Network flow control equipment and security policy configuration method and device thereof

A technology of security policy and network traffic, applied in the field of network security, can solve the problems of difficult configuration and error-prone, and achieve the effect of reducing configuration difficulty, improving efficiency, and improving success rate

Active Publication Date: 2015-07-01
HUAWEI TECH CO LTD
View PDF5 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Usually, administrators manually configure and maintain security policies based on their own experience and user feedback, which is difficult to configure and error-prone

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network flow control equipment and security policy configuration method and device thereof
  • Network flow control equipment and security policy configuration method and device thereof
  • Network flow control equipment and security policy configuration method and device thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0068] figure 1 A flowchart showing a method for configuring a security policy on a network traffic control device according to an embodiment of the present invention. The network flow control device in the embodiment of the present invention includes, but is not limited to, network devices such as firewalls, routers, and intrusion detection devices. Such as figure 1 As shown, the method mainly includes:

[0069] Step S101, for the input data flow, identify the source, destination and application type of the data flow.

[0070] Wherein, the source indicates the user or user address that sends out the data stream, such as user A or the user's network protocol address (English: Internet Protocol Address, abbreviation: IP address); the destination of the data stream indicates the recipient of the The user address, server address, or public network address of the data flow, and the application type indicates which application data the data flow includes, for example, the appl...

Embodiment 2

[0097] Figure 7 A flowchart showing a method for configuring a security policy on a network traffic control device according to another embodiment of the present invention. Figure 7 Winning mark and figure 1 The same components have the same functions, and detailed descriptions of these components are omitted for brevity. Such as Figure 7 As shown, in a possible implementation, after step S101, the method further includes:

[0098] Step S701, judging whether triplet information matching the source, destination and application type of the data flow exists in the memory.

[0099] When it is determined that there is no triplet information matching the source, destination and application type of the data flow in the memory, execute step S102;

[0100] If it is determined that there is matching triplet information, the process ends.

[0101] Step S102, and figure 1 Step S102 is similar and will not be repeated here.

[0102] Step S702, storing the first source uptrackin...

Embodiment 3

[0125] Figure 10 A schematic structural diagram of an apparatus for configuring a security policy on a network traffic control device according to an embodiment of the present invention is shown. Such as Figure 10 As shown, the device 10 includes: an identification module 110 , a first traceback processing module 120 , and a generation module 130 .

[0126] The identification module 110 is configured to identify the source, destination and application type of the data flow for the input data flow, wherein the source represents the user or user address that sends the data flow, and the destination of the data flow Indicates the user address, server address or public network address receiving the data stream, and the application type indicates which application data is included in the data stream.

[0127] The first upward tracing processing module 120 is connected with the identification module 110, and is used to execute the first upward tracing processing based on the pre...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to a network flow control device, and security strategy configuration method and device thereof, the method comprising: identifying the source, destination and application type of an input data stream; conducting first back tracing based on a predetermined enterprise organizational structure to obtain a first source back trace point and a first destination back trace point; and generating a first security strategy, the source in the matching condition of the first security strategy being configured as the first source back trace point, the destination in the matching condition of the first security strategy being configured as the first destination back trace point, and the application in the matching condition of the first security strategy being configured as the application type of the data stream. The first back tracing is executed via the predetermined enterprise organizational structure to obtain the first source back trace point and the first destination back trace point so as to generate the first security strategy. The security strategy configuration method and device on a network flow control device in an embodiment of the present invention can automatically generate a security strategy, thus reducing the configuration difficulty of the security strategy, and improves the configuration success rate.

Description

technical field [0001] The invention relates to the field of network security, in particular to a network flow control device and a security policy configuration method and device thereof. Background technique [0002] Security policies are configured on network traffic control devices, such as network firewalls, security gateways, or intrusion detection devices, to forward data streams and perform content security inspections. Security policies often contain matching conditions and policy actions. Matching conditions refer to the judging conditions used to judge whether the data flow matches the security policy; Actions to execute, including permit and forbidden. [0003] The network traffic control device can identify the attributes of the data flow, and match the attributes of the data flow with the matching conditions of the security policy. If all matching conditions match, the traffic successfully matches the security policy. After the data flow matches the security...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L29/06H04L63/1441H04L2463/146H04L63/0227H04L63/104H04L63/20H04L67/535
Inventor 王祥光
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap