rules and configuration, and specific rules for the firewall adminitration were the most common sources of error. I fear that the situation is not going better today... To connect this message to the rolling other threads: consequences of rule configuration error in a packet filter (stateful or not) can be more dreadful than configuration error in a proxy. ie: to open access to a network vs to open acces to a protocol and a small group of hosts. [1] http://ieeexplore.ieee.org/search/srchabstract.jsp?arnumber=1306389&isnumber=28995&punumber=2&k2dockey=1306389@ieeejrns JDG "Reality is that which, when you stop believing in it, doesn't go away." Philipp K. Dick ________________________________ From: firewall-wizards-bounces () listserv cybertrust com [mailto:firewall-wizards-bounces () listserv cybertrust com] On Behalf Of Mike Chapple Sent: Tuesday, November 27, 2007 7:06 PM To: firewall-wizards () listserv cybertrust com Subject: [fw-wiz] Firewall Administration Survey Dear Colleague, Would you please consider taking a few minutes to participate in a survey of firewall administration practices? We are conducting this survey as part of an academic research project designed to analyze the frequency of firewall configuration errors and identify potential causes for those errors. The results will contribute to a research paper we are submitting for publication in a peer-reviewed academic forum. We will maintain strict anonymity of any data you provide during the survey. The survey is available at: http://www.nd.edu/~mchapple/survey/ The target audience for the survey is anyone involved in the administration of a firewall rulebase in a production environment. If you know of others that may be suitable participants, please forward this invitation along to them. At the conclusion of the research study, we will be happy to share the results with any interested participants. Thank you in advance for your time. Mike Chapple _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall Administration Survey jdgorin (Dec 05)
- <Possible follow-ups>
- Re: Firewall Administration Survey jdgorin (Dec 10)