Analyzing end-to-end network reachability

Sruthi Bandhakavi, Sandeep Bhatt, Cat Okita, Prasad Rao

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

Network security administrators cannot always accurately tell which end-to-end accesses are permitted within their network, and which ones are not. The problem is that every access is determined by the configurations of multiple, separately administered, components. As configurations evolve, a small change in one configuration file can have widespread impact on the end-to-end accesses. Short of exhaustive testing, which is impractical, there are no good solutions to analyze endto-end flows from network configurations. This paper presents a general technique to analyze all the end-to-end accesses from the configuration files of network routers, switches and firewalls. We efficiently analyze certain state-dependent filter rules. Our goal is to help network security engineers and operators quickly determine configuration errors that may cause unexpected behavior such as unwanted accesses or unreachable services. Our technique can be also be used as part of the change management process, to help prevent network misconfiguration.

Original languageEnglish
Title of host publication2009 IFIP/IEEE International Symposium on Integrated Network Management, IM 2009
Pages585-590
Number of pages6
DOIs
StatePublished - 2009
Event2009 IFIP/IEEE International Symposium on Integrated Network Management, IM 2009 - New York, NY, United States
Duration: 1 Jun 20095 Jun 2009

Publication series

Name2009 IFIP/IEEE International Symposium on Integrated Network Management, IM 2009

Conference

Conference2009 IFIP/IEEE International Symposium on Integrated Network Management, IM 2009
Country/TerritoryUnited States
CityNew York, NY
Period1/06/095/06/09

Fingerprint

Dive into the research topics of 'Analyzing end-to-end network reachability'. Together they form a unique fingerprint.

Cite this