Method and system for distributing security policies
First Claim
1. A method in a computer system for distributing rules of security policies to enforcement engines for enforcing the security policies, the method comprising:
- providing at the computer system enforcement engines that implement different layers of security enforcement;
receiving and storing at the computer system security policies having rules, each rule having a rule type;
under control of a firewall agent executing on the computer system, retrieving the stored security policies; and
for rules of a retrieved security policy, identifying an enforcement engine to which a rule applies based on the rule type of the rule; and
providing the rule to the identified enforcement engine; and
under control of the enforcement engines, enforcing the rules provided to the enforcement engine by the firewall agent, wherein the firewall agent provides a mechanism for distributing the rules to multiple enforcement engines of the computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.
-
Citations
30 Claims
-
1. A method in a computer system for distributing rules of security policies to enforcement engines for enforcing the security policies, the method comprising:
-
providing at the computer system enforcement engines that implement different layers of security enforcement;
receiving and storing at the computer system security policies having rules, each rule having a rule type;
under control of a firewall agent executing on the computer system, retrieving the stored security policies; and
for rules of a retrieved security policy, identifying an enforcement engine to which a rule applies based on the rule type of the rule; and
providing the rule to the identified enforcement engine; and
under control of the enforcement engines, enforcing the rules provided to the enforcement engine by the firewall agent, wherein the firewall agent provides a mechanism for distributing the rules to multiple enforcement engines of the computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer system architecture for distributing security policies, the architecture comprising:
-
a policy server computer system for establishing security policies, the security policies having rules with rule types, and for providing the security policies to host computer systems for enforcement of the security policies at the host computer systems; and
multiple host computer systems that include;
enforcement engines for enforcing a type of security at the host computer system; and
a firewall agent that receives the security policies from the policy server computer system, identifies the enforcement engine to which the rules apply based on rule type and enforcement engine type, and provides the rules to the identified enforcement engines for enforcement of the security policies. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A host computer system for distributing rules of security policies to enforcement engines for enforcing the security policies of the host computer system, comprising:
-
multiple enforcement engines that implement different layers of firewall security enforcement at the host computer system by receiving and enforcing rules of security policies;
a component that receives at the host computer system security policies having rules, each rule having a rule type; and
a component that identifies enforcement engines to which a rule applies based on the rule type of the rule and that provides the rule to the identified security component;
wherein a mechanism is provided for distributing the rules to the layered enforcement engines of the host computer system. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A computer-readable medium containing instructions for controlling a host computer system to distribute security policies to enforcement engines for enforcing the security policies, by a method comprising:
-
receiving and storing at the host computer system security policies having rules, each rule having a rule type;
under control of a firewall agent executing on the host computer system, retrieving the stored security policies; and
for rules of a retrieved security policy, identifying an enforcement engine to which a rule applies based on the rule type of the rule; and
providing the rule to the identified enforcement engine; and
under control of the enforcement engines, enforcing the rules provided to the enforcement engines by the distribution component.
-
Specification