Method and apparatus for enforcing network security policies
First Claim
1. A system for establishing a security policy for a network, comprising:
- a network;
a first machine-accessible file representing a network-wide security policy on the network;
first and second security tools connected to the network; and
a translator operative to translate the first machine-accessible file into second and third machine-accessible files for the first and second security tools, respectively.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention is a system and method for applying a uniform network security policy. The security policy is described using a computer-readable file. The computer-readable file may be filtered and/or translated into other files that may be used as inputs to security devices. An example of one such security device is a remote system security controller, which is responsible for ensuring that remote devices outside the corporate network enforce the corporate security policy. In addition, the system is capable of updating the security policy of all network components based on feedback received from one or more devices.
-
Citations
37 Claims
-
1. A system for establishing a security policy for a network, comprising:
-
a network;
a first machine-accessible file representing a network-wide security policy on the network;
first and second security tools connected to the network; and
a translator operative to translate the first machine-accessible file into second and third machine-accessible files for the first and second security tools, respectively. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for establishing a security policy for a network, comprising:
-
a network;
a first machine-accessible file representing a network-wide security policy on the network;
a proxy server connected to the network;
a firewall connected to the network;
an intrusion detection system connected to the network; and
a translator operative to translate the first machine-accessible file into second, third, and fourth machine-accessible files for the proxy server, firewall, and instruction detection system, respectively. - View Dependent Claims (7, 8)
-
-
9. An apparatus for establishing a security policy for a network, comprising:
-
a first machine-accessible file representing a network-wide security policy on the network;
a translator operative to translate the first machine-accessible file into second and third machine-accessible files for use with first and second security tools, respectively; and
a machine operative to access the first machine-accessible file, to use the translator to produce the second and third machine-accessible files, and to use the second and third machine-accessible files to operate the first and second security tools. - View Dependent Claims (10, 11)
-
-
12. A method for enforcing security policy on a network, comprising:
-
generating a first machine-accessible file representing a network-wide security policy on a network;
translating the first machine-accessible file into second and third machine-accessible files for first and second security tools, respectively; and
applying the second and third machine-accessible files to the first and second security tools. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. An article comprising a machine-accessible medium having associated data that, when accessed, results in a machine:
-
generating a first machine-accessible file representing a network-wide security policy on a network;
translating the first machine-accessible file into second and third machine-accessible files for first and second security tools, respectively; and
applying the second and third machine-accessible files to the first and second security tools. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification