METHOD AND SYSTEM FOR DISTRIBUTING SECURITY POLICIES
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.
38 Citations
50 Claims
-
1-30. -30. (canceled)
-
31. A computer-readable storage medium containing instructions for controlling a computing device to distribute rules of security policies to enforcement engines executing on the computing device for enforcing the security policies, by a method comprising:
-
providing at the computing device enforcement engines that implement different layers of security enforcement; receiving and storing at the computing device security policies having rules, each rule having a rule type; under control of a firewall agent executing on the computing device, retrieving the stored security policies; and for rules of a retrieved security policy, identifying an enforcement engine to which a rule applies based on the rule type of the rule; and providing the rule to the identified enforcement engine; and under control of the enforcement engines executing on the computing device, storing the rules provided to the enforcement engine by the firewall agent; under control of a flow manager executing on the computing device, receiving a network event; identifying an enforcement engine that is responsible for enforcing its rules against the network event; and providing the network event to the identified enforcement engine; under control of the enforcement engines executing on the computing device, when a network event is provided to the enforcement engine, enforcing the rules provided to the enforcement engine by the firewall agent against the network event provided by the flow manager, wherein the firewall agent provides a mechanism for distributing the rules to multiple enforcement engines of the computing device, the flow manager distributes network events to enforcement engines, and each enforcement engine enforces its provided rules against the network events that it is provided. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
43. A computer-readable storage medium containing instructions for controlling a host computer system to distribute rules of security policies to enforcement engines for enforcing the security policies of the host computer system, comprising:
-
multiple enforcement engines that implement different layers of firewall security enforcement at the host computer system by receiving and enforcing rules of security policies; a firewall agent component that receives at the host computer system security policies having rules, each rule having a rule type, that identifies enforcement engines to which a rule applies based on the rule type of the rule and that provides the rule to the identified enforcement engine; and a flow manager component that intercepts network events and invokes an appropriate enforcement engine to enforce its rules against the network event wherein a mechanism is provided for distributing the rules to the layered enforcement engines of the host computer system. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50)
-
Specification