Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Strategy identification method and device

A technology for identifying methods and strategies, applied in the field of network security, can solve problems such as different analysis results, inconvenient security business management platform to coordinate the overall situation, and dependence

Inactive Publication Date: 2021-05-11
NEW H3C SECURITY TECH CO LTD
View PDF0 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] When configuring security policies for IPS and FW on the security business management platform, according to the requirements of different stages, it is necessary to preset a large number of security policies, that is, configure a large number of security policies on IPS or FW. There may be overlapping or mutual exclusion of functions among them, and administrators cannot visually observe which security policies are effective
[0004] Most of the current security policy analysis methods rely on security devices such as FW and IPS. The FW and IPS of each manufacturer only support simple redundant analysis functions, and all security policies need to be configured on the FW and IPS security devices for analysis. Not only is it too dependent on FW and IPS, but also the analysis results of each security device on security policies may be different, which is not convenient for the security business management platform to coordinate the overall situation
Moreover, the policy analysis function of each security device is relatively simple, and there are too few analysis rules to deeply detect security policies with complex configuration items.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Strategy identification method and device
  • Strategy identification method and device
  • Strategy identification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027]The exemplary embodiment will be described in detail herein, and examples thereof are shown in the drawings. The following description is related to the drawings, unless otherwise indicated, the same numbers in the drawings represent the same or similar elements. The embodiments described in the exemplary embodiments are not meant to all embodiments consistent with the present application. Instead, they are only examples of devices and methods consistent with some aspects of this application.

[0028]The terms used in this application are only for the purpose of describing particular embodiments, not to limit the invention. "One", "one", "one" and "" "as used in this application, are also intended to include most forms unless the context clearly represents other meanings. It should also be understood that the terms "and / or" as used herein refer to any or more possible combinations of one or more corresponding listing items.

[0029]It will be appreciated that various information m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a policy identification method and device, applied to a security service management platform, the security service management platform is used for managing security equipment, and the security service management platform is pre-configured with a plurality of security policies. The method comprises the steps that a security policy group is acquired, the security policy group comprises at least two security policies, and the priorities of the security policies in the security policy group are different; eliminating the security policies meeting the detection conditions of the unavailable policies from the security policy group to obtain a target security policy group; according to the quintuple information of each security policy in the target security policy group, judging whether any two security policies belong to an inclusion relationship or a mergeable relationship; if the two security policies belong to the inclusion relationship, identifying a redundant policy in the two security policies according to the priorities of the two security policies; and if the two security policies belong to the mergeable relationship, merging the two security policies. Therefore, redundant security policies can be effectively identified without depending on security equipment such as a firewall and the like.

Description

Technical field[0001]The present application relates to a network security technology, and in particular, a strategic identification method and a device.Background technique[0002]Security strategy is a control policy for deploying packets that meet specified conditions on the Intrusion Prevention System, IPS or firewall (Fire Wall, FW). The filtering conditions of the security policy are relevant conditions for the five-tuple of security policies. The five-tuple group of security policies include security domains, address groups, service groups, applications / application groups, time periods, etc. The specific packet is matched by specifying the filtering conditions of the five-component group, and this packet is processed according to the preset policy action.[0003]When configuring a security policy on the security business management platform, according to the needs of different phases, the preset of a large number of security policies are required to configure a large number of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0227H04L63/20
Inventor 鲍越
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products