An Optimization Method of Network Security Policy

A technology of network security and optimization method, which is applied in the field of network information security, can solve problems such as business importance screening, and achieve the effect of reasonable priority and guaranteed reliability

Active Publication Date: 2020-12-25
SICHUAN XW BANK CO LTD
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, prioritization is performed directly according to the hit rate of each network security policy, so that the network security policies with no hits for a long time can be screened out and cleaned up, but they are not screened according to the importance of the business, and it may be related to important business Related policies are cleaned up

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Optimization Method of Network Security Policy
  • An Optimization Method of Network Security Policy
  • An Optimization Method of Network Security Policy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0055] The following uses two firewalls to illustrate, and the scenario of multiple firewalls can be extended.

[0056]Assume that the network area under the jurisdiction of firewall F1 is 1.1.0.0 / 16, and the list of network security policies on it is as follows:

[0057]

[0058] The network area under the jurisdiction of firewall F2 is 1.2.0.0 / 16, and the list of network security policies on it is as follows:

[0059]

[0060] The smaller the policy priority, the higher the priority.

[0061] The following steps are performed periodically, and the specific period can be adjusted according to the actual application scenario.

[0062] Step 1. The network security policy optimization system obtains the network security policy information on it by calling the api interface of the firewall or pushes it to the network security policy optimization system by sending syslog from the firewall, and obtains the following list after preprocessing:

[0063]

[0064]

[0065]...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network security policy optimization method, which comprises the following steps of: A, enabling a network security policy optimization system to periodically receive a network security policy of each firewall, and preprocessing the network security policy to obtain policy information of each firewall; B, calculating the hit rate of a single strategy of each firewall according to the obtained strategy information; C, calculating a comprehensive score of a single strategy of each firewall according to the hit rate and the strategy importance of the strategy; D, calculating the final score of each firewall single strategy according to the comprehensive score of the strategy; and E, performing sorting according to the final score of each policy of the firewall, andadjusting and optimizing the policies according to the sorting. When the network security strategy is optimized, the strategy hit rate and the importance level of the strategy are comprehensively considered, and the strategy association relationship in the high-availability architecture is combined, so that the high-priority strategy is ensured to be high in hit rate and importance weighting, andthe priorities of related strategies are ensured through the association relationship.

Description

technical field [0001] The present invention relates to the technical field of network information security, and specifically relates to a method for optimizing network security policies. Background technique [0002] As the main means of network security prevention and protection, network security policy maintains network system security and protects network resources from illegal access. Various security policies cooperate with each other to protect the network. With the continuous information construction of enterprises, more and more network security policies are configured on security devices. On the one hand, too many network security policies may lead to performance bottlenecks of firewalls or other network security devices; on the other hand, many policies For a long time, there is no effective way to organize them because they have not been hit. Over time, a vicious circle has been formed. Redundant strategies accumulate more and more, but new network security stra...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06Q10/04G06Q10/06
CPCG06Q10/04G06Q10/06393H04L63/02H04L63/105H04L63/20
Inventor 杨雪皎吴博向上文
Owner SICHUAN XW BANK CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products