Automatically generating rules for connection security

US 20070016945A1
Filed: 07/15/2005
Published: 01/18/2007
Est. Priority Date: 07/15/2005
Status: Active Grant

First Claim

Patent Images

1. A method in a computer system for creating security policies for firewall policies and connection policies, the method comprising:

providing a user interface through which a user can specify security rules relating to firewall policy and connection policy; and

automatically generating firewall rules and connection rules from the specified security rules.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.

Citations

20 Claims

1. A method in a computer system for creating security policies for firewall policies and connection policies, the method comprising:
- providing a user interface through which a user can specify security rules relating to firewall policy and connection policy; and
  
  automatically generating firewall rules and connection rules from the specified security rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein a connection rule specifies behavior of the IP security protocol.
  - 3. The method of claim 1 wherein a connection rule specifies key exchange, data protection, and authentication associated with a connection.
  - 4. The method of claim 3 wherein data protection specifies encryption and integrity techniques.
  - 5. The method of claim 1 wherein a security rule specifies a condition and an action to take when the condition is satisfied and authentication and encryption behavior for data that satisfies the condition.
  - 6. The method of claim 1 wherein a firewall rule includes a condition and action to take when the condition is satisfied and the condition may be based on connection security information.
  - 7. The method of claim 1 wherein a user through the user interface can specify security suites for main mode and quick mode of an IP security protocol.
  - 8. The method of claim 7 wherein the security suites for main mode include an authentication method and a crypto suite.
  - 9. The method of claim 7 wherein the security suites for quick mode include a crypto suite.
  - 10. The method of claim 7 wherein a connection rule is automatically generated based on default security suites.

11. A computer-readable medium containing instructions for controlling a computer system to generate a connection rule, by a method comprising:
- establishing endpoint information for the connection rule based on local and remote address information of the security rule;
  
  establishing an action for the connection rule based on whether conditions of the security rule can be copied to the connection rule; and
  
  establishing connection security suites for the connection rule based on default security suites.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The computer-readable medium of claim 11 wherein the default security suites include main mode and quick mode an authentication method and a crypto suite.
  - 13. The computer-readable medium of claim 11 wherein the establishing of security suites is based on security suites already established for a connection rule with matching endpoint information.
  - 14. The computer-readable medium of claim 11 wherein when all conditions of the security rule can be copied, an action indicates to fail when a secure connection cannot be established.
  - 15. The computer-readable medium of claim 11 wherein when not all the conditions of the security rule can be copied, establishing an action that indicates to establish a non-secure connection when a secure connection cannot be established.
  - 16. The computer-readable medium of claim 11 wherein the establishing of endpoint information includes when a local address of the security rule is unspecified, setting the local endpoint information to indicate a local computing device.
  - 17. The computer-readable medium of claim 11 wherein the establishing of endpoint information includes when a remote address of the security rule is unspecified, setting the remote endpoint information to indicate any remote computing device.

18. A computer-readable medium containing a data structure that includes:
- a firewall action;
  
  conditions that include direction, local application, local service, local address, remote address, local port, and remote port; and
  
  connection security indicating security to be applied to a connection through which data that satisfies the conditions transits.
- View Dependent Claims (19, 20)
- - 19. The computer-readable medium of claim 18 wherein the connection security specifies authentication and encryption.
  - 20. The computer-readable medium of claim 18 further includes an authentication method and a crypto suite.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bahl, Pradeep, Yariv, Eran, Noy, Maksim, Carbaugh, Ian, Bassett, Charles, Koppolu, Lokesh, Wahlert, Sarah

Granted Patent

US 8,056,124 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0263 Rule management

H04L 63/20 for managing network securi...

Automatically generating rules for connection security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automatically generating rules for connection security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links