Information security – Access control or authentication – Network
Reexamination Certificate
2006-12-05
2006-12-05
Song, Hosuk (Department: 2135)
Information security
Access control or authentication
Network
C709S225000, C726S003000, C726S006000
Reexamination Certificate
active
07146639
ABSTRACT:
A method and apparatus are disclosed for managing a firewall. The disclosed firewall manager facilitates the generation of a security policy for a particular network environment, and automatically generates the firewall-specific configuration files from the security policy simultaneously for multiple gateways. The security policy is separated from the vendor-specific rule syntax and semantics and from the actual network topology. Thus, the security administrator can focus on designing an appropriate policy without worrying about firewall rule complexity, rule ordering, and other low-level configuration issues. In addition, the administrator can maintain a consistent policy in the presence of intranet topology changes. The disclosed firewall manager utilizes a model definition language (MDL) and an associated parser to produce an entity relationship model. A model compiler translates the entity-relationship model into the appropriate firewall configuration files. The entity-relationship model provides a framework for representing both the firewall-independent security policy, and the network topology. The security policy is expressed in terms of “roles,” which are used to define network capabilities of sending and receiving services. A role may be assumed by different hosts or host-groups in the network. A visualization and debugging tool is provided to transform the firewall-specific configuration files into a graphical representation of the current policy on the actual topology, allowing the viability of a chosen policy to be evaluated. A role-group may be closed to prevent the inheritance of roles.
REFERENCES:
patent: 5826014 (1998-10-01), Coley et al.
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5913024 (1999-06-01), Green et al.
patent: 5918018 (1999-06-01), Gooderum et al.
patent: 5968176 (1999-10-01), Nessett et al.
patent: 6154775 (2000-11-01), Coss et al.
patent: 6175917 (2001-01-01), Arrow et al.
patent: 6182226 (2001-01-01), Reid et al.
patent: 6212558 (2001-04-01), Antur et al.
patent: 6219707 (2001-04-01), Gooderum et al.
patent: 6327618 (2001-12-01), Ahlstrom et al.
patent: 6332195 (2001-12-01), Green et al.
patent: 6484261 (2002-11-01), Wiegel
patent: 6539021 (2003-03-01), Kennelly et al.
patent: 0 658 837 (1995-06-01), None
patent: 02001237895 (2001-08-01), None
patent: WO 9854644 (1998-11-01), None
Grennan, Mark, “Firewalling and Proxy Server HOWTO”, Nov. 1996, wysiwyg://51/http://secinf.net/info/fw/howto/Firewall-HOWTO.html, Version 0.4.
Bartal et al, “Firmato: A Novel Firewall Management Toolkit,” May 1999, Security and Privacy , 1999. Proceedings of the 1999 IEEE Symposium.
J.D. Guttman, Filtering Postures: Local Enforcement for Global Policies, Proc 1999 IEEE Symp. on Security and Privacy (1997).
Bartal Yair
Mayer Alain Jules
Wool Avishai
Gyorfi Thomas
Lucent Technologies - Inc.
Song Hosuk
LandOfFree
Method and apparatus for managing a firewall does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for managing a firewall, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for managing a firewall will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3712634