Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Firewall configuration method based on service access data

A service access and configuration method technology, applied in the field of firewall configuration based on service access data, can solve problems such as difficult maintenance, large investment, and complicated firewall rules, and achieve the effects of accurate data, improved configuration time, and convenient operation.

Active Publication Date: 2019-03-19
科来网络技术股份有限公司
View PDF6 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] With the increasing development of network technology, the public network environment has become more and more complex, and the security situation has become increasingly severe. Various ransomware viruses have spread, and data security protection has become more and more important. The role of firewalls in the network is becoming more and more important. Important, but the rules of the firewall have become extremely complex and difficult to maintain, and the accuracy and real-time maintenance of the rules are also difficult to guarantee. Especially in a network environment with frequent application changes and complex application rules, it is necessary to configure correct firewall access rules Requires a lot of time and manpower

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall configuration method based on service access data
  • Firewall configuration method based on service access data
  • Firewall configuration method based on service access data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0024] As a most basic embodiment of the present invention, such as figure 1 , this embodiment discloses a firewall configuration method based on service access data, including a data collection step, an access rule locking step, and a firewall rule generation step;

[0025] The data collection step collects and extracts service access data including source IP, source port, destination IP, destination port, application and protocol in a plurality of network paths through network monitoring bypass mode, and collects and extracts service access data according to source IP, source port, Classify the type of destination IP, destination port and protocol, and create a table or graph;

[0026] In the access rule locking step, the normal service access data in the service access data collected for the first time in the collection step is locked into access rule data, and the service access data collected each time in the collection step is compared with the previous service access da...

Embodiment 2

[0030] As a preferred embodiment of the present invention, such as figure 1 , this embodiment discloses a firewall configuration method based on service access data, including a data collection step, an access rule locking step, and a firewall rule generation step;

[0031] The data collection steps, such as figure 2 , the network traffic is mirrored through the switch mirroring function without affecting the normal business operation, the data of a single or multiple switches is mirrored and connected to the data collection port of the collection server, and through the analysis of the traffic data and identification of the application and protocol, all The above service access data, and extract the service access data including source IP, source port, destination IP, destination port, application and protocol in multiple network paths, such as image 3 , and classify according to the source IP, source port, destination IP, destination port and protocol type, and create a t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a firewall policy configuration method based on service access data, and belongs to the technical field of data analysis application. The method includes steps: acquiring, extracting and classifying service access data including source IPs, source ports, target IPS, target ports, applications and protocols in multiple network paths through a network monitoring bypass mode;locking the normal service access data in the service access data obtained by first acquisition in the acquisition step as access rule data, comparing the service access data obtained by each subsequent acquisition in the acquisition step with the previously acquired and locked normal service access data, and locking the subsequently acquired data as access rule data; and when an access rule is issued to a firewall, firstly inquiring the access rule data locked in the access rule locking step, generating a forbidding rule of a firewall, and then issuing the forbidding rule of the firewall to the firewall.

Description

technical field [0001] The invention belongs to the field of data quantitative analysis application technology, and in particular relates to a firewall configuration method based on service access data. Background technique [0002] With the increasing development of network technology, the public network environment has become more and more complex, and the security situation has become increasingly severe. Various ransomware viruses have spread, and data security protection has become more and more important. The role of firewalls in the network is becoming more and more important. Important, but the rules of the firewall have become extremely complex and difficult to maintain, and the accuracy and real-time maintenance of the rules are also difficult to guarantee. Especially in a network environment with frequent application changes and complex application rules, it is necessary to configure correct firewall access rules It takes a lot of time and manpower. [0003] For ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/0893H04L63/0236H04L63/0263
Inventor 林康罗鹰江克飞王翔武利磊
Owner 科来网络技术股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com