An Evaluation of State Model Diagrams for Secure Network Configuration and Management

摘要

Dedicated firewall devices are an essential component of all secure networks. Given the importance of these devices it is therefore imperative that they are operate according to the appropriate company security policies. Regardless of the sophistication of the security devices they must be managed by people with the associated scope for human error, particularly during their configuration. PIX firewalls are typically controlled by the text based Command Line Interface (CLI) which requires considerable expertise. Whilst a Graphical User Interface (GUI) is available it is not widely used. Alternative approaches have been employed, such as network management tools, but these are arguably also problematic. These problems are exacerbated by the need to manage the integration of many different technologies (firewalls, wireless devices etc). State Model Diagrams have been successfully used for modeling a wide variety of network technologies and associated protocols. The diagrams are modular and hierarchical thereby providing top down decomposition by means of leveling. For ease of use, hyperlinks may be used for navigation within the interface. This paper demonstrates how the state model technique meets the relevant criteria for a successful Security Human Computer Interface (HCI-S) and hence may be used to manage not only firewalls but also the integration of heterogeneous technologies within a secure environment. An evaluation by twenty experienced network administrators strongly supported this approach. Results to date indicate that the State Model Diagrams may offer a vendor independent, universally applicable interface that can be used for secure device integration and management.