Re: [fw-wiz] Firewall Administration Survey

Hi Mike,

That kind of survey was done by Avishai Wool between 2000 and 2001 and published
in Computer June 2004 [1]. But it was only about CheckPoint FW-1 rules. The
results showed that rulesets complexity, default implicit rules and
configuration, and specific rules for the firewall adminitration were the most
common sources of error.

I fear that the situation is not going better today...

To connect this message to the rolling other threads: consequences of rule
configuration error in a packet filter (stateful or not) can be more dreadful
than configuration error in a proxy.
ie: to open access to a network vs to open acces to a protocol and a small group
of hosts.


"Reality is that which, when you stop believing in it, doesn't go away."
Philipp K. Dick

From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Mike
Sent: Tuesday, November 27, 2007 7:06 PM
To: firewall-wizards@xxxxxxxxxxxxxxxxxxxxxxx
Subject: [fw-wiz] Firewall Administration Survey

Dear Colleague,

Would you please consider taking a few minutes to participate in a survey of
firewall administration practices?

We are conducting this survey as part of an academic research project designed
to analyze the frequency of firewall configuration errors and identify potential
causes for those errors. The results will contribute to a research paper we are
submitting for publication in a peer-reviewed academic forum. We will maintain
strict anonymity of any data you provide during the survey.

The survey is available at:

The target audience for the survey is anyone involved in the administration of a
firewall rulebase in a production environment. If you know of others that may
be suitable participants, please forward this invitation along to them.

At the conclusion of the research study, we will be happy to share the results
with any interested participants.

Thank you in advance for your time.
Mike Chapple
firewall-wizards mailing list