METHOD AND SYSEM FOR UTILIZING AN EXPERT SYSTEM TO DETERMINE WHETHER TO ALTER A FIREWALL CONFIGURATION
First Claim
1. A computer-implemented method of utilizing an expert system to determine whether to alter a firewall configuration, said method comprising:
- receiving, by an expert system of a computing system, message flow data associated with a message packet that is blocked by a firewall based on a message flow not being permitted by one or more message flow rules, said message flow associated with said message flow data, and said message flow data including a source network associated with said message packet, a destination network associated with said message packet and a destination port associated with said message packet;
assigning, to said message flow data by said expert system, a plurality of risk values included in a predefined set of risk values, said assigning including associating each risk value of said plurality of risk values with said source network, said destination network, or said destination port;
determining, by said expert system, a total risk value associated with said message packet, said determining said total risk value including utilizing said plurality of risk values; and
generating, by said expert system, a proposal based on said total risk value, wherein said proposal is selected from the group consisting of a first proposal that a message flow rule that permits said message flow is to be added to said one or more message flow rules and a second proposal that said message flow rule that permits said message flow is not to be added to said one or more message flow rules.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for utilizing an expert system to determine whether to alter a firewall configuration. The expert system receives message flow data associated with a message packet blocked by a firewall. The packet is blocked based on an associated message flow not being permitted by a set of rules. The expert system assigns predefined risk values to the message flow data so that each risk value is associated with a source network, destination network or destination port included in the message flow data. The expert system utilizes the assigned risk values to determine a total risk value associated with the message packet. Finally, the expert system generates a proposal based on the total risk value. The proposal is a recommendation for or against adding to the set of rules a message flow rule that permits the message flow.
-
Citations
20 Claims
-
1. A computer-implemented method of utilizing an expert system to determine whether to alter a firewall configuration, said method comprising:
-
receiving, by an expert system of a computing system, message flow data associated with a message packet that is blocked by a firewall based on a message flow not being permitted by one or more message flow rules, said message flow associated with said message flow data, and said message flow data including a source network associated with said message packet, a destination network associated with said message packet and a destination port associated with said message packet; assigning, to said message flow data by said expert system, a plurality of risk values included in a predefined set of risk values, said assigning including associating each risk value of said plurality of risk values with said source network, said destination network, or said destination port; determining, by said expert system, a total risk value associated with said message packet, said determining said total risk value including utilizing said plurality of risk values; and generating, by said expert system, a proposal based on said total risk value, wherein said proposal is selected from the group consisting of a first proposal that a message flow rule that permits said message flow is to be added to said one or more message flow rules and a second proposal that said message flow rule that permits said message flow is not to be added to said one or more message flow rules. - View Dependent Claims (2, 3, 4, 5, 6, 20)
-
-
7. A computing system comprising a processor and a computer-readable memory unit coupled to said processor, said memory unit containing instructions that when executed by said processor implement a method of using an expert system to determine whether to alter a firewall configuration, said method comprising:
-
receiving, by an expert system of a computing system, message flow data associated with a message packet that is blocked by a firewall based on a message flow not being permitted by one or more message flow rules, said message flow associated with said message flow data, and said message flow data including a source network associated with said message packet, a destination network associated with said message packet and a destination port associated with said message packet; assigning, to said message flow data by said expert system, a plurality of risk values included in a predefined set of risk values, said assigning including associating each risk value of said plurality of risk values with said source network, said destination network, or said destination port; determining, by said expert system, a total risk value associated with said message packet, said determining said total risk value including utilizing said plurality of risk values; and generating, by said expert system, a proposal based on said total risk value, wherein said proposal is selected from the group consisting of a first proposal that a message flow rule that permits said message flow is to be added to said one or more message flow rules and a second proposal that said message flow rule that permits said message flow is not to be added to said one or more message flow rules. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product comprising a computer-usable medium including computer-usable program code for utilizing an expert system to determine whether to alter a firewall configuration, said computer program product comprising:
-
computer-usable code for receiving, by an expert system of a computing system, message flow data associated with a message packet that is blocked by a firewall based on a message flow not being permitted by one or more message flow rules, said message flow associated with said message flow data, and said message flow data including a source network associated with said message packet, a destination network associated with said message packet and a destination port associated with said message packet; computer-usable code for assigning, to said message flow data by said expert system, a plurality of risk values included in a predefined set of risk values, said computer-usable code for assigning including computer-usable code for associating each risk value of said plurality of risk values with said source network, said destination network, or said destination port; computer-usable code for determining, by said expert system, a total risk value associated with said message packet, said computer-usable code for determining said total risk value including computer-usable code for utilizing said plurality of risk values; and computer-usable code for generating, by said expert system, a proposal based on said total risk value, wherein said proposal is selected from the group consisting of a first proposal that a message flow rule that permits said message flow is to be added to said one or more message flow rules and a second proposal that said message flow rule that permits said message flow is not to be added to said one or more message flow rules. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A process for supporting computing infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in a computing system, wherein the code in combination with the computing system is capable of performing a method of utilizing an expert system to determine whether to alter a firewall configuration, said method comprising:
-
receiving, by an expert system of a computing system, message flow data associated with a message packet that is blocked by a firewall based on a message flow not being permitted by one or more message flow rules, said message flow associated with said message flow data, and said message flow data including a source network associated with said message packet, a destination network associated with said message packet and a destination port associated with said message packet; assigning, to said message flow data by said expert system, a plurality of risk values included in a predefined set of risk values, said assigning including associating each risk value of said plurality of risk values with said source network, said destination network, or said destination port; determining, by said expert system, a total risk value associated with said message packet, said determining said total risk value including utilizing said plurality of risk values; and generating, by said expert system, a proposal based on said total risk value, wherein said proposal is selected from the group consisting of a first proposal that a message flow rule that permits said message flow is to be added to said one or more message flow rules and a second proposal that said message flow rule that permits said message flow is not to be added to said one or more message flow rules.
-
Specification