next up previous contents
Next: 2.2.0.1 Back- and front-end Up: 2. An adaptive security Previous: 2.1.7 Other adaptive security

2.2 Communication between the adaptive security management components

Remember our example in paragraph 2.1.1 where the central management system reconfigures the firewall. In the above example we simply assumed that the management system and the firewall understood each other. This will however often not be the case. Actually, many commercial firewalls to date can only be reconfigured using proprietary interfaces. It is absolutely necessary for a adaptive security system to be able to address as many applications as possibly needed without having to encode proprietary interfaces in the central system. When adapting an object-oriented approach, the manager only needs to send a message to the enforcer saying something like ``deny traffic of type x from source y with destination z''. It is up to the application at the end point to translate this message in commands that effectively change the filtering rules.



 

(c) 1998, Filip Schepers