Unlock instant, AI-driven research and patent intelligence for your innovation.

Network flow control equipment and its security policy configuration method and device

A security policy and network traffic technology, applied in the field of network security, can solve the problems of difficult configuration and error-prone, and achieve the effect of reducing configuration difficulty, improving efficiency, and preventing repeated entry into the process.

Active Publication Date: 2018-03-09
四川华鲲振宇智能科技有限责任公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Usually, administrators manually configure and maintain security policies based on their own experience and user feedback, which is difficult to configure and error-prone

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network flow control equipment and its security policy configuration method and device
  • Network flow control equipment and its security policy configuration method and device
  • Network flow control equipment and its security policy configuration method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0068] figure 1 A flowchart showing a method for configuring a security policy on a network traffic control device according to an embodiment of the present invention. The network flow control device in the embodiment of the present invention includes, but is not limited to, network devices such as firewalls, routers, and intrusion detection devices. Such as figure 1 As shown, the method mainly includes:

[0069] Step S101, for the input data flow, identify the source, destination and application type of the data flow.

[0070] Wherein, the source indicates the user or user address that sends out the data stream, such as user A or the user's network protocol address (English: Internet Protocol Address, abbreviation: IP address); the destination of the data stream indicates the recipient of the The user address, server address, or public network address of the data flow, and the application type indicates which application data the data flow includes, for example, the appl...

Embodiment 2

[0097] Figure 7 A flowchart showing a method for configuring a security policy on a network traffic control device according to another embodiment of the present invention. Figure 7 Winning mark and figure 1 The same components have the same functions, and detailed descriptions of these components are omitted for brevity. Such as Figure 7 As shown, in a possible implementation, after step S101, the method further includes:

[0098] Step S701, judging whether triplet information matching the source, destination and application type of the data flow exists in the memory.

[0099] When it is determined that there is no triplet information matching the source, destination and application type of the data flow in the memory, execute step S102;

[0100] If it is determined that there is matching triplet information, the process ends.

[0101] Step S102, and figure 1 Step S102 is similar and will not be repeated here.

[0102] Step S702, storing the first source uptrackin...

Embodiment 3

[0125] Figure 10 A schematic structural diagram of an apparatus for configuring a security policy on a network traffic control device according to an embodiment of the present invention is shown. Such as Figure 10 As shown, the device 10 includes: an identification module 110 , a first traceback processing module 120 , and a generation module 130 .

[0126] The identification module 110 is configured to identify the source, destination and application type of the data flow for the input data flow, wherein the source represents the user or user address that sends the data flow, and the destination of the data flow Indicates the user address, server address or public network address receiving the data stream, and the application type indicates which application data is included in the data stream.

[0127] The first upward tracing processing module 120 is connected with the identification module 110, and is used to execute the first upward tracing processing based on the pre...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application relates to a network flow control device and its security policy configuration method and device. The method includes: identifying the source, destination and application type of the input data flow, and performing the first traceback based on the predetermined enterprise organization structure. Process to obtain the first source uptrace point and the first destination uptrace point, generate the first security policy, the source in the matching condition of the first security policy is configured as the first source uptrace point, and the matching condition of the first security policy The destination is configured as the first destination upstream point, and the application in the matching condition of the first security policy is configured as the application type of the data flow. By performing the first upward tracing process based on the predetermined enterprise organizational structure to obtain the first source upward tracing point and the first destination upward tracing point, and generate the first security policy, the security policy configuration method and device on the network traffic control device according to the embodiment of the present invention It can automatically generate security policies, reduce the difficulty of configuring security policies, and improve the success rate of configuration.

Description

technical field [0001] The invention relates to the field of network security, in particular to a network flow control device and a security policy configuration method and device thereof. Background technique [0002] Security policies are configured on network traffic control devices, such as network firewalls, security gateways, or intrusion detection devices, to forward data streams and perform content security inspections. Security policies often contain matching conditions and policy actions. Matching conditions refer to the judging conditions used to judge whether the data flow matches the security policy; Actions to execute, including permit and forbidden. [0003] The network traffic control device can identify the attributes of the data flow, and match the attributes of the data flow with the matching conditions of the security policy. If all matching conditions match, the traffic successfully matches the security policy. After the data flow matches the security...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1441H04L2463/146H04L63/0227H04L63/104H04L63/20H04L67/535
Inventor 王祥光
Owner 四川华鲲振宇智能科技有限责任公司