Reconciling multiple IPsec and firewall policies

Manually configuring large firewall policies can be a hard

and error-prone task. It is even harder in the case of IPsec

policies that can specify IP packets not only to be accepted

or discarded, but also to be cryptographically protected in

various ways. However, in many cases the configuration

task can be simplified by writing a set of smaller, independent

policies that are then reconciled consistently. Similarly,

there is often the need to reconcile policies from

multiple sources into a single one. In this paper, we discuss

the issues that arise in combining multiple IPsec and

firewall policies and present algorithms for policy reconciliation.

aura-becker-roe-zielinski-spw07-DRAFT.pdf
PDF file

In  Security Protocols Workshop

Details

TypeInproceedings
> Publications > Reconciling multiple IPsec and firewall policies