The Experts below are selected from a list of 60 Experts worldwide ranked by ideXlab platform
E. Ziskind - One of the best experts on this subject based on the ideXlab platform.
-
Fang: a firewall analysis engine
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, 2000Co-Authors: A. Mayer, A. Wool, E. ZiskindAbstract:Today, even a moderately sized Corporate intranet contains multiple firewalls and routers, which are all used to enforce various aspects of the global Corporate Security Policy. Configuring these devices to work in unison is difficult, especially if they are made by different vendors. Even testing or reverse engineering an existing configuration (say when a new Security administrator takes over) is hard. Firewall configuration files are written in low level formalisms, whose readability is comparable to assembly code, and the global Policy is spread over all the firewalls that are involved. To alleviate some of these difficulties, we designed and implemented a novel firewall analysis tool. Our software allows the administrator to easily discover and test the global firewall Policy (either a deployed Policy or a planned one). Our tool uses a minimal description of the network topology and directly parses the various vendor-specific low level configuration files. It interacts with the user through a query-and-answer session, which is conducted at a much higher level of abstruction. A typical question our tool can answer is "from which machines can our DMZ be reached and with which services?" Thus, the tool complements existing vulnerability analysis tools, as it can be used before a Policy is actually deployed it operates on a more understandable level of abstraction, and it deals with all the firewalls at once.
-
IEEE Symposium on Security and Privacy - Fang: a firewall analysis engine
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, 2000Co-Authors: A. Mayer, A. Wool, E. ZiskindAbstract:Today, even a moderately sized Corporate intranet contains multiple firewalls and routers, which are all used to enforce various aspects of the global Corporate Security Policy. Configuring these devices to work in unison is difficult, especially if they are made by different vendors. Even testing or reverse engineering an existing configuration (say when a new Security administrator takes over) is hard. Firewall configuration files are written in low level formalisms, whose readability is comparable to assembly code, and the global Policy is spread over all the firewalls that are involved. To alleviate some of these difficulties, we designed and implemented a novel firewall analysis tool. Our software allows the administrator to easily discover and test the global firewall Policy (either a deployed Policy or a planned one). Our tool uses a minimal description of the network topology and directly parses the various vendor-specific low level configuration files. It interacts with the user through a query-and-answer session, which is conducted at a much higher level of abstruction. A typical question our tool can answer is "from which machines can our DMZ be reached and with which services?" Thus, the tool complements existing vulnerability analysis tools, as it can be used before a Policy is actually deployed it operates on a more understandable level of abstraction, and it deals with all the firewalls at once.
A. Mayer - One of the best experts on this subject based on the ideXlab platform.
-
Fang: a firewall analysis engine
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, 2000Co-Authors: A. Mayer, A. Wool, E. ZiskindAbstract:Today, even a moderately sized Corporate intranet contains multiple firewalls and routers, which are all used to enforce various aspects of the global Corporate Security Policy. Configuring these devices to work in unison is difficult, especially if they are made by different vendors. Even testing or reverse engineering an existing configuration (say when a new Security administrator takes over) is hard. Firewall configuration files are written in low level formalisms, whose readability is comparable to assembly code, and the global Policy is spread over all the firewalls that are involved. To alleviate some of these difficulties, we designed and implemented a novel firewall analysis tool. Our software allows the administrator to easily discover and test the global firewall Policy (either a deployed Policy or a planned one). Our tool uses a minimal description of the network topology and directly parses the various vendor-specific low level configuration files. It interacts with the user through a query-and-answer session, which is conducted at a much higher level of abstruction. A typical question our tool can answer is "from which machines can our DMZ be reached and with which services?" Thus, the tool complements existing vulnerability analysis tools, as it can be used before a Policy is actually deployed it operates on a more understandable level of abstraction, and it deals with all the firewalls at once.
-
IEEE Symposium on Security and Privacy - Fang: a firewall analysis engine
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, 2000Co-Authors: A. Mayer, A. Wool, E. ZiskindAbstract:Today, even a moderately sized Corporate intranet contains multiple firewalls and routers, which are all used to enforce various aspects of the global Corporate Security Policy. Configuring these devices to work in unison is difficult, especially if they are made by different vendors. Even testing or reverse engineering an existing configuration (say when a new Security administrator takes over) is hard. Firewall configuration files are written in low level formalisms, whose readability is comparable to assembly code, and the global Policy is spread over all the firewalls that are involved. To alleviate some of these difficulties, we designed and implemented a novel firewall analysis tool. Our software allows the administrator to easily discover and test the global firewall Policy (either a deployed Policy or a planned one). Our tool uses a minimal description of the network topology and directly parses the various vendor-specific low level configuration files. It interacts with the user through a query-and-answer session, which is conducted at a much higher level of abstruction. A typical question our tool can answer is "from which machines can our DMZ be reached and with which services?" Thus, the tool complements existing vulnerability analysis tools, as it can be used before a Policy is actually deployed it operates on a more understandable level of abstraction, and it deals with all the firewalls at once.
Jerry Hart - One of the best experts on this subject based on the ideXlab platform.
-
Private Security: Enforcing Corporate Security Policy Using Private Investigators
European Journal on Criminal Policy and Research, 1999Co-Authors: Martin Gill, Jerry HartAbstract:This article focuses on the use of private investigators as external agents, commissioned to enforce internal Corporate Security Policy. After describing the sorts of services private investigators provide to industry and commerce and the legal contexts within which they operate, it considers private investigators as a form of secret police within private justice systems defined by companies. It considers the relationship between notions of public good and commercial expediency and raises important questions about the problem of controlling activities which are purposefully kept from legal scrutiny.
-
enforcing Corporate Security Policy using private investigators
1999Co-Authors: Martin Gill, Jerry HartAbstract:This article focuses on the use of private investigators as external agents, commissioned to enforce internal Corporate Security Policy. After describing the sorts of services private investigators provide to industry and commerce and the legal contexts within which they operate, it considers private investigators as a form of secret police within private justice systems defined by companies. It considers the relationship between notions of public good and commercial expediency and raises important questions about the problem of controlling activities which are purposefully kept from legal scrutiny.
A. Wool - One of the best experts on this subject based on the ideXlab platform.
-
Fang: a firewall analysis engine
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, 2000Co-Authors: A. Mayer, A. Wool, E. ZiskindAbstract:Today, even a moderately sized Corporate intranet contains multiple firewalls and routers, which are all used to enforce various aspects of the global Corporate Security Policy. Configuring these devices to work in unison is difficult, especially if they are made by different vendors. Even testing or reverse engineering an existing configuration (say when a new Security administrator takes over) is hard. Firewall configuration files are written in low level formalisms, whose readability is comparable to assembly code, and the global Policy is spread over all the firewalls that are involved. To alleviate some of these difficulties, we designed and implemented a novel firewall analysis tool. Our software allows the administrator to easily discover and test the global firewall Policy (either a deployed Policy or a planned one). Our tool uses a minimal description of the network topology and directly parses the various vendor-specific low level configuration files. It interacts with the user through a query-and-answer session, which is conducted at a much higher level of abstruction. A typical question our tool can answer is "from which machines can our DMZ be reached and with which services?" Thus, the tool complements existing vulnerability analysis tools, as it can be used before a Policy is actually deployed it operates on a more understandable level of abstraction, and it deals with all the firewalls at once.
-
IEEE Symposium on Security and Privacy - Fang: a firewall analysis engine
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, 2000Co-Authors: A. Mayer, A. Wool, E. ZiskindAbstract:Today, even a moderately sized Corporate intranet contains multiple firewalls and routers, which are all used to enforce various aspects of the global Corporate Security Policy. Configuring these devices to work in unison is difficult, especially if they are made by different vendors. Even testing or reverse engineering an existing configuration (say when a new Security administrator takes over) is hard. Firewall configuration files are written in low level formalisms, whose readability is comparable to assembly code, and the global Policy is spread over all the firewalls that are involved. To alleviate some of these difficulties, we designed and implemented a novel firewall analysis tool. Our software allows the administrator to easily discover and test the global firewall Policy (either a deployed Policy or a planned one). Our tool uses a minimal description of the network topology and directly parses the various vendor-specific low level configuration files. It interacts with the user through a query-and-answer session, which is conducted at a much higher level of abstruction. A typical question our tool can answer is "from which machines can our DMZ be reached and with which services?" Thus, the tool complements existing vulnerability analysis tools, as it can be used before a Policy is actually deployed it operates on a more understandable level of abstraction, and it deals with all the firewalls at once.
Martin Gill - One of the best experts on this subject based on the ideXlab platform.
-
Private Security: Enforcing Corporate Security Policy Using Private Investigators
European Journal on Criminal Policy and Research, 1999Co-Authors: Martin Gill, Jerry HartAbstract:This article focuses on the use of private investigators as external agents, commissioned to enforce internal Corporate Security Policy. After describing the sorts of services private investigators provide to industry and commerce and the legal contexts within which they operate, it considers private investigators as a form of secret police within private justice systems defined by companies. It considers the relationship between notions of public good and commercial expediency and raises important questions about the problem of controlling activities which are purposefully kept from legal scrutiny.
-
enforcing Corporate Security Policy using private investigators
1999Co-Authors: Martin Gill, Jerry HartAbstract:This article focuses on the use of private investigators as external agents, commissioned to enforce internal Corporate Security Policy. After describing the sorts of services private investigators provide to industry and commerce and the legal contexts within which they operate, it considers private investigators as a form of secret police within private justice systems defined by companies. It considers the relationship between notions of public good and commercial expediency and raises important questions about the problem of controlling activities which are purposefully kept from legal scrutiny.