Teaching-learning firewall configuration using a visual modeling web based tool: the SP2Model and its application to Computer Science course
MetadataShow full item record
The traffic between computer networks must be controlled to prevent unauthorized access. Firewall is responsible for filtering data packets between networks, applying rules to select data packets that can get in/out to access the network. The firewall must be configured accordingly network access policy. Therefore, the students have to be trained to acquire skills not only to understand network access policy, but also to translate it into firewall native language. The use of a graphical representation (high level) to model the network access policy consist in a resource to facilitate understanding and to minimize defects on firewall native language. For that, we have proposed an extension to Security Policy Modeling Language (SPML), the SPML2, which aims to create a visual representation of the network access policy using graphical notation. Also, in this paper we present SP2Model, a web based tool to support SPML2 network accesses policy modeling and its translation into firewall native language. Using the SP2Model, the student can model the network access policy in a graphical notation and, then, can generate the set of rules in firewall native language. The use of SP2Model has facilitated the teaching-learning process, compared to traditional approaches. We evaluated SP2Model (and consequently the SPML extension) through an experiment following the GQM paradigm (Goal/Question/Metric) comparing the traditional approach and the use of SPML2 in operational security education. We performed two experimental sessions and we present the results, as well as a discussion about the tool, its use and the trade-off on using it.