Method and device for configuring a firewall in a computer system
First Claim
1. Method for configuring a firewall (1) in a computer system (2) comprising objects (3), the objects (3) for which an access control policy is established being called resources (4), characterized in that it groups the objects (3) of the system into protection domains (5, 6), each firewall (1) ensuring the protection of an internal domain (5) relative to an external domain (6), and applies to the firewall in question a rule for controlling access between a source resource (4) and a destination resource only if said source and destination resources belong to the same protection domain (5) or (6).
5 Assignments
0 Petitions
Accused Products
Abstract
A method and device for configuring a firewall in a computer system employing a rule for controlling access between a source resource and a destination resource only if said source and destination resources belong to the same protection domain.
-
Citations
10 Claims
- 1. Method for configuring a firewall (1) in a computer system (2) comprising objects (3), the objects (3) for which an access control policy is established being called resources (4), characterized in that it groups the objects (3) of the system into protection domains (5, 6), each firewall (1) ensuring the protection of an internal domain (5) relative to an external domain (6), and applies to the firewall in question a rule for controlling access between a source resource (4) and a destination resource only if said source and destination resources belong to the same protection domain (5) or (6).
- 7. Device for configuring a firewall (1) in a computer system (2) comprising objects (3), the objects (3) for which an access control policy is established being called resources (4), characterized in that it comprises a central configuration machine (14) that makes it possible to group the objects (3) of the system into protection domains, each firewall (1) ensuring the protection of an internal domain (5) relative to an external domain (6), and to apply to the firewall in question a rule for controlling access between a source resource (4) and a destination resource only if said source and destination resources belong to the same protection domain (5) or (6).
Specification