Information security – Access control or authentication – Network
Reexamination Certificate
2006-08-15
2006-08-15
Louis-Jacques, Jacques H. (Department: 2134)
Information security
Access control or authentication
Network
C726S012000, C709S242000
Reexamination Certificate
active
07093283
ABSTRACT:
A method and apparatus for deploying configuration instructions to security devices in order to implement a security policy on a network are disclosed. An address translation alteration performed on packets communicated between a management source and a plurality of security devices, resulting from implementation of a proposed new network security policy, is detected. One or more sets of security devices are identified that would each have one or more configuration dependencies as a result of the address translation alteration. Configuration instructions are sent from the management source to each of the one or more sets of security devices using an order determined by the identified configuration dependencies. The configuration instructions are used to implement the security policy on the network. As a result, firewalls and similar devices are properly configured for a new policy without inadvertently causing traffic blockages arising from configuration dependencies.
REFERENCES:
patent: 6678827 (2004-01-01), Rothermel et al.
patent: 6678835 (2004-01-01), Shah et al.
K. Egevang, et al., Network Working Group, Request for Comments: 1631, Category: Informational, “The IP Network Address Translator (NAT),” [online], May 1994,[retrieved on Mar. 7, 2005]. Retrieved from the internet: <URL: http://www.ietf.org/rfc1631.txt> pp. 1-10.
P. Srisuresh, et al., Network Working Group, Request for Comments: 3022, Obsoletes: 1631, Category: Informational, “Traditional IP Network Address Translator (Traditional NAT),”[online] Jan. 2001, [retrieved on Mar. 7, 2005]. Retrieved from the internet: <URL http://ww.ietf.org/rfc/rfc3022.txt> pp. 1-15.
R. Atkinson, et al., Network Working Group, Request for Comments: 1825, Category: Standards Track, “Security architecture for the Internet Protocol,” [online] Aug. 1995, [retrieved on Mar. 7, 2005] Retrieved from the internet:<URL http://www.ietf.org/rfc/rfc1825.txt>, pp. 1-21.
S. Kent, et al., BBN Corp., Network Working Group, Request for Comments: 2401, Obsoletes: 1825, Category: Standards Track, “Security Architecture for the Internet Protocol, [online] Nov. 1998, [retrieved on Mar. 7, 2005]” Retrieved from the internet: <URL http://www.ietf.org/rfc/rfc2401.txt> pp. 1-58.
Bhattacharya Partha
Chen Shigang
Cisco Technology Inc.
Hickman Palermo & Truong & Becker LLP
Louis-Jacques Jacques H.
Tran Ellen C
LandOfFree
Method and apparatus for deploying configuration... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for deploying configuration..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for deploying configuration... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3708620