Presentation is loading. Please wait.

Presentation is loading. Please wait.

Applying Visualization to the Management of Firewall Rulesets Shaun P. Morrissey 7 October 2009 Thesis Committee: Prof. Grinstein, Advisor Prof. Levkowitz.

Published byGeoffrey Ray Modified over 9 years ago

Similar presentations

Presentation on theme: "Applying Visualization to the Management of Firewall Rulesets Shaun P. Morrissey 7 October 2009 Thesis Committee: Prof. Grinstein, Advisor Prof. Levkowitz."— Presentation transcript:

1 Applying Visualization to the Management of Firewall Rulesets Shaun P. Morrissey 7 October 2009 Thesis Committee: Prof. Grinstein, Advisor Prof. Levkowitz Prof. Daniels

2 2 Outline n Context –Proxies and firewalls? –What is a firewall rule? n Background n Method –Calculation of the acceptance volume –Visual Approaches n Data – Issues & Solutions n Visual Results n Discussion & Directions –What works –What needs to be done

3 3 Do we care about firewall rulesets? n (Google, 16 June 2005, ~1745 EDT) n Results 1 - 10 of about 55,600 for "firewall setup". (0.39 seconds) n Results 1 - 10 of about 62,100 for "firewall management". (0.04 seconds) n Results 1 - 10 of about 18,100 for "firewall administration". (0.15 seconds) n n (Google, 26 April 2006, ~0935 EDT) n Results 1 - 20 of about 185,000 for "firewall setup". (0.25 seconds) n Results 1 - 20 of about 207,000 for "firewall management". (0.25 seconds) n Results 1 - 20 of about 81,600 for "firewall administration". (0.28 seconds) n n (Google, 12 July 2009, ~1457 EDT n Results 1 - 10 of about 1,710,000 for “firewall setup.” (0.37 seconds) n Results 1 - 10 of about 17,800,000 for “firewall management.” (0.22 seconds) n Results 1 - 10 of about 8,230,000 for “firewall administration.” (0.13 seconds).

4 4 Do they need help? n Network Managers need methods to quickly and efficiently analyze policy environment and impact of proposed changes on operational environment. –Industry analysts Gartner & IDC – 80% of unplanned outages are a result of changes in IT policies or configurations n Policy artifacts, the rulesets, are large, complex, difficult to comprehend –Errors in interpretation, modification, and development –Demand for capable personnel exceed supply –Diagnostic capabilities desperately needed

5 5 What is a firewall? n Implementation tool to achieve security policy goal n Border or Perimeter Device –Generally two or more interfaces –Not limited to a single device n Packet-based decision –Packet decision - pass/deny/drop –Local action - alarm/log/record n Decision basis - Proxy vs firewall distinction –Content awareness - proxy –Packet header plus state –Packet header values (research bound)

6 6 Basic Firewall Concept Exterior Network (Internet connection) Interior Network Hosts* Firewall

7 7 Basic Firewall Concept Implementation Exterior Network (Internet connection) Interior Network Hosts* Router X X Bastion Host

8 8 Screened Subnet (DMZ) Exterior Network (Internet connection) Interior Network Hosts* Perimeter Network Router Bastion Host(s) (exterior /access) (interior /choke)

9 9 Control of HTTP queries Exterior Network (Internet connection) Interior Network Hosts* Perimeter Network Router Bastion Host(s) (exterior /access) (interior /choke) http query http queries X X X

10 10 Outline n Context –Proxies and firewalls? –What is a firewall rule? n Background n Method –Calculation of the acceptance volume –Visual Approaches n Data – Issues & Solutions n Visual Results n Discussion & Directions –What works –What needs to be done

11 11 Firewall Rules: Intended Semantics n Source –Host –Group of hosts –Collection of hosts or groups n Destination –Host –Group of hosts –Collection of hosts or groups n Service –HTTP, SSL, SMTP, etc n Action –Accept/Deny

12 12 Packet Header Decision Fields

13 13 Service n Often listed with the same name as a protocol, –HTTP for web –SSL for secure connections –SSH for secure user connection n Technically defined by protocol and port combinations –HTTP - TCP with destination port 80

14 14 What is a firewall rule? n Firewall rules generally abstracted to a 5-tuple filter and an action –The components n Source address (IPv4, IPv6) n Source port (0 - 65535) n Destination address n Destination port n Protocol n Action: Binary, Accept or Deny –Addresses are often combinations of ranges and individuals –Ports are often ranges –Protocol often maps to a single number –Other fields do appear, not considering them at this time. n Packet tests are order-dependent (sequential)

15 15 Example: Al-Shaer & Hamed, 2003 Rule # ProtocolSource Address Source Port Destination Address Destination Port Action 1tcp140.192.37.20any*.*.*.*80deny 2tcp140.192.37.*any*.*.*.*80accept 3tcp*.*.*.*any140.192.37.4080accept 4tcp140.192.37.30any*.*.*.*21deny 5tcp140.192.37.*any*.*.*.*21accept 6tcp*.*.*.*any140.192.37.4021accept 7tcp*.*.*.*any*.*.*.*anydeny 8udp140.192.37.*any*.*.*.*53accept 9udp*.*.*.*any140.192.37.*53accept 10udp*.*.*.*any*.*.*.*anydeny

16 Acceptance Space and Volume n Acceptance Space –Set of all possible packet values is a non-negative integer lattice in five dimensions –Lattice is large (2^32 for two of the dimensions) but finite n References to tractability herein are responsiveness concerns, not issues of computability n Acceptance Volume –Subset of acceptance space allowed by the ruleset –Product of correct combination of the predicates of the rules –Not equivalent to list of accept rule predicates due to sequential processing and predicate overlap 16

17 17 Outline n Context –Proxies and firewalls? –What is a firewall rule? n Background n Method –Calculation of the acceptance volume –Visual Approaches n Data – Issues & Solutions n Visual Results n Discussion & Directions –What works –What needs to be done

18 18 So what are the problems? n Size complexity –Rulesets grow over time n Interaction Complexity –Field definition overlap –Deliberate use of order-dependence to achieve compactness n A Rule is not the Result! –List of rules –Total effect of file n Organizational issues lead to comprehension concerns –Administrators change –Policy Changes –Documentation lost

19 19 Pages 1 and 2, of 114.

20 20 Challenges n Dataset –Two distinct technical issues n Size complexity n Interaction complexity –Confidentiality issue at every front n Examples provided, permission to use denied n Training community structurally unresponsive n Internal ruleset storage/representation –Direct rule visualization n Interval (non-atomic) data field entries n Closure property violation under logical operations n Decomposition proofs provide some answers –Acceptance set visualization n 5-dimensional space: 5-cubes n Embedded subsets not convex n Extension of solid modeling with logical operations effective n Visualization of moderate dimensional data (<10D)

21 21 Research Objective n Create interactive visual representations of firewall rulesets that: –Enhance the speed & correctness of comprehension of ruleset impact or function –Enhance detection of configuration errors –Support modification without the introduction of unacceptable side effects. n Required –Calculate the acceptance volume –Display it –Enable editing in response

22 22 Related work? n First, NOTHING directly on point n Point visualizations of 5-tuples –Intrusion Detection –Network traffic –Static and time-dependent, partial and complete –But no range visualizations, not applicable n Data structures for firewall decision-making –Time & space efficient structures –Representations not unique –But none visualized

23 23 What’s out there? And the research literature on firewall visualization was simply “None” until 2007.

24 PolicyVis – Tran et al., 2007 24

25 25 Outline n Context –Proxies and firewalls? –What is a firewall rule? n Background n Method –Calculation of the acceptance volume –Visual Approaches n Data – Issues & Solutions n Visual Results n Discussion & Directions –What works –What needs to be done

26 Calculate the Acceptance Volume n Basic Guttman Algorithm n Implementation Choice: Constructive Solid Geometry –Integer lattice –5 dimensions – Penteracts –Axis-aligned – intervals only n Modifications –Convex solid decomposition –Add provenance –Add created voids 26

27 Guttman Algorithm n Convert order dependent ruleset to static set n Original formulation was recursive –Replaced by iteration from end n Requires two boolean operations –Union for accept predicates –Set Difference or subtraction for deny-rule predicates 27 Clear List Index = last Deny or Accept? UnionSubtract Index-1 Done Deny Accept

28 Restricted Constructive Solid Geometry n Treat intervals in five dimensions as a solid –Axis-aligned, intervals only –No rotations –Penteracts specified by 10 values, upper and lower limits n Existing Constructive Solid Geometry packages –Do not appear to go above 3-D –Carry sophistication to manage arbitrary object orientation –Use logic that eliminates single values in a given dimension n In solids with real dimensions, skin overlaps have no volume, and are eliminated n In our case “degenerate” solids, one value as both upper and lower limit, are real conditions that must be retained. n Single values needed for our work (Protocol #) n Do it yourself, don’t adapt packages 28

29 Boolean operations on solids 29 n Work is done on an integer lattice of all non-negative values n Critical operations are: –Set Union A ∪ B –Set Difference A – B = A ∩ ~B n Goals include: –Always maintaining convex solid decompositions –~(~B) = B –Making use of A – B = A – (A ∩ B) to limit need to handle general case of ~B –Maintaining connection to rules that generated volumes –Creating solution approach that works in each dimension so that it can be extended to 5-D with confidence

30 Penteract Constructive Solid Geometry (3D analogue) 30 Top face of rule A box (red) has been opened to expose A ∩ B

31 Use Convex Solid Decomposition n Simple Data Structure –Only penteracts required n Calculation Complexity –371,293 types of penteract overlap –CSD allows one dimension at a time, five pairs of cuts, 13 cases –Cost: longer list n Convex penteract can be visualized easily –Parallel Set Enclosure n Rule A: red volumes n Rule B: green volumes n B ∩ A : blue volume n 1-D cuts

32 371,293 Cases? (13^5) of course! n Thirteen(13) cases exist for possible overlaps between the intervals in each of five dimensions –Actually, 25 cases can be enumerated, but 10 are aphysical and two do not overlap n In the following discussion, we use T as the target space, and A for the volume being “added”. –T will in fact be only one component of a list of existing blocks –The overall algorithm will need to be executed against each relevant block in the acceptance volume –The overall algorithm will need to account for A intersecting with more than one component of the T’s n The following analysis assumes initially that the dimensions are not degenerate. –The resulting algorithm was checked to see if it is robust to handling degenerate cases. 32

33 Where does 13, 15 or 25 come from? n Consider an interval in a dimension of T, defined by upper and lower limits TL and TH. n There are five distinct regions where each of the boundaries of A (AL and AH, respectively) can fall –Two exterior regions –One interior region –Coincidence with two boundary values 33 TLTH 12345

34 Analysis of One Dimension n 25 possible cases, in general n Impose AL ≤ AH, 10 cases removed n Require intersection to exist –AH ∈ 1, A is below T, no intersection –AL ∈ 5, A is above T, no intersection n 25 – 10 – 2 = 13 –Argument provides enumeration of cases to be handled –13 cases times five dimensions is plausibly correct –Yields 1,198-line Java method –Alternative is (13^5) = 371,293 cases 34

35 Overlap cases for one dimension AH ∈ 1 2345 AL ∈ 1 No intersect action 2 X 3 XX 4 XXX 5 XXXX No intersect 35 Impose AL ≤ AH

36 Resulting Convex Solid Decomposition(3D) 36 Red volumes – rule A Green volumes – rule B Blue volume – rule A and rule B

37 Thirteen cases, enumeration of actions 37 1) Create working copies of T, wT, and A, wA. 2) Pick a dimension. 3) Select the case of the thirteen that applies. 4) Create a copy of wT, wTd, and of wA, wAd, (or two of one of them, etc). 5) Shift the boundary of wTd so it is the excess beyond the common volume. 6) Shift the boundary of wT so it is reduced to the common volume. 7) Shift the boundary of wAd so it is the excess beyond the common volume. 8) Shift the boundary of wA so it is reduced to the common volume. 9) Send wTd and wAd to their respective output lists. 10) Repeat starting at step 2 until all five dimensions are done.

38 Set operations as disposition rules for convex solid decomposition lists OperationA – BA ∩ BB – A UnionKeep IntersectionDiscardKeepDiscard Set DifferenceKeepDiscard Void DifferenceKeepRe-label & KeepDiscard All of the set operations are dispositions for three lists Only one CSD generation method required for intersecting penteract Operations become wrapper around use of that method Class PenteractSliceDice

39 Created Voids and Provenance n Created Void –Modify Guttman A-B –Normal: discard B ∩ A –Created Void: retain B ∩ A, label with joint provenance –Creates visualizable artifact n Add provenance of rules –List of rules for each penteract –Connected to editor 39  Rule A: red volumes  Rule B: green volumes  B ∩ A : blue volume  1-D cuts

40 Handle multiple intersections n Remaining issue: Added penteract intersects with more than one in target list n Add queues for pieces, put penteracts back into queues if further work needed 40

41 41 Outline n Context –Proxies and firewalls? –What is a firewall rule? n Background n Method –Calculation of the acceptance volume –Visual Approaches n Data – Issues & Solutions n Visual Results n Discussion & Directions –What works –What needs to be done

42 Visual Approaches n Parallel Coordinates –Inselberg lossless multidimensional visualization for points –Use parallel set enclosures for display of penteracts –Ease of representation was one motivation for use of CSD n Flow Picture –Loose pipe or pipeline metaphor –Extended polyhedral representation in 3-space –Implemented in Java OpenGL for speed, interaction (Keyes) n Discussion will focus on design, not software implementation –Use visual completion for improved capture-anomaly containment visualization 42

43 PC Screen Shot 43

44 Flow Picture Mockup 44

45 Flow Picture endpoints 45

46 46 Outline n Context –Proxies and firewalls? –What is a firewall rule? n Background n Method –Calculation of the acceptance volume –Visual Approaches n Data – Issues & Solutions n Visual Results n Discussion & Directions –What works –What needs to be done

47 Data Sources n Requests for operational data sets not favorably received –One permitted use case, port 32760 exclusion n Alternative approach - visualize taxonomy of interactions n Al-Shaer & Hamed (2003) –Firewall Policy Adviser – defined full range of interactions and created a complete example n Yuan, et al. (2006) –FIREMAN (A Toolkit for FIREwall Modeling and Analysis) – defined similar structures with one addition and created examples –Some examples only artifacts of CIDR notation n These examples give us a “complete” set of issues to look at. 47

48 48 Example: Al-Shaer & Hamed, 2003 Rule # ProtocolSource Address Source Port Destination Address Destination Port Action 1tcp140.192.37.20any*.*.*.*80deny 2tcp140.192.37.*any*.*.*.*80accept 3tcp*.*.*.*any140.192.37.4080accept 4tcp140.192.37.30any*.*.*.*21deny 5tcp140.192.37.*any*.*.*.*21accept 6tcp*.*.*.*any140.192.37.4021accept 7tcp*.*.*.*any*.*.*.*anydeny 8udp140.192.37.*any*.*.*.*53accept 9udp*.*.*.*any140.192.37.*53accept 10udp*.*.*.*any*.*.*.*anydeny n Al-Shaer, E.S. and Hamed, H.H. 2003a. Firewall Policy Advisor for anomaly discovery and rule editing, IFIP/IEEE Eighth International Symposium on Integrated Network Management, 2003, 24-28 March 2003, pp. 17 – 30.

49 Yuan, et al. (2006) Yuan, L., Chen, H., Mai, J., Chuah, C-N, Su, Z., and Mohapatra, P., 2006. FIREMAN: a toolkit for firewall modeling and analysis, IEEE Symposium on Security and Privacy, 2006, 21-24 May 2006, pp. 213-227. 49

50 Anomalies versus Predicate Overlaps 50 Note: in this case, there is the additional requirement that there is no correlation or generalization anomaly involving R i and any rule between it and R j

51 Anomalies, by ruleset 51 Anomaly Pairs from Al-Shaer and Hamed (2003) Yuan 2006 Script 1 Anomalies

52 52 Outline n Context –Proxies and firewalls? –What is a firewall rule? n Background n Method –Calculation of the acceptance volume –Visual Approaches n Data – Issues & Solutions n Visual Results n Discussion & Directions –What works –What needs to be done

53 Denial of 32760 in Parallel Coordinates 53

54 Denial of 32760 in Flow Picture 54

55 Selection action in PC view 55

56 Editor Frame with penteract selection 56

57 Generalization Anomaly ASH 1) and 2) 57

58 Generalization Anomaly ASH 1) and 2) 58

59 Illustration: SA split for Modified ASH 2) 59

60 Generalization, ASH 2) and 8) 60

61 Generalization, ASH 2) and 8) 61

62 Generalization Anomaly, Yuan 4) and 7) 62

63 Generalization Anomaly, Yuan 4) and 7) 63

64 Correlation Anomaly, ASH 1) and 3) 64

65 Correlation Anomaly, ASH 1) and 3) 65

66 Correlation Anomaly of Yuan 2) and 6) 66

67 Shadow Anomaly of Yuan 2) and 4) 67

68 Shadow Anomaly of Yuan 1), 3), and 5) 68

69 Shadow Anomaly of Yuan 1), 3), and 5) 69

70 Redundancy Anomaly of ASH 6) and 7) 70

71 Redundancy Anomaly of ASH 6) and 7) 71

72 Complete Ruleset, Al-Shaer & Hamed 72

73 Complete Ruleset, Al-Shaer & Hamed 73

74 74 Outline n Context –Proxies and firewalls? –What is a firewall rule? n Background n Method –Calculation of the acceptance volume –Visual Approaches n Data – Issues & Solutions n Visual Results n Discussion & Directions –What works –What needs to be done

75 What Works? n Containment is the issue for many anomalies –Shown better by the polyhedral representation –Effect likely due to assembly of sub-boxes into a single box in the viewer’s mind –Suggests use of predicate for accept rules, and created voids n Created voids produce visual artifacts that –Provide awareness of why packets are denied –Supports editing to address that issue n Application of visualization directly to configuration space shows promise 75

76 What doesn’t work at present? n Accept rules preceding deny rules, for any anomaly type –Create no object in the calculation –Present no visual artifact –“state change” of denied to accepted is not captured n Deny-Deny overlaps have same problem –Response complicated by use of deny-all rules in subspaces n Scaling to large rulesets unclear –Number of penteracts in CSD depends on order of dimensions in processing –IF analogous to ordered binary decision diagram representation, optimal order issue is likely NP-complete 76

77 77 Outline n Context –Proxies and firewalls? –What is a firewall rule? n Background n Method –Calculation of the acceptance volume –Visual Approaches n Data – Issues & Solutions n Visual Results n Discussion & Directions –What works –What needs to be done

78 What needs to be done (local)? n Theoretical Developments –Extend modified-Guttman to encompass deny rules more effectively n Simplest extension, “denied void” complicated by deny all rules for space and subspaces – leads to potentially massive expansion of CSD –Examine display of accept predicates and created voids n Reduces visual complexity by eliminating sliced accepts n Uncertain at this time as to correctness n May require that turning off created voids be disabled n May require careful linked management of voids/accepts –Define “relatedness” measures for support of visual controls 78

79 What needs to be done (local)? n Software Modifications –Zoom controls n May need to be specialized to two dimensional subspaces n Enterprise defaults for destination space –Rule-based selection lists n Display penteracts touched by rules (reference in provenance) –Consider predicate display in flow picture n Modify color to prevent confusion of displays n Supported by existing OpenGL software package 79

80 Global Directions n Firewalls –Sub-field needs a few good datasets to extend this work –Models for more sophisticated firewall rules n State-dependence n NAT rules n Security configuration comprehension –The entire computer security domain needs to have visual metaphors created and implemented. –Feasibility for display –Methods of interaction 80

81 Contributions n Created graphics pipeline for firewall configuration –Not traffic or just the rules n Showed benefit of maintaining provenance n Defined concept to extend compilation process for rulesets –Created voids capture certain historical aspects of acceptance volume calculation n Showed extension of history capture needed (denied void?) n Showed feasibility of configuration visualization n Showed potential for improved comprehension from polyhedral representations using projection to two- dimensional space over lossless representations for interval data n Demonstrated need for addressing occlusion for interval data 81

82 BACKUPS 82

83 83 DAG Firewall Representations Hazelhurst 2000, Yuan 2006Oriented Binary Decision Diagrams Gouda 2004, Liu 2004Firewall Decision Diagrams Tarsa 2006, Fulp 2005N-ary Tries Baboescu 2005Aggregate Bit Vectors Singh 2003Hypercuts, k-dimensional decision trees Thorup 2003Dynamic Stabbing Eppstein 2001Multidimensional binary search trees Gupta 2001HiCuts, multidimensional cutting Qiu 2001backtracking search and set pruning tries Srinivasan 1999Tuple space search Suri 1999Combined two-dimensional filters Lakshman 1998Multidimensional range matching Srinivasan 1998Grid of tries and cross-producting

84 84 All the pieces, unconnected Firewall Analysis -> DAGs - Correctness (e.g., OBDD) - Packet Classification Acceptance space - Compilation - Description Computational Geometry DAG Visualization Lossless High Dimension Visualization

Download ppt "Applying Visualization to the Management of Firewall Rulesets Shaun P. Morrissey 7 October 2009 Thesis Committee: Prof. Grinstein, Advisor Prof. Levkowitz."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
Programming Paradigms and languages

Programming Paradigms and languages
Delivery and Forwarding of

Delivery and Forwarding of
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.

TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.
© Janice Regan, CMPT 102, Sept. 2006 0 CMPT 102 Introduction to Scientific Computer Programming The software development method algorithms.

© Janice Regan, CMPT 102, Sept CMPT 102 Introduction to Scientific Computer Programming The software development method algorithms.
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.

William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.

Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.
System Design and Analysis

System Design and Analysis
Privacy-Preserving Cross-Domain Network Reachability Quantification

Privacy-Preserving Cross-Domain Network Reachability Quantification
Applying Visualization to the Management of Firewall Rulesets Shaun P. Morrissey 7 October 2009 Thesis Committee: Prof. Grinstein, Advisor Prof. Levkowitz.

Applying Visualization to the Management of Firewall Rulesets Shaun P. Morrissey 7 October 2009 Thesis Committee: Prof. Grinstein, Advisor Prof. Levkowitz.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
© Copyright 2011 John Wiley & Sons, Inc.

© Copyright 2011 John Wiley & Sons, Inc.
SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.

SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.

Similar presentations

Ads by Google