Methods, network services, and computer program products for dynamically assigning users to firewall policy groups
First Claim
1. A method of dynamically assigning a computer network user to one of a plurality of firewall policy groups, wherein each firewall policy group has rules that control whether to block or allow communications through firewalls on the computer network, wherein the firewall policy groups are arranged in a hierarchical structure having a plurality of levels, and wherein the levels are arranged such that rules within the firewall policy groups are different at each level, the method comprising:
- assigning a user to a first firewall policy group in the hierarchical structure;
monitoring user activity on the computer network; and
assigning the user to a second, different firewall policy group automatically if monitored user activity indicates that a change in detail level of rules is necessary.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, network services, and computer program products that dynamically assign computer network users to firewall policy groups are provided. A user is assigned to a first firewall policy group, and user activity on the computer network is monitored. The user is assigned to a second, different firewall policy group automatically if monitored user activity indicates that a change in detail level of rules is necessary. Each firewall policy group has rules that control whether to block or allow communications through firewalls on the computer network. The firewall policy groups are arranged in a hierarchical structure having a plurality of levels that are arranged such that rules within the firewall policy groups are different at each level. A user may be assigned to a different firewall policy group that is below, above, or at the same level as the initial firewall policy group.
95 Citations
20 Claims
-
1. A method of dynamically assigning a computer network user to one of a plurality of firewall policy groups, wherein each firewall policy group has rules that control whether to block or allow communications through firewalls on the computer network, wherein the firewall policy groups are arranged in a hierarchical structure having a plurality of levels, and wherein the levels are arranged such that rules within the firewall policy groups are different at each level, the method comprising:
-
assigning a user to a first firewall policy group in the hierarchical structure; monitoring user activity on the computer network; and assigning the user to a second, different firewall policy group automatically if monitored user activity indicates that a change in detail level of rules is necessary. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 20)
-
-
12. A network service that dynamically assigns a computer network user to one of a plurality of firewall policy groups, wherein each firewall policy group has rules that control whether to block or allow communications through firewalls on the computer network, wherein the firewall policy groups are arranged in a hierarchical structure having a plurality of levels, and wherein the levels are arranged such that rules within the firewall policy groups are different at each level, comprising:
-
means for assigning a user to a first firewall policy group in the hierarchical structure; means for monitoring user activity on the computer network; and means for assigning the user to a second, different firewall policy group automatically if monitored user activity indicates that a change in detail level of rules is necessary, wherein the second firewall policy group is at a level below or above the first firewall policy group level. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification