Method and apparatus for graphical presentation of firewall security policy
First Claim
1. A method for reporting a data flow in a firewall, said method comprising:
- generating and displaying a graphical representation of said firewall and a network coupled to said firewall;
displaying a number of an inbound port of said network; and
displaying an arrow adjacent to said port number pointing toward said network indicating that a communication is permitted to said port.
2 Assignments
0 Petitions
Accused Products
Abstract
A graphical representation of the firewall and a network coupled to the firewall is generated and displayed. A number of an inbound port of the network is displayed. An arrow adjacent to the port number pointing toward the network is displayed to indicate that a communication is permitted to the port. The port number and the arrow are located between an icon for the network and an icon for the firewall. A port number of a destination of a communication originating from the network is displayed. Also, another arrow adjacent to the destination port number pointing toward the firewall is displayed to indicate that a communication is permitted to the destination port number. The destination port number and the other arrow are located between an icon for the network and an icon for the firewall. A table including definitions of a plurality of rules is generated and displayed. Each of the definitions includes entries for a source IP address and destination IP address of a permitted but vulnerable data flow. The source IP address and destination IP address entries are color coded to indicate security levels of respective source and destination networks. Another table includes definitions of a misconfigured data flow, and entries for a source IP address and destination IP address of the misconfigured data flow. The source IP address and destination IP address are color coded to indicate security levels of respective source network and destination network.
-
Citations
29 Claims
-
1. A method for reporting a data flow in a firewall, said method comprising:
-
generating and displaying a graphical representation of said firewall and a network coupled to said firewall;
displaying a number of an inbound port of said network; and
displaying an arrow adjacent to said port number pointing toward said network indicating that a communication is permitted to said port. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for reporting a data flow in a firewall, said system comprising:
-
means for displaying a graphical representation of said firewall and a network coupled to said firewall;
means for displaying a number of an inbound port of said network; and
means for displaying an arrow adjacent to said port number pointing toward said network indicating that a communication is permitted to said port. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product for reporting a data flow in a firewall, said computer program product comprising:
-
a computer readable medium;
first program instructions to display a graphical representation of said firewall and a network coupled to said firewall;
second program instructions to display a number of an inbound port of said network; and
third program instructions to display an arrow adjacent to said port number pointing toward said network indicating that a communication is permitted to said port; and
whereinsaid first, second and third program instructions are recorded on said medium. - View Dependent Claims (12, 13, 14)
-
-
15. A computer program product as set forth in claim 111 further comprising fourth program instructions to display on or adjacent to said firewall a number of vulnerability and/or misconfiguration problems with said firewall;
- and wherein said fourth program instructions are recorded on said medium.
-
16. A method for reporting data flow vulnerabilities in a firewall, said method comprising:
generating and displaying a table including definitions of a plurality of rules, each of said definitions including an entry for a source IP address of a permitted but vulnerable data flow, an entry for a destination IP address of the permitted but vulnerable data flow, and an entry for a protocol or destination port of said permitted but vulnerable data flow; and
wherein the generating and displaying includes;
color coding said source IP address entry in said table to indicate a security level of a source network containing said source IP address; and
color coding said destination IP address entry in said displayed table to indicate a security level of a destination network containing said destination IP address. - View Dependent Claims (17, 18, 19)
-
20. A computer program product for reporting data flow vulnerabilities in a firewall, said computer program product comprising:
-
a computer readable medium;
first program instructions to generate and display a table including definitions of a plurality of rules, each of said definitions including an entry for a source IP address of a permitted but vulnerable data flow, an entry for a destination IP address of the permitted but vulnerable data flow, and an entry for a protocol or destination port of said permitted but vulnerable data flow; and
wherein said first program instructions include;
second program instructions to color code said source IP address entry in said table to indicate a security level of a source network containing said source IP address; and
third program instructions to color code said destination IP address entry in said displayed table to indicate a security level of a destination network containing said destination IP address; and
whereinsaid first, second and third program instructions are recorded on said medium.
-
-
21. A method for reporting data flow misconfigurations in a firewall, said method comprising:
generating and displaying a table including definitions of a plurality of rules, each of said definitions including an entry for a source IP address of a permitted but misconfigured data flow, an entry for a destination IP address of the permitted but misconfigured data flow, and an entry for a protocol or destination port of said permitted but misconfigured data flow, wherein the generating and displaying includes;
color coding said source IP address entry in said table to indicate a security level of a source network containing said source IP address; and
color coding said destination IP address entry in said table to indicate a security level of a destination network containing said destination IP address. - View Dependent Claims (22, 23, 24)
-
25. A computer program product for reporting data flow misconfigurations in a firewall, said computer program product comprising:
-
a computer readable medium;
first program instructions to generate and display a table including definitions of a plurality of rules, each of said definitions including an entry for a source IP address of a permitted but misconfigured data flow, an entry for a destination IP address of the permitted but misconfigured data flow, and an entry for a protocol or destination port of said permitted but misconfigured data flow, wherein said first program instructions include;
second program instructions to color code said source IP address entry in said table to indicate a security level of a source network containing said source IP address; and
third program instructions to color code said destination IP address entry in said table to indicate a security level of a destination network containing said destination IP address; and
whereinsaid first, second and third program instructions are recorded on said medium. - View Dependent Claims (26, 27, 28)
-
-
29. A method for reporting improper settings in a firewall, said method comprising:
generating and displaying a table including descriptions and security-risk severity ratings of a respective plurality of settings of said firewall, wherein some or all of said settings are improper, and wherein the generating and displaying includes;
color coding the security-risk ratings or descriptions of the improper settings to indicate respective security-risk severities of said improper settings.
Specification