What is the difference between static and dynamic verification of network security?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Static validation techniques look at configurations and network topologies in order to identify security configuration errors, while dynamic verification supplements that with actual traffic logs. These techniques are commonly used to verify firewall configurations. Static validation has the advantage of being performed offline, and it can be completed prior to deploying a security configuration. It can detect errors such as shadowed rules (these are rules that will never be triggered because an earlier rule covers all of the traffic that would be covered by the shadowed rule.)
Dynamic analysis provides deeper insight into a rulebase. For example, only dynamic analysis can detect orphaned rules -- rules that are syntactically correct but will never be triggered due to changes in the way the network operates. For example, static analysis will never reveal that a database server has been decommissioned, while dynamic analysis will identify that the rule has not been triggered in a long time, allowing you to proactively clean up the rulebase.
For more information:
- Should static analysis be part of the software development process? Read more.
- Also, learn more about how to implement virtual firewalls in a complex network infrastructure.
Dig Deeper on Network Firewalls, Routers and Switches
Related Q&A from Mike Chapple
New guidance from the PCI SSC includes some essential aspects of tokenization security and what merchants need to know about tokenization products.continue reading
HIPAA data breach reporting now uses an electronic Web portal, so what does this mean for covered entities? Expert Mike Chapple explains.continue reading
Complex compliance mandates can lead to compliance fatigue. Expert Mike Chapple explains how to develop an effective compliance management plan.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.