Home > Ask the Security Experts > Network Security Questions & Answers > What is the difference between static and dynamic network validation?
Ask The Security Expert: Questions & Answers
EMAIL THIS

What is the difference between static and dynamic network validation?

Mike Chapple, featured expert EXPERT RESPONSE FROM: Mike Chapple, featured expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 19 August 2009
What is the difference between static and dynamic verification of network security?


BROWSE BY TAG
Network Security,   Network Security: Tools, Products, Software,   Network Firewalls, Routers and Switches,   Enterprise Network Security,   Network Device Management,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Network Security
How to set up a split-tunnel VPN in Windows Vista
Port scan attack prevention best practices
Securing the intranet with remote access VPN security
How to prevent network sniffing and eavesdropping
How to implement virtual firewalls in a complex network infrastructure
How to manage network bandwidth with distributed ISP bandwidth
How to edit group policy objects to give a user local admin rights
How to prevent operating system cloning with AES 256-bit encryption
How to securely connect a LAN POS to a remote point-of-sale device
How to select a set of network security audit guidelines

Network Firewalls, Routers and Switches
How to prepare for a secure network hardware upgrade
Best Network Firewall Products
Screencast: Smoothwall offers firewall defense in lean times
New Cisco IOS bugs pose tempting targets, says Black Hat researcher
How to implement virtual firewalls in a complex network infrastructure
How to manage network bandwidth with distributed ISP bandwidth
Firewall rule management best practices
Should enterprises be running multiple firewalls?
What are the disadvantages of proxy-based firewalls?
IT pros find corporate firewall rules tough to navigate

Network Device Management
How to prepare for a secure network hardware upgrade
Researchers find thousands of flawed embedded devices
Is there a way to block iPhone widgets that bypass Web filters?
Will an application usage policy best control network bandwidth?
How to manage network bandwidth with distributed ISP bandwidth
DNSSEC deployments gain momentum since Kaminsky DNS bug
Firewall rule management best practices
What are best practices for fiber optic cable security?
The requirements for being a PCI DSS-compliant service provider
Enterprise UTM security: The best threat management solution?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bastion host  (SearchSecurity.com)
firewall  (SearchSecurity.com)
Firewall Builder  (SearchSecurity.com)
screened subnet  (SearchSecurity.com)
virus  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Static validation techniques look at configurations and network topologies in order to identify security configuration errors, while dynamic verification supplements that with actual traffic logs. These techniques are commonly used to verify firewall configurations. Static validation has the advantage of being performed offline, and it can be completed prior to deploying a security configuration. It can detect errors such as shadowed rules (these are rules that will never be triggered because an earlier rule covers all of the traffic that would be covered by the shadowed rule.)

Dynamic analysis provides deeper insight into a rulebase. For example, only dynamic analysis can detect orphaned rules -- rules that are syntactically correct but will never be triggered due to changes in the way the network operates. For example, static analysis will never reveal that a database server has been decommissioned, while dynamic analysis will identify that the rule has not been triggered in a long time, allowing you to proactively clean up the rulebase.

For more information:



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Find Security Solutions for Your Business
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts