Firewall protection improvement method and device, equipment and readable storage medium

A firewall and firewall policy technology, applied in digital transmission systems, data exchange networks, electrical components, etc., can solve problems such as heavy regular maintenance pressure, large number of policies, and reduced operating efficiency, so as to improve protection capabilities and solve configuration errors , the effect of improving work efficiency

Pending Publication Date: 2021-02-05
STATE GRID CORP OF CHINA +1
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] In daily work, firewall maintenance mainly includes the addition, modification, and deletion of policies. After receiving the operation ticket, the operation and maintenance personnel will make corresponding changes through the web firewall management tool according to the content of the ticket. During the operation and maintenance process, the keywords involved The section includes source address, destination address, source port, destination port, policy status, policy action, policy effective time period, etc., which are all modified by the operation and maintenance personnel according to the content of the ticket, and there is a certain probability of error. With the use of the firewall system, The policy table will also become more and more bloated, and the operating efficiency will decrease accordingly. It is necessary for the operation and maintenance personnel to optimize the firewall policy table on a regular basis; however, the screening process is challenging for the operation and maintenance personnel. Facing the following difficulties: 1) There are many policies, and there is a lot of pressure on regular maintenance; 2) There are many ways to represent IP addresses in the policy table, and it is difficult to intuitively judge the inclusion relationship between the two policy IP addresses; 3) Analysis tools provided by various firewall vendors Different, and most of them provide a simple search function, and the comprehensive analysis function is weak; therefore, it is necessary to provide a firewall protection improvement method that can replace manual periodic optimization of firewall policies, analyze firewall security policies, and actively provide policy optimization measures

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall protection improvement method and device, equipment and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0027] like figure 1 As shown, the firewall protection enhancement method, which includes:

[0028] Reconstruct firewall policies through data collection;

[0029] Categorize firewall policy methods;

[0030] Compare permissions to process firewall policies;

[0031] Build firewall policy lifecycle;

[0032] Filtering handles idle and duplicate policies.

[0033] Firewall protection lifting device, which includes:

[0034] The reconstruction module is used to reconstruct the firewall policy through data collection, that is, to simulate the management of the firewall through the terminal, and to collect and reconstruct the firewall policy through data decoding;

[0035] The classification module is used to classify the firewall policy method, that is, based on the firewall security protection object, to realize the classification and arrangement of the protection policy method with IP, protocol, application, etc. as the main body;

[0036] The comparison module is used to...

Embodiment 2

[0043] like figure 1 As shown, the firewall protection enhancement method, which includes:

[0044] Reconstruct firewall policies through data collection;

[0045] Categorize firewall policy methods;

[0046] Compare permissions to process firewall policies;

[0047] Build firewall policy lifecycle;

[0048] Filtering handles idle and duplicate policies.

[0049] The method of reconstructing the firewall policy through data collection includes: simulating the management of the firewall through the terminal, and collecting and reconstructing the firewall policy by means of data decoding.

[0050] The method for classifying firewall policies includes: based on the security protection objects of the firewall, the classification and sorting of protection policy methods with IP, protocol, application, etc. as the main body are realized.

[0051] The comparing and processing the authority of the firewall policy includes: based on the policy objects such as IP, protocol, port, e...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of firewall protection improvement, and particularly relates to a firewall protection improvement method and device, equipment and a readable storage medium. The firewall protection improvement method comprises the steps of reconstructing a firewall strategy through data acquisition, classifying firewall strategy methods, comparing and processing permissions of the firewall strategy, constructing a firewall strategy life cycle, and screening and processing idle and repeated strategies. The firewall protection improvement device comprises a reconstruction module for reconstructing a firewall strategy through data acquisition; a classification module for classifying firewall strategy methods; a comparison module for comparing and processing the permissions of the firewall strategy; a construction module for constructing a firewall strategy life cycle; and a screening module for screening and processing idle and repeated strategies. The computer equipment comprises a computer program which can run on the processor and is used for realizing the firewall protection improvement method. According to the method, the problems of firewall policy errors and policy table bloating are solved, and the firewall protection capability is improved.

Description

technical field [0001] The invention belongs to the technical field of firewall protection improvement, and in particular relates to a firewall protection improvement method, device, equipment and readable storage medium. Background technique [0002] In daily work, the maintenance work of the firewall mainly includes the addition, modification and deletion of policies. After receiving the operation ticket, the operation and maintenance personnel will make corresponding changes through the Web firewall management tool according to the content of the ticket. During the operation and maintenance process, the keywords involved The segment includes source address, destination address, source port, destination port, policy status, policy action, policy effective time period, etc., which are modified by operation and maintenance personnel according to the content of the ticket, and there is a certain probability of error. With the use of the firewall system, The policy table will ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/20H04L63/02H04L41/0823H04L41/0893
Inventor 李明明王瑞琦耿洁宇赵毅冯勇闫娇宋志勇李鹏孙睿贞胡碧波宋仁杰郭鹏翟玲玲潘巍赵博文胡健李春晖王方吴文韬杜予贺陈钊王志刚吴勇李威阙东阳谢杨米俊张昀沈雷候伟高小芳高慧王冰张东阳乔鸣鸣刘喜付刚方新利喻鹏
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap