PLoP2004_ndelessygassant0_0.doc

The security administrator intends to add a new

Info icon This preview shows pages 9–11. Sign up to view the full content.

View Full Document Right Arrow Icon
: The security administrator intends to add a new policy to the set of policies. Before adding it, the firewall checks whether the new policy to be added does not already exist in the rule set. Figure 4 illustrates this use case. Actors : Administrator. Precondition : The administrator must have authorization to add rules. Description : a. The administrator initiates the addition of a new rule. b. If the rule does not already exist in the rule set then it is added. c. The firewall acknowledges the addition of the new rule. Alternate Flow : The rule is not added because it already exists in the rule set. Postcondition : A new rule is added to the rule set of the firewall. Figure 4: S e q u e n c e Diagram for defining a new Policy Consequences This pattern presents the following advantages: The institution policies to control access are easily defined and administered, as the policies have centralized administration. This makes the whole system less complex, and thus more secure. This firewall could be combined with an Intrusion Detection System to facilitate the prevention of some attacks. addPolicy(policy) addPolicy(policy) : PolicyBase : ApplicationFi rewall : Administrator checkDuplicate(policy) checkDuplicate(policy) CheckDuplicate == False CheckDuplicate == False addPolicy(policy) addPolicy(policy) PolicyAdded(policy) PolicyAdded(policy) PolicyAdded(policy) PolicyAdded(policy) 9
Image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
The firewall lends itself to a systematic logging of incoming and outgoing messages. As authentication of Clients is performed, users can be held responsible for their actions. New applications are easily integrated into the system by adding their specific policies. New clients can be accommodated by adding new policies to the policy base of an application. Because of their separation, the application and the filtering policies can evolve independently The pattern also has some (possible) liabilities: The application could affect the performance of the protected system as it is a bottleneck in the network. This can be improved by considering the firewall a virtual concept and using several machines for implementation. The solution is intrusive for existing applications that already implement their own access control. The application itself must be built in a secure way or normal access to commands could allow attacks through the requests. We still need the operating system and the network infrastructure to be secure. Implementation To implement the Application Firewall, the following tasks need to be done: 1. Define users and their roles. 2. Define role rights and implement them as policies (Use Case 2). 3. Add/Remove policies when needed. Moreover, two architectural configurations are possible and shown below.
Image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern