System and method for implementing a bubble policy to achieve host and network security
First Claim
1. In a network security system having a plurality of bubbles, where each bubble has a bubble and a plurality of bubble partitions, a method of creating a structured access list template, the method comprising:
- dividing a first access list template into a plurality of sections, where each section includes rules that implement a function;
creating an inbound local rule group for the bubble;
creating an outbound local rule group for the bubble;
creating an inbound remote rule group for the bubble; and
creating an outbound remote rule group for the bubble.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of creating a structured access list template, which includes dividing an access list template into a plurality of sections, creating an inbound local rule group for the bubble, creating an outbound local rule group for the bubble, creating an inbound remote rule group for the bubble, and creating an outbound remote rule group for the bubble. A method of creating an access list for each of the plurality of bubble boundary devices, which includes creating an address table that includes a plurality of addresses corresponding to devices in a bubble partition, creating a protocol table that includes a list of network services and whether each of the network services are granted or denied access to the bubble partition, creating an access list template using the address table and the protocol table, generating an access list from the access list template, and providing the access list to one of the plurality of bubble boundary devices.
-
Citations
26 Claims
-
1. In a network security system having a plurality of bubbles, where each bubble has a bubble and a plurality of bubble partitions, a method of creating a structured access list template, the method comprising:
-
dividing a first access list template into a plurality of sections, where each section includes rules that implement a function;
creating an inbound local rule group for the bubble;
creating an outbound local rule group for the bubble;
creating an inbound remote rule group for the bubble; and
creating an outbound remote rule group for the bubble. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a network having a plurality of bubbles, a method of creating a uniform network security policy, comprising:
-
determining the number of levels of host security policy for the network;
determining the number of levels of network security policies for the network;
determining a minimum standard for each level of host security policy and network security policy; and
assigning each of the plurality of bubbles a host level and a network level that satisfies the minimum standard. - View Dependent Claims (10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
15. In a network security system having a plurality of bubbles where each bubble has a plurality of bubble partitions, a plurality of bubble boundary devices configured to connect the plurality of bubble partitions, and a bubble registry configured to connect to the plurality of bubble boundary devices, a method of configuring each of the plurality of bubble boundary devices, comprising:
-
creating an address table that includes a plurality of addresses corresponding to devices in a bubble partition;
creating a protocol table that includes a list of network services and whether each of the network services are granted or denied access to the bubble partition;
creating an access list template using the address table and the protocol table;
using the bubble registry, generating an access list from the access list template; and
providing the access list to one of the plurality of bubble boundary devices.
-
Specification