VERIFICATION OF CORRECTNESS OF NETWORKING ASPECTS OF AN INFORMATION TECHNOLOGY SYSTEM
First Claim
1. A method for determining a firewall connectivity indication for a host network of an Information Technology (IT) structure of an IT system, said host network comprising a plurality of hosts including at least one server and at least one firewall, said hosts configured to be interconnected within the host network via interfaces comprised by said hosts, each server being a hardware server having at least one interface, each firewall being a hardware firewall having at least two interfaces, said host network connected to at least one interface of a communication network, said method comprising:
- determining whether the at least one firewall comprises at least one malconnected firewall, wherein a malconnected firewall is an isolated firewall or a cross-zone connected firewall, wherein an isolated firewall is a firewall that is not connected to the communication network, and wherein a cross-zone connected firewall is a firewall that is connected to the communication network by a first continuous path and a second continuous path such that the first and second continuous paths do not each comprise a same number of firewalls; and
determining the firewall connectivity indication from said determining whether the at least one firewall comprises at least one malconnected firewall, wherein the firewall connectivity indication indicates that the host network comprises at least one malconnected firewall or that the host network does not comprise at least one malconnected firewall; and
storing the firewall connectivity indication in a computer readable storage medium of a computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
Method and system for verifying correctness of networking aspects of an Information Technology (IT) system that includes a host network of hosts. The hosts include servers and firewalls. A firewall connectivity indication of whether the host network includes an isolated firewall or a cross-zone connected firewall is determined. Determining for each host whether the host is isolated from a communication network to which the IT system is connected determines whether isolated network segments exit within the host network. For each host determined to be isolated from the communication network, the method identifies all network segments of the host network to which each host is connected, determines the unique network segments of the identified network segments, and designates the unique network segments as a set of isolated network segments. The firewall connectivity indication and the set of isolated network segments are stored in a storage medium of a computer system.
72 Citations
37 Claims
-
1. A method for determining a firewall connectivity indication for a host network of an Information Technology (IT) structure of an IT system, said host network comprising a plurality of hosts including at least one server and at least one firewall, said hosts configured to be interconnected within the host network via interfaces comprised by said hosts, each server being a hardware server having at least one interface, each firewall being a hardware firewall having at least two interfaces, said host network connected to at least one interface of a communication network, said method comprising:
-
determining whether the at least one firewall comprises at least one malconnected firewall, wherein a malconnected firewall is an isolated firewall or a cross-zone connected firewall, wherein an isolated firewall is a firewall that is not connected to the communication network, and wherein a cross-zone connected firewall is a firewall that is connected to the communication network by a first continuous path and a second continuous path such that the first and second continuous paths do not each comprise a same number of firewalls; and
determining the firewall connectivity indication from said determining whether the at least one firewall comprises at least one malconnected firewall, wherein the firewall connectivity indication indicates that the host network comprises at least one malconnected firewall or that the host network does not comprise at least one malconnected firewall; and
storing the firewall connectivity indication in a computer readable storage medium of a computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in a computing system, wherein the code in combination with the computing system is configured to perform a method for determining a firewall connectivity indication for a host network of an Information Technology (IT) structure of an IT system, said host network comprising a plurality of hosts including at least one server and at least one firewall, said hosts configured to be interconnected within the host network via interfaces comprised by said hosts, each server being a hardware server having at least one interface, each firewall being a hardware firewall having at least two interfaces, said host network connected to at least one interface of a communication network, said method comprising:
-
determining whether the at least one firewall comprises at least one malconnected firewall, wherein a malconnected firewall is an isolated firewall or a cross-zone connected firewall, wherein an isolated firewall is a firewall that is not connected to the communication network, and wherein a cross-zone connected firewall is a firewall that is connected to the communication network by a first continuous path and a second continuous path such that the first and second continuous paths do not each comprise a same number of firewalls; and
determining the firewall connectivity indication from said determining whether the at least one firewall comprises at least one malconnected firewall, wherein the firewall connectivity indication indicates that the host network comprises at least one malconnected firewall or that the host network does not comprise at least one malconnected firewall; and
storing the firewall connectivity indication in a computer readable storage medium of a computer system. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27)
-
-
23. The process of claim 23, wherein the determined set of interfaces further includes each unlabeled interface of each server in each continuous path of the at least one continuous path wherein the different labels of the ordered set of different labels are color numbers, and wherein said displaying each labeled interface of each host comprises displaying each labeled interface of each host as colored with a color uniquely associated with the color number corresponding to its respective assigned label.
-
28. A method for determining whether one or more isolated network segments exit within a host network comprised by an Information Technology (IT) structure of an IT system, said host network comprising a plurality of hosts, said hosts configured to be interconnected within the host network via interfaces comprised by the hosts, each host having at least one interface, said host network configured to be connected to at least one interface of a communication network, said method comprising:
-
determining that at least one host of the plurality of hosts is isolated from the communication network, including determining for each host whether the host is isolated from the communication network;
for each host determined to be isolated from the communication network;
identifying all network segments of the host network to which said each host is connected, determining the unique network segments of the identified network segments, designating the unique network segments as a set of isolated network segments; and
storing the set of isolated network segments in a computer readable storage medium of a computer system. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification