The management of services and operations in today's organizations are - coming increasingly dependent on their enterprise local area network (enterprise LAN). An enterprise LAN consists of a set of network zones (logical group of networkelements)correspondingto di?erent departments orsections,connected through various interface switches (typically, Layer-3 switches). The network service accesses between these zones and also with the external network (e. g. , Internet) are governed by a global network security policy of the organization. This global policy is de?ned as a collection of service access rules across various network zones where the services referred network applications conforming to TCP/IP protocol. For example, some of the known network services aressh, t- net,http etc. In reality, the security policy may be incompletely speci?ed; which explicitly states the "permit" and "deny" access rules between speci?c network zones keeping remaining service access paths as unspeci?ed. The global security policy is realized in the network by con?guring the n- work interfaces with appropriate sets of access control rules (ACLs). One of the major challenges in network security management is ensuring the conformation of the distributed security implementations with the global security policy. XV, 327 p.