C. Security Considerations
This section describes two security issues in BaCon and
how we handle them. The first issue concerns network
security policy conflicts. For BaCon to work effectively, rule
and policy configuration must be validated before accepted
into the system. Inconsistent and conflicting rules may cause
serious security breaches and network vulnerability, such as
permitting unwanted traffic and blocking legitimate traffic.
The order of rules must be carefully determined such that they
don’t create conflict. In this aspect, BaCon provides a
mechanism for analyzing iptables and tc configurations to
avoid four types of access-list conflicts discussed in [13-14]. If
a new rule conflicts with previous rules, the system will alert
users and will not accept the new rule.