Analysis of vulnerabilities in internet firewalls

Computers and Security

Volumn 22, Issue 3, 2003, Pages 214-232

  Kamara, Seny ^a   Fahmy, Sonia ^a   Schultz, Eugene ^a   Kerschbaum, Florian ^a   Frantzen, Michael ^a  

^a PURDUE UNIVERSITY   (United States)

Author keywords

Firewall testing; Firewall vulnerability analysis; Internet firewalls

Indexed keywords

COMPUTER HARDWARE; COMPUTER SOFTWARE; INTERNET; NETWORK PROTOCOLS; SERVERS; TELECOMMUNICATION TRAFFIC; WORLD WIDE WEB;

FIREWALL TESTING; INTERNET FIREWALLS;

COMPUTER SYSTEM FIREWALLS;

EID: 0037903656     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0167-4048(03)00310-9     Document Type: Article

References (32)

1. M. Frantzen, F. Kerschbaum, E. Schultz, and S. Fahmy, 2001. A framework for understanding vulnerabilities in firewalls using a dataflow model of firewall internals. Computers & Security, Vol. 20, No. 3, 2001, pp. 263-270.
2. Ivan Krsul, Software Vulnerability Analysis, Ph.D. thesis, Department of Computer Sciences, Purdue University, 1998, http://www.cerias.purdue.edu/techreports-ssl/public/98-09.pdf.
3. W. Du and A.P. Mathur, 2000. Testing for software vulnerability using environment perturbation. Proceeding of the International Conference on Dependable Systems and Networks (DSN 2000), Workshop On Dependability Versus Malicious Faults, June 2000, http://www.cerias.purdue.edu/homes/duw/research/paper/ftcs30 workshop.ps. pp. 603-612.
4. W. Du and A.P. Mathur, 1998. Categorization of software errors that led to security breaches. Proceedings of the 21st National Information Systems Security Conference (NISSC'98), 1998, http://www.cerias.purdue.edu/homes/duw/research/paper/nissc98.ps.
5. M. Bishop and D. Bailey, 1996. A critical analysis of vulnerability taxonomies. Proceedings of the NIST Invitational Workshop on Vulnerabilities, July 1996, Also appears as Technical Report 96-11, Department of Computer Science, University of California at Davis (Sept. 1996) at http://seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ucd-ecs-96-11.ps.
6. M. Bishop and D. Bailey, "Classifying Vulnerabilities", "A Taxonomy of UNIX and Network Securitys Vulnerabilities" at http://seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ucd-ecs-95-10.ps
7. M. Bishop and D. Bailey, "Vulnerabilities Analysis" by the same author.
8. E. Schultz, 1996. How to perform effective firewall testing. Computer Security Journal, Vol. 12, No. 1, 1996, pp. 47-54.
9. E. Schultz, 1997. When firewalls fail: lessons learned from firewall testing. Network Security, February 1997, pp. 8-11.
10. W.R. Cheswick and S.M. Bellovin, 1994. Firewalls and Internet Security: repelling the wily hacker, Addison-Wesley, Reading, Massachusetts, 1994.
11. W. Cheswick, 1990. The design of a secure Internet gateway. In: USENIX, Anaheim, CA, USA, June 1990, pp. 233-237.
12. K. M. Walker and L. Croswhite Cavanaugh, 1998. Computer Security Policies and SunScreen Firewalls, Prentice Hall, Upper Saddle River, New Jersey, 1998.
13. L. McCarthy, 1998. Intranet Security, Prentice Hall, Upper Saddle River, New Jersey, 1998.
14. R.C. Summers, 1997. Secure Computing: Threats and Safeguards, McGraw-Hill, 1997.
15. E. Spafford and S. Garfinkel, 1996. Practical Unix and Internet Security. O'Reilly & Associates, Inc., second edition, 1996.
16. C.L. Schuba, 1997. On the Modeling, Design and Implementation of Firewall Technology, Ph.D. thesis, Department of Computer Sciences, Purdue University, December 1997, https://www.cerias.purdue.edu/techreports-ssl/public/97-07.pdf.
17. S. Ioannidis, A. Keromytis, S. Bellovin, and J. Smith, 2000. Implementing a distributed firewall. Proceedings of the ACM CCS, November 2000, Also see http://www.research.att.com/smb/papers/distfw.html and www.DistributedFirewalls.com.
18. R.E. Haeni, 1997. Firewall penetrationi testing, http://www.seas.gwu.edu/reto/papers/friewall.pdf, 1997.
19. G. Vigna, A formal model for firewall testing, http://www2.elet.polimi.it/pub/data/Giovanni. Vigna/wwwdocs/pub/fwtest.ps.gz.
20. M.R. Lyu and L.K.Y. Lau, 2000. Firwall security: policies, testing and performance evaluation. Proceedings of the COMSAC. IEEE Computer Society, 2000, pp. 116-21.
21. D. Newman, 1999. Benchmarking terminology for firewall performance, Request for Comments 2647, ftp://ftp.isi.edu/in-notes/rfc2647.txt, August 1999.
22. N. Freed, 2000. Behavior of and requirements for internet firewalls, Request for Comments 2979, http://search.ietf.org/rfc/rfc2979.txt, October 2000.
23. T. Aslam, 1995. A taxonomy of security faults in the UNIX operating system, M.S. thesis, Purdue University, 1995, purdue.edu/pub/COAST/papers/taimur-aslam/aslam-taxonomy-msthesis.ps.Z.
24. T. Aslam, Use of a Taxonomy of Security Faults by Taimur Aslam, Ivan Krsul and Gene Spafford.
25. "Vulnerability databases from the Common Vulnerabilities and Exposures (CVE) and Candidates (CAN)," http://cve.mitre.org/cve/, 2003.
26. "X-Force," http://xforce.iss.net/, 2003.
27. "Bugtraq." http://www.securityfocus.com/bugtraq/archive, 2003.
28. "Computer Emergency Response Team (CERT) advisories," http://www.cert.org/advisories/, 2003.
29. "System Administration, Networking, and Security (SANS)," http://www.sans.org/, 2003.
30. "Firewalls digest," http://lists.gnac.net/firewalls/, 2003.
31. "Check Point Products," http://www.checkpoint.com, 2003.
32. "Symantec products," http://www.symantec.com, 2003.