This paper introduces a simulation environment for testing firewall configurations without the need of an actual, complex network setup. It assists the user in defining the required rule set based on an existing, informal security concept and in validating the resulting setup virtually. Configurations consisting of network hosts and permitted or not permitted services are modeled using a graphical environment. A framework which supports model-driven development is used to visualize the resulting configuration in a single graph. Existing plug-ins can be used to check single nodes or the whole graph using model checking. Additionally it is possible to simulate the packet flow and track errors without actually setting up one of the network devices. Test cases may be defined manually, produced by an automatic packet generator or even imported from previously captured, genuine network traffic. Multiple operating systems and firewall products are supported without forcing the user to learn the implementation details between them.
展开▼
