Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Generalized network security policy templates for implementing similar network security policies across multiple networks

a network security policy and network security technology, applied in the field of automatic network security, can solve the problems of difficult and/or expensive installation and use high cost, and inconvenient maintenance of network security devices, and achieve the effect of efficiently updating the configuration of a large number of operating network security devices

Inactive Publication Date: 2005-01-27
BONN DAVID WAYNE +1
View PDF9 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

To generate a policy for a particular network from a template, the facility uses a profile of the network that maps the aliases occurring in the template to specific network elements within the network. For example, the network profile for a particular network maps the “MailHost” alias to a particular network element of the network having a particular network address. The facility preferably provides a user interface that makes it convenient for a user to generate network profiles.
The facility is especially well suited for use by Internet service providers and other organizations responsible for providing network security to a large number of networks, as it enables these organizations to configure the network security devices for additional networks at a very low cost. The facility also enables such organizations to efficiently update the configuration of a large number of operating network security devices by merely modifying and reapplying one or more templates.

Problems solved by technology

Unfortunately, in order to perform such functions, conventional network security devices generally must be configured manually, typically on-site at the location of the network.
Such configuration can be extremely time-consuming.
Also, because of the nature of typical configuration processes, they generally must be performed by a technical specialist whose time is both scarce and expensive.
These shortcomings of conventional network security device configuration processes tend to make the installation and use of a network security device difficult and / or expensive.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Generalized network security policy templates for implementing similar network security policies across multiple networks
  • Generalized network security policy templates for implementing similar network security policies across multiple networks
  • Generalized network security policy templates for implementing similar network security policies across multiple networks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

The present invention provides a software facility for implementing similar network security policies across multiple networks (“the facility”). Each network is a collection of network elements, including a network security device that protects the network by implementing a network security policy (hereinafter simply “policy”) within the network. While Firebox II network security devices provided by WatchGuard Technologies, Inc., of Seattle, Wash. are suggested for use with the facility, the facility preferably also operates with other network security devices available from other sources.

The policy implemented in a particular network comprises a set of rules for managing network traffic. These rules are specified in terms of specific network elements, such as user workstations, servers, routers, and printers, that perform certain functions, or “roles.” For example, a rule in a network security policy for a particular network may specify that all email traffic must flow through a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention is directed to a facility for adapting a network security policy model for use in a particular network. The facility retrieves the network security policy model, which comprises network security rules each specified with respect to one or more aliases. Each alias represents a role in a network for one or more network elements. The facility receives, for each alias included in the network security policy model, a list of one or more network elements in the network serving the role represented by the alias. The facility replaces each alias in the network security policy model with the received list of network security devices specified for the alias to produce a network security policy adapted for use in a network.

Description

TECHNICAL FIELD The present invention is directed to the field of automated network security. BACKGROUND OF THE INVENTION Network security devices provide various types of network security services to a network, such as a local area network connected to the Internet. For example, a network security device may perform access control and traffic monitoring and logging. Access control refers to the regulation of network traffic based upon its type, content, source, and / or destination. For example, access control services of a network security device can be employed to prevent email traffic from sources on the Internet from reaching computer systems inside the network other than a designated mail host computer system. Traffic monitoring and logging refers to observing network traffic, and storing important observations about the network traffic in a log. As an example, traffic monitoring and logging services of a network security device can be employed to log all unsuccessful attempts...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): H04L29/06
CPCH04L29/06H04L63/0263Y10S707/99939H04L63/1425H04L63/20H04L63/105H04L9/40
Inventor BONN, DAVID WAYNEMARVAIS, NICK TAKASKI
Owner BONN DAVID WAYNE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com