Firewall access control method of object-orientation mode

An access control, object-oriented technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as system congestion, firewall performance degradation, and system resource occupation, and achieve the effect of reducing the number and avoiding repeated calls.

Inactive Publication Date: 2009-06-10
HISENSE
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When the system is running at full capacity, the waste of time caused by the repeated implementation of control rules will cause a large amount of system resources to be occupied, which will directly lead to the performance degradation of the firewall and cause system congestion.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall access control method of object-orientation mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] In conjunction with the data structure and interrelationships shown in Figure 1, the firewall access control in the object-oriented manner is implemented in this way:

[0057] The first step is to classify the access control objects of the firewall.

[0058] Define each object to be controlled by the firewall, including source address, destination address, protocol and port number that constitute a certain service, time, etc. including,

[0059] (1), address class definition structure:

[0060] Type (mask_type), used to identify whether the following address is ip-ip or ip / mask structure;

[0061] reserved bit (reserve);

[0062] User group ID (group_id);

[0063] IP address, expressed as a single IP address (ip-ip), or a network segment (ip / mask);

[0064] (2), service class definition structure:

[0065] service group ID (ser_id);

[0066] Protocol content (protocol);

[0067] source port number (scount);

[0068] Destination port number (dcount);

[0069] s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

This invention provides a method for accessing and controlling firewall in a facing-object way, characterized in adopting facing-object way in core layer to actualize accessing and controlling, which can combine similar accessing and controlling rulers to achieve the result of reducing the number of rulers and improving integral performance when the system full-loaded. The method comprises the following steps: a, sorting the controlled object; b, transferring the sorted information to the system core layer via the interface function; c, allocating the accessing and controlling rulers faced to the object; d, transferring the allocating rules to the core layer via interface function; f, using the core layer to link the object mark in the allocating rule with the concrete information of the predefined object to access and control the firewall data.

Description

technical field [0001] The invention relates to a computer network firewall access control method, and the control method is based on object-oriented access control. Background technique [0002] The firewall in the existing computer network system generally adopts the LINUX operating system, and the implementation of firewall access control is based on a specific parameter in the TCP / IP protocol. For example, for a specific IP address, access protocol type, or a specific port, various data packets can be batch processed in the firewall core layer according to the above control parameters. [0003] At present, there are also firewalls that encapsulate the above-mentioned control parameters on the management level, and express them in an object-oriented manner on the application interface, such as defining the WWW service as TCP protocol + port 80. But in fact, in the core control layer, access control is still implemented directly for the above-mentioned control parameters....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L29/06
Inventor 文中领王锋权晓文
Owner HISENSE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap