Abstract
The degree of trust which can be placed in a firewall can be measured through independent evaluation using a suitable criteria. Such criteria provide a measure by which end-users can make informed decisions on the purchase of firewall products in conjunction with their security policy. This paper examines two groups of evaluation criteria and their suitability for firewall certification. The first group consists of criteria used by government certification programmes to meet the particular needs of government and related agencies. Members of this group include the Information Technology Security Evaluation Criteria and the Common Criteria for Information Technology Security Evaluation. The second group consists of criteria created specifically for commercial certification programmes, and focuses on penetration testing to meet the needs of the private sector. Members of this group include the International Computer Security Association's Firewall Product Developers' Consortium Product Certification Criteria, and West Coast Labs Firewall Checkmark Criteria. The paper also shows the certification status of a number of firewall products currently on the market. Finally the paper reviews the success and applicability of these criteria in practice.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
