Firewall policy optimization method and device

A firewall policy and optimization method technology, applied in the field of network security, can solve the problems of heavy firewall policy workload, increase firewall load, and reduce firewall performance, so as to enhance readability and order, reduce workload, and reduce policy The effect of the item

Active Publication Date: 2016-09-21
SHANGHAI CTRIP COMMERCE CO LTD
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The technical problem to be solved by the present invention is how to overcome the defects in the prior art that the workload of firewall policy maintenance is heavy, repeated policies are easy to appear, the load of the firewall is increased and even the performance of the firewall is reduced, and a method and device for optimizing the firewall policy are provided.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall policy optimization method and device
  • Firewall policy optimization method and device
  • Firewall policy optimization method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0058] A method for optimizing firewall policies, such as figure 1 As shown, the optimization method includes:

[0059] Step 101, constructing a firewall policy information base (policy) and an application information base (application). Wherein, the firewall policy information library includes at least one firewall policy information, and the firewall policy information includes the source address (src), destination address (dst) and service information (service) of the firewall policy; the application information library includes At least one piece of application information, where the application information includes network segments corresponding to the application, and there may be one or more network segments corresponding to each application.

[0060] Step 102. Get the source address (src_i) and destination address (dst_i) in a piece of firewall policy information (policy_i) from the firewall policy information base. Wherein, the retrieved firewall policy information ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a firewall policy optimization method and device. The optimization method comprises the following steps: establishing a firewall policy information database and an application information database, wherein the firewall policy information database comprises at least one firewall policy information, and the application information database comprises at least one application information; and searching application information corresponding to the firewall policy information from the application information database, and adding the firewall policy information and the application information corresponding to the firewall policy information to an application policy information database. The method and device can overcome the defects that, in the prior art, firewall policy maintenance workload is heavy, policy repetition is easy to appear, firewall load increases and even firewall performance is reduced; and the firewall policy is subjected to centralized and unified management, and multiple policies are combined based on application, thereby reducing policy items, preventing policy repetition and reducing the possibility of reducing the firewall performance, and improving readability of the firewall policy.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to a method and device for optimizing a firewall policy. Background technique [0002] With the continuous development of Internet technology, the scale of online websites is getting larger and larger, and firewalls are widely used as a security barrier for websites. With the increase in the number of firewalls and security policy entries in the firewalls, the workload of security engineers increases exponentially. Since a large number of policies are manually added based on the needs at that time, the readability of firewall policies is getting worse and worse. The same application may involve multiple policies, and the same policy may involve multiple applications. Due to the chaos of firewall policies, the workload of firewall policy maintenance is doubled, and duplicate policies will inevitably appear, which increases the load of the firewall and even reduces the per...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/20
Inventor 吴善鹏雷兵朱志博
Owner SHANGHAI CTRIP COMMERCE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap