DOCSLIB.ORG

FIREMAN: a Toolkit for Firewall Modeling and Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
FIREMAN: a Toolkit for Firewall Modeling and Analysis FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Lihua Yuan Jianning Mai Zhendong Su [email protected] [email protected] [email protected] Hao Chen Chen-Nee Chuah Prasant Mohapatra [email protected] [email protected] [email protected] University of California, Davis Abstract configurations. The wide and prolonged spread of worms, such as Blaster and Sapphire, demonstrated that many fire- Security concerns are becoming increasingly critical in walls were misconfigured, because “well-configured fire- networked systems. Firewalls provide important defense for walls could have easily blocked them” [31]. network security. However, misconfigurations in firewalls The following script illustrates how easily firewall mis- are very common and significantly weaken the desired se- configurations can happen: curity. This paper introduces FIREMAN, a static analysis toolkit for firewall modeling and analysis. By treating fire- accept tcp 192.168.0.0/16 any wall configurations as specialized programs, FIREMAN ap- deny tcp 192.168.1.0/24 any 3127 plies static analysis techniques to check misconfigurations, such as policy violations, inconsistencies, and inefficien- The second rule is configured to deny all the outbound traf- MyDoom.A cies, in individual firewalls as well as among distributed fic to a known backdoor TCP port for the worm, firewalls. FIREMAN performs symbolic model checking of and is correct by itself. However, if a firewall examines the firewall configurations for all possible IP packets and each rule sequentially and accepts (or rejects) a packet im- along all possible data paths. It is both sound and complete mediately when the packet is matched to a rule, a preced- shadow because of the finite state nature of firewall configurations. ing rule may subsequent rules matching some com- FIREMAN is implemented by modeling firewall rules using mon packets. The first rule, which accepts all the outbound 192.168.0.0/16 binary decision diagrams (BDDs), which have been used traffic from the local network , shadows the successfully in hardware verification and model checking. second rule and leaves the hole wide open. We have experimented with FIREMAN and used it to un- Correctly configuring firewall rules has never been an cover several real misconfigurations in enterprise networks, easy task. In 1992, Chapman [6] discussed many problems some of which have been subsequently confirmed and cor- that make securely configuring packet filtering a daunting rected by the administrators of these networks. task. Some of them, e.g., omission of port numbers in filtering rules, have been addressed by firewall vendors. However, many others are yet to be addressed successfully. Since firewall rules are written in platform-specific, low- 1. Introduction level languages, it is difficult to analyze whether these rules have implemented a network’s high-level security policies Firewall is a widely deployed mechanism for improving accurately. Particularly, it is difficult to analyze the inter- the security of enterprise networks. However, configuring actions among a large number of rules. Moreover, when a firewall is daunting and error-prone even for an experi- large enterprises deploy firewalls on multiple network com- enced administrator. As a result, misconfigurations in fire- ponents, due to dynamic routing, a packet from the same walls are common and serious. In examining 37 firewalls in source to the same destination may be examined by a dif- production enterprise networks in 2004, Wool found that ferent set of firewalls at different times. It is even more all the firewalls were misconfigured and vulnerable, and difficult to reason whether all these sets of firewalls satisfy that all but one firewall were misconfigured at multiple the end-to-end security policies of the enterprise. places [31]. As another evidence, Firewall Wizards Secu- We propose to use static analysis to discover firewall rity Mailing List [15] has discussed many real firewall mis- misconfigurations. Static analysis has been applied success- fully to discover security and reliability bugs in large pro- 3. We provide an implementation of our algorithm in the grams [7,11], where it examines the control-flow and/or the tool FIREMAN based on binary decision diagrams data-flow to determine if a program satisfies user-specified (BDDs). Using FIREMAN, we have discovered pre- properties without running the program. A firewall config- viously unknown misconfigurations in production fire- uration is a specialized program, so it is natural to apply walls. (Section 5) static analysis to check firewall rules. Compared to test- The rest of this paper is organized as follows. Section 2 ing, static analysis has three major advantages: (1) it can describes the operational model of firewalls, which lays the proactively discover and remove serious vulnerabilities be- foundation for static analysis and error detection. Section 3 fore firewalls are deployed; (2) it can discover all the in- classifies misconfigurations into policy violations, incon- stances of many known types of misconfigurations, because sistencies, and inefficiencies. Section 4 presents our static it can exhaustively examine every path in the firewall effi- analysis algorithm for checking firewall misconfigurations. ciently; (3) when multiple firewalls are deployed in a com- Section 5 describes our implementation and evaluation of plex network topology and are subject to dynamic routing FIREMAN, and the previously unknown misconfigurations configurations, static analysis can discover vulnerabilities that FIREMAN discovered in production firewalls. Sec- resulting from the interaction among these firewalls with- tion 6 reviews related work and Section 7 concludes this out the need to configure these routers. paper. Testing has been proposed to discover firewall miscon- figurations [3, 21, 27, 30], where a tool generates packets and examines whether a firewall processes these packets 2. Modeling Firewalls as intended. However, due to the enormous address space of packets, one cannot test all possible packets practically. 2.1. Models for Individual Firewalls Al-Shaer and Hamed describe common pairwise inconsis- tencies in firewall rules and propose an algorithm to detect Firewalls from different vendors may vary significantly these inconsistencise [1, 2]. Our work is inspired by them, in terms of configuration languages, rule organizations and but our tool can detect a much wider class of misconfig- interaction between lists or chains. However, a firewall gen- urations, such as inconsistencies and inefficiencies among erally consists of a few interfaces and can be configured multiple rules and security policy violations, and miscon- with several access control lists (ACLs). Both the ingress figurations due to the interaction among multiple firewalls. and egress of an interface can be associated with an ACL. To the best of our knowledge, our work is the first to apply If an ACL is associated to the ingress, filtering is performed rigorous static analysis techniques to real firewalls and to when packets arrive at the interface. Similarly, if an ACL is have found real misconfigurations. associated to the egress, filtering will be performed before packets leave the interface. We have implemented our approach in the tool FIRE- Each ACL consists of a list of rules. Individual rules MAN — FIREwall Modeling and ANalysis. FIREMAN can be interpreted in the form hP, actioni, where P is a discovers two classes of misconfigurations: (1) violations predicate describing what packets are matched by this rule of user-specified security policies — For example, allow- and action describing the corresponding action performed ing incoming packets to reach the TCP port 80 on an in- on the matched packets. Packets not matched by the cur- ternal host violates the security policies of most networks; rent rule will be forwarded to the next rule until a match is (2) inconsistencies and inefficiency among firewall rules, found or the end of the ACL is reached. At the end of an which indicate errors or warnings regardless of the security ACL, the default action will be applied. This is similar to policies — For example, a rule intended to reject a packet an “if-elif-else” construct in most programming languages. is shadowed by a preceding rule that accepts the packet. Implicit rules vary on different firewall products. On Cisco FIREMAN can discover problems not only in individual PIX firewall and routers, the implicit rule at the end of an firewalls but also in a distributed set of firewalls that col- ACL denies everything. On Linux Netfilter, the implicit rule lectively violate a security policy. is defined by the policy of the chain. We summarize our major contributions as follows: Note that what we have described is the so-called “first- 1. We give a comprehensive classification of firewall mis- matching” ACLs. Some firewalls e.g. BSD Packet Filter, configurations for both single firewalls and distributed use last-matching ACLs, in which the decision applied to firewalls (Section 3); a packet is determined by the last matched rule. An ACL using last-matching can be converted to first-matching form 2. We present a static analysis algorithm to examine fire- by re-ordering. In this paper, we assume every ACL uses wall rules for policy violations and inconsistencies first-matching. at different levels: intra-firewall, inter-firewall, and Traditional stateless firewalls treat each packet in isola- cross-path (Section 4); tion and check every packet against the ACL, which is com- putation intensive and often the performance bottleneck. 2.1.1 Simple List Model Modern stateful firewalls can monitor TCP 3-way hand- shake and build an entry in the state table. If the firewall Figure 1a depicts the simple list model of an ACL. Since matches a packet to an ESTABLISHED flow, it can accept only “accept” or “deny” actions (first two forms shown in it without checking the ACL, thus significantly reduce the Table 1) are allowed, any packet will traverse the list in or- computation overhead. However, the ACLs still determine der until a decision is made on each packet.
Load more

Recommended publications
  • Resource Advisor Guide
    A publication of the National Wildfire Coordinating Group Resource Advisor Guide PMS 313 AUGUST 2017 Resource Advisor Guide August 2017 PMS 313 The Resource Advisor Guide establishes NWCG standards for Resource Advisors to enable interagency consistency among Resource Advisors, who provide professional knowledge and expertise toward the protection of natural, cultural, and other resources on wildland fires and all-hazard incidents. The guide provides detailed information on decision-making, authorities, safety, preparedness, and rehabilitation concerns for Resource Advisors as well as considerations for interacting with all levels of incident management. Additionally, the guide standardizes the forms, plans, and systems used by Resource Advisors for all land management agencies. The National Wildfire Coordinating Group (NWCG) provides national leadership to enable interoperable wildland fire operations among federal, state, tribal, territorial, and local partners. NWCG operations standards are interagency by design; they are developed with the intent of universal adoption by the member agencies. However, the decision to adopt and utilize them is made independently by the individual member agencies and communicated through their respective directives systems. Table of Contents Section One: Resource Advisor Defined ...................................................................................................................1 Introduction ............................................................................................................................................................1
    [Show full text]
  • Advisory U.S.Deportment of Transportution Fedeml Aviation Circular
    Pc/ Advisory U.S.Deportment of Transportution Fedeml Aviation Circular Subject: POWERPLANT INSTALLATION AND Date: 2/6/W ACNo: 20- 135 PROPULSION SYSTEM COMPONENT FIRE Initiated by: ANM- 110 Change: PROTECTION TEST METHODS, STANDARDS, AND CRITERIA. 1 PURPOSE. This advisory circular (AC) provides guidance for use in demonstrating compliance with the powerplant fire protection requirements of the Federal Aviation Regulations (FAR). Included in this document are methods for fire testing of materials and components used in the propulsion engines and APU installations, and in areas adjacent to designated fire zones, as well as the rationale for these methods. Since the method of compliance presented in this AC is not mandatory, the terms "shall" and "must," as used in this AC, apply only to an applicant who chooses to follow this particular method without deviation. 2 RELATED FAR SECTIONS. The applicable FAR sections are listed in appendix 1 of this AC. 3 BACKGROUND. Although 5 1.1 of the FAR provides general definitions for the terms "fireproof" and "fire resistant," these definitions do not specify heat intensity, temperature levels, duration (exposure time), or an appropriate wall thickness or other dimensional characteristics for the purpose intended. With the advent of surface coatings (i.e., ablative/ intumescent), composites, and metal honeycomb for acoustically treated ducting, cowling, and other components which may form a part of the nacelle firewall, applicant confusion sometimes exists as to how compliance can be shown, particularly with respect to the definition of "fireproof" and "fire resistant" as defined in 5 1.1. 4 DEFINITIONS. For the purposes of this AC, the following definitions .
    [Show full text]
  • Fire Management.Indd
    Fire today ManagementVolume 65 • No. 2 • Spring 2005 LLARGEARGE FFIRESIRES OFOF 2002—P2002—PARTART 22 United States Department of Agriculture Forest Service Erratum In Fire Management Today volume 64(4), the article "A New Tool for Mopup and Other Fire Management Tasks" by Bill Gray shows incorrect telephone and fax numbers on page 47. The correct numbers are 210-614-4080 (tel.) and 210-614-0347 (fax). Fire Management Today is published by the Forest Service of the U.S. Department of Agriculture, Washington, DC. The Secretary of Agriculture has determined that the publication of this periodical is necessary in the transaction of the pub- lic business required by law of this Department. Fire Management Today is for sale by the Superintendent of Documents, U.S. Government Printing Office, at: Internet: bookstore.gpo.gov Phone: 202-512-1800 Fax: 202-512-2250 Mail: Stop SSOP, Washington, DC 20402-0001 Fire Management Today is available on the World Wide Web at http://www.fs.fed.us/fire/fmt/index.html Mike Johanns, Secretary Melissa Frey U.S. Department of Agriculture General Manager Dale Bosworth, Chief Robert H. “Hutch” Brown, Ph.D. Forest Service Managing Editor Tom Harbour, Director Madelyn Dillon Fire and Aviation Management Editor Delvin R. Bunton Issue Coordinator The U.S. Department of Agriculture (USDA) prohibits discrimination in all its programs and activities on the basis of race, color, national origin, sex, religion, age, disability, political beliefs, sexual orientation, or marital or family status. (Not all prohibited bases apply to all programs.) Persons with disabilities who require alternative means for communica- tion of program information (Braille, large print, audiotape, etc.) should contact USDA’s TARGET Center at (202) 720- 2600 (voice and TDD).
    [Show full text]
  • Fire Protection Guide for Electrical Installations
    Fire protection guide for electrical installations Building Connections Table of contents In the second edition of this fire protection guide, we have again compiled lots of useful information. The in- terconnections of fire protection between different types of technical building equipment are now ex- plained in even more detail. Perhaps you will find some new information in this edition which can help you in the planning and implementation of fire protec- tion systems. BSS Brandschutzleitfaden für die Elektroinstallation / en / 2019/03/22 08:28:10 08:28:10 (LLExport_04692) / 2019/03/22 08:28:13 2 Table of contents Fire protection guide for electrical installations Table of contents 1 General introduction 7 1.1 Construction law 12 1.2 The four pillars of fire protection 18 1.3 Construction products 26 1.4 Fire protection concepts 32 2 Maintenance of the fire sections – protection aim 1 36 2.1 Components closing rooms – firewalls 36 2.2 Requirements for cable penetrations - insulation 36 2.3 Proofs of usability 39 2.4 Construction types of cable and combination insulation 42 2.5 Applications and special applications 52 2.6 Selection aid and OBO Construct BSS 60 2.7 Building in old buildings 62 2.8 Cable bandages 65 3 Protection of escape routes – protection aim 2 75 3.1 What is an escape and rescue route? 75 3.2 Installations in lightweight partitions 78 3.3 Installation in false ceilings 80 3.4 Installations in underfloor systems 91 3.5 Shielding with plate material 93 3.6 Cable routing in fire protection ducts 94 4 Maintaining the electrical
    [Show full text]
  • Break-Away Firewall Connection System
    Break-Away Firewall Connection System Description and Proof-of-Concept A Technical Article by Y. Korany, Ph.D., P.Eng. M. Hatzinikolas, Ph.D., P.Eng., FCSCE May, 2013 Table of Contents Executive Summary ................................................................................................................................. 1 Background .............................................................................................................................................. 2 Description of the Break-Away Connector ............................................................................................. 4 Proof-of-Principal Testing ....................................................................................................................... 6 Summary and Conclusions ...................................................................................................................... 9 References.............................................................................................................................................. 10 Appendix: Break-Away Connection System Details ............................................................................. 11 i List of Figures Figure 1: Floor-to-Firewall Connection using a Break-away Connector ................................................ 5 Figure 2: Support Member Detail ............................................................................................................ 5 Figure 3: Test of a Fusible Member under Normal Service Conditions .................................................
    [Show full text]
  • APEGBC Technical and Practice Bulletin
    APEGBC Technical and Practice Bulletin Structural, Fire Protection and Building Envelope Professional Engineering Services for 5- and 6-Storey Wood Frame Residential Building Projects (Mid-Rise Buildings) © April 2009 All Rights Reserved Revised April 8, 2015 Table of Contents 1.0 INTRODUCTION ................................................................................................................................. 1 1.1 Purpose .................................................................................................................................. 1 1.2 Disclaimer and Exclusion of Liability ...................................................................................... 1 1.3 The Role of APEGBC ............................................................................................................... 2 1.4 Scope of Bulletin .................................................................................................................... 2 1.5 Applicability of Bulletin .......................................................................................................... 2 1.6 Acknowledgements ................................................................................................................ 3 1.7 Introduction of Terms and Abbreviations .............................................................................. 3 2.0 PROFESSIONAL PRACTICE ................................................................................................................. 4 2.1 Coordination .........................................................................................................................
    [Show full text]
  • Preparation for Initial Company Operations-Student Manual
    Preparation for Initial Company Operations PICO-Student Manual 1st Edition, 5th Printing-April 2014 FEMA/USFA/NFA PICO-SM April 2014 Preparation for Initial Company Operations 1st Edition, 5th Printing Preparation for Initial Company Operations PICO-Student Manual 1st Edition, 5th Printing-April 2014 This Student Manual may contain material that is copyright protected. USFA has been granted a license to use that material only for NFA-sponsored course deliveries as part of the course materials, and it shall not be duplicated without consent of the copyright holder. States wishing to use these materials as part of state-sponsorship and/or third parties wishing to use these materials must obtain permission to use the copyright material(s) from the copyright holder prior to teaching the course. PREPARATION FOR INITIAL COMPANY OPERATIONS NOTICE: This material has been developed by the National Fire Academy (NFA) of the United States Fire Administration (USFA) for use by State and metropolitan fire training programs. NFA endorsement of this material is conditional on use without modification. NFA material, whether printed text or software, may not be used in any manner that would mislead or that would suggest or imply endorsement by NFA of any commercial product, process, or service. ii PREPARATION FOR INITIAL COMPANY OPERATIONS U.S. DEPARTMENT OF HOMELAND SECURITY UNITED STATES FIRE ADMINISTRATION NATIONAL FIRE ACADEMY FOREWORD The U.S. Fire Administration (USFA), an important component of the Department of Homeland Security (DHS), serves the leadership of this Nation as the DHS's fire protection and emergency response expert. The USFA is located at the National Emergency Training Center (NETC) in Emmitsburg, Maryland, and includes the National Fire Academy (NFA), National Fire Data Center (NFDC), and the National Fire Programs (NFP).
    [Show full text]
  • A Manager's Handbook on Women in Firefighting
    U.S. Fire Administration Many Faces, One Purpose A Manager’s Handbook on Women in Firefighting FA-196/September 1999 Homeland Security DISCLAIMER This publication was prepared for the Federal Emergency Management Agency’s (FEMA’s) U.S. Fire Administration (USFA) under contract No. EME-5-4651. Points of view or opinions expressed in this document do not necessarily reflect the official position or policies of the Federal Emergency Management Agency or the U.S. Fire Administration. U.S. Fire Administration Many Faces, One Purpose A Manager’s Handbook on Women in Firefighting FA-196/September 1999 Prepared by: Women in the Fire Service Homeland P.O. Box 5446 Madison, Wisconsin 53705 Security 608/233-4768 608/233-4879 fax Researchers & writers: Brenda Berkman Teresa M. Floren Linda F. Willing With assistance from: Debra H. Amesqua Kim Delgaudio Carol Pranka Freda Bailey-Murray Patricia Doler Andrea Walter Joette Borzik Julia Luckey Grace Yamane U.S. Fire Administration Mission Statement As an entity of the Department of Homeland Security, the mission of the USFA is to reduce life and economic losses due to fire and related emergencies, through leadership, advocacy, coordination, and support. We serve the Nation independently, in coordination with other Federal agencies, and in partnership with fire protection and emergency service communities. With a commitment to excellence, we provide public education, training, technology, and data initiatives. Homeland Security Introduction When an organization moves away from a generations-long tradition of being all-male toward a future that includes men and women equally, a significant change takes place. Change can be upsetting and threatening to those who are used to, and invested in, the way things “have always been.” Fire may know no gender, but people do, and the fire chief of the 1990’s spends more time managing people than controlling fire.
    [Show full text]
  • Gypsum Fire Wall Systems Brochure (English)
    Fire protection for townhouses that share a common wall Gypsum Fire Wall Systems SA-925 Fire walls between adjoining townhouses must provide fire-resistive ratings to ensure the safety of occupants in adjacent dwellings. Noise attenuation is also important, to ensure that townhouse dwellers are not disturbed by sound from their neighbors. Fire and Sound Separation User’s Guide This brochure explains: – Where fire walls are used – The components of fire wall systems – How to select and specify the appropriate components of a fire wall system Pages Understand Your System 4 Overview Applications Components Performance Testing Select Your System 9 Performance Selector Design Details Design Your System 12 Good Design Practices Specify Your System 13 Application Guide Specifications For More Information Customer Service 800 387.2690 Web Site www.cgcinc.com 3 CGC Gypsum Fire Wall Systems Overview Effective fire resistance and sound attenuation are important considerations in townhouse design. A fire wall can be used in townhouses up to four stories (13.4 m (44Ј)) tall and with all common floor-ceiling heights. It must either be continuous from the foundation to the underside of the protected roof sheathing, or continue through the roof to form a parapet. The fire wall is designed to allow for collapse of the construction on the fire-exposed side without collapse of the entire wall. To do this, aluminum breakaway clips attach the separation wall to the adjacent framing. When one side is exposed to fire, the clips are designed to soften and break away, allowing the structure on the fire side to collapse, while the clips on the exposed fire side of the separation wall continue to support the wall.
    [Show full text]
  • Research Roadmap for Smart Fire Fighting Summary Report
    NIST Special Publication 1191 | NIST Special Publication 1191 Research Roadmap for Smart Fire Fighting Research Roadmap for Smart Fire Fighting Summary Report Summary Report SFF15 Cover.indd 1 6/2/15 2:18 PM NIST Special Publication 1191 i Research Roadmap for Smart Fire Fighting Summary Report Casey Grant Fire Protection Research Foundation Anthony Hamins Nelson Bryner Albert Jones Galen Koepke National Institute of Standards and Technology http://dx.doi.org/10.6028/NIST.SP.1191 MAY 2015 This publication is available free of charge from http://dx.doi.org/10.6028/NIST.SP.1191 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Willie May, Under Secretary of Commerce for Standards and Technology and Director SFF15_CH00_FM_i_xxii.indd 1 6/1/15 8:59 AM Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. The content of this report represents the contributions of the chapter authors, and does not necessarily represent the opinion of NIST or the Fire Protection Research Foundation. National Institute of Standards and Technology Special Publication 1191 Natl. Inst. Stand. Technol. Spec. Publ. 1191, 246 pages (MAY 2015) This publication is available
    [Show full text]
  • Fires in Residential and Commercial Townhouses and Rowhouses Third Edition
    FIRE AND RESCUE DEPARTMENTS OF NORTHERN VIRGINIA FIREFIGHTING AND EMERGENCY OPERATIONS MANUAL Fires in Residential and Commercial Townhouses and Rowhouses Third Edition Issued: December 2002 Revised: June 2013 Fires in Townhouses/Rowhouses, Third Edition Final Version, June 2013 ACKNOWLEDGEMENTS Fires in Residential and Commercial Townhouses and Rowhouses, Third Edition was developed through a cooperative effort of the following Northern Virginia fire departments: . City of Alexandria . Loudoun County . Arlington County . City of Manassas . City of Fairfax . Marine Corps Base Quantico . Fairfax County . Metropolitan Washington Airports . Fauquier County Authority (MWAA) . Fort Belvoir . Prince William County . Fort Myer . Stafford County The Northern Virginia Fire Operations Board managed the development of the first edition of the manual (released in 2002) and the second edition of the manual (released in 2009). The third edition was overseen by the Northern Virginia Fire Operations Board and the content was developed by a special group of subject matter experts: City of Alexandria: Lieutenant Dave Bogozi, Lieutenant Matthew Craig City of Manassas: Battalion Chief Mark Nary Arlington County: Captain David Santini, Captain Nick Krechting Fairfax City: Captain Joseph Schumacher, Captain Gregory Thuot Fairfax County: Battalion Chief Tyrone Harrington, Captain David Barlow, Captain Dan Shaw, Master Technician Matthew Tamillow Fort Belvoir: Lieutenant Kevin Good Fort Myer: Assistant Chief Bruce Surette, Captain William Long Loudoun County: Lieutenant Scott Lantz MWAA: Captain Chris Gavurnik, Captain Jason Graber Prince William County: Lieutenant Bryan Ross Stafford County: Lieutenant Brian Thompson The committee would like to thank the following individuals and organizations for their help in the development of this manual: AAW Publication Services: Andrea A.
    [Show full text]
  • Fires in Residential and Commercial Townhouses and Rowhouses, Second Edition Final Version, June 2009
    Fires in Residential and Commercial Townhouses and Rowhouses, Second Edition Final Version, June 2009 1 Fires in Residential and Commercial Townhouses and Rowhouses, Second Edition Final Version, June 2009 ACKNOWLEDGEMENTS The Fires in Residential and Commercial Townhouse and Rowhouses Manual, Second Edition, was developed through a cooperative effort of the following Northern Virginia fire departments: . Arlington County . City of Alexandria . City of Fairfax . Fairfax County . Fort Belvoir . Fort Myer . Metropolitan Washington Airports Authority . Prince William County The following committee members assisted in the development of the first edition of the manual (released in December 2002): City of Alexandria: Mark W. Dalton Arlington County: Jeffrey M. Liebold City of Fairfax: Joel A. Hendelman Fairfax County: Jeffrey B. Coffman, John J. Caussin, Michael A. Deli, Floyd L. Ellmore, John M. Gleske, Larry E. Jenkins, David G. Lange, Thomas J. Wealand Metropolitan Washington Airports Authority: Chris Larson The following Writing Group members managed the revisions creating the second edition of the manual: Dan Shaw, Fairfax County Fire and Rescue Department Joseph Schumacher, City of Fairfax Fire Department The following Fire Operations Board members assisted in the revision creating the second edition of the manual: City of Alexandria: Dwayne Bonnette Arlington County: Dale Smith, Donald Brown City of Fairfax: Andy Vita, Mark Ciarrocca Fairfax County: J.J. Walsh, Keith Johnson Fort Belvior: Richard Monroe Fort Myer: John Pine, Roger Rearden Loudoun County: Mike Nally, Scott Lantz Metropolitan Washington Airports Authority: Scott Chamberlin, Dominic Depaolis Prince William County: John Shifflett, Kevin Artone The committee would like to thank the following individuals and organizations for their help in the development of this manual: AAW Publication Services: Andrea A.
    [Show full text]