Avishai's Firewall page

Publications

  1. A. Wool. Trends in firewall configuration errors: Measuring the holes in Swiss cheese.
    IEEE Internet Computing, 14(4):58-65, 2010. Here is a local copy (pdf).
    Full version available as arXiv Technical Report cs.CR:0911.1240.

  2. A. Wool. A quantitative study of firewall configuration errors.
    Invited talk, Tokyo International Security Conference, Tokyo, Japan, November 2005.
    Here are some photos: 1 2 3

  3. Y. Bartal, A. Mayer, K. Nissim, and A. Wool. Firmato: A novel firewall management toolkit.
    ACM Transactions on Computer Systems, 22(4):381-420, November 2004. Here is a local copy (pdf).

  4. D. Rovniagin and A. Wool. The geometric efficient matching algorithm for firewalls.
    In Proc. 23rd IEEE Convention of Electrical & Electronics Engineers in Israel (IEEEI), pages 153-156, September 2004. Here is the full technical report (postscript).

    new Free software: Here is the source code for our GEM/iptables implementation. Copyright (C) Avishai Wool and Dmitry Rovniagin, 2003-2005. All rights reserved.

  5. A. Wool. The use and usability of direction-based filtering in firewalls.
    Computers & Security, 23(6):459-468, 2004. Here is a local copy (pdf).

  6. A. Wool. A quantitative study of firewall configuration errors.
    IEEE Computer, 37(6):62-67, 2004. Here is a local copy (pdf).

  7. A. Wool. Combating the perils of port 80 at the firewall.
    ;login: The Magazine of USENIX & SAGE, 27(4):44-45, August 2002. Here is a local copy (pdf).

  8. A. Wool. Architecting the Lumeta firewall analyzer.
    In 10th USENIX Security Symposium, pages 85-97, Washington, D.C., August 2001.

  9. A. Mayer, A. Wool, and E. Ziskind. Fang: A firewall analysis engine.
    In Proc. IEEE Symp. on Security and Privacy, pages 177-187, Oakland, CA, May 2000.

  10. Y. Bartal, A. Mayer, K. Nissim, and A. Wool. Firmato: A novel firewall management toolkit.
    In
    Proc. IEEE Symp. on Security and Privacy, pages 17-31, Oakland, CA, May 1999.

  11. A. Wool. How not to configure your firewall: A field guide to common firewall misconfigurations (pdf of slides).
    Case study, 17th Annual Computer Security Applications Conference, New Orleans, LA, December 2001. Recipient of ``Best Case Study'' prize.

poster

Useful links

  1. The AlgoSec Firewall Analyzer.
  2. The Firewall Product Overview by Cathy Fulmer.
  3. The Firewall FAQ by Paul D. Robertson, Matt Curtin, and Marcus J. Ranum
  4. Free*nix Firewalls: Linux netfilter/iptables, OpenBSD pf, FreeBSD IP Filter, Linux ipchains (older),
  5. Check Point (FireWall-1)
  6. Cisco ASA Firewall (previously known as Cisco PIX).
  7. Juniper Netscreen Firewall.
  8. Back to my home page.

Last modified: Mon Nov 1 22:31:25 IST 2010 Valid HTML 4.0!