Method and apparatus for automatic risk assessment of a firewall configuration
First Claim
1. A method for parsing a firewall analysis report of a firewall configuration, flagging the risk items, and producing a risk assessment, said method comprising of the following steps:
- a. Converting the firewall analysis report into a searchable report format. b. Searching for each possible risk item in said Converted Report to produce a List-of-Risks. c. Customizing the List-of-Risks d. Displaying the Customized List-of-Risks
1 Assignment
0 Petitions
Accused Products
Abstract
Generally, a method and apparatus are disclosed for Automatic Risk Assessment of a Firewall Configuration. The disclosed invention facilitates the automatic generation of a risk assessment of a given firewall configuration. The prior work of [Mayer et al; 2000, Mayer et al; 2005] and [Wool; 2001] teaches how to analyze Firewall Configurations and produce HTML-based Firewall Analyzer Reports. However, the said Reports produced by the methods of [Mayer et al; 2000, Mayer et al; 2005] are voluminous, and do not identify or rate the risks present within the Firewall Configuration. In the current state of the art, a Firewall administrator or auditor needs to navigate through the Firewall Analyzer Report, and use his or her expertise to identify any Configuration mistakes or badly written rules. The current invention automates this manual process. The method is to let a software module, (the “ADVISOR” module) go over the report, before the human user does, and flag the Configuration errors. Each found mis-configuration is called a risk item. According to a further aspect of the present invention, the ADVISOR module utilizes a Knowledge Base of known risk items. The method may be reduced to practice in the form of a software program that can be executed on a standard personal computer with a standard operating system. A preferred embodiment is an Intel x86—based PC running the RedHat Linux operating system.
-
Citations
12 Claims
-
1. A method for parsing a firewall analysis report of a firewall configuration, flagging the risk items, and producing a risk assessment, said method comprising of the following steps:
-
a. Converting the firewall analysis report into a searchable report format. b. Searching for each possible risk item in said Converted Report to produce a List-of-Risks. c. Customizing the List-of-Risks d. Displaying the Customized List-of-Risks - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for parsing a firewall analysis report of a firewall configuration, flagging the risk items, and producing a risk assessment, comprising:
- a memory for storing computer-readable code; and
a processor operatively coupled to said memory, said processor configured to execute said computer-readable code, said computer-readable code configuring said processor to;
convert the firewall analysis report into a searchable report format;
searching for each possible risk item in said Converted Report to produce a List-of-Risks;
Customizing the List-of-Risks; and
Displaying the Customized List-of-Risks.
- a memory for storing computer-readable code; and
Specification