METHOD AND APPARATUS FOR AUTOMATIC RISK ASSESSMENT OF A FIREWALL CONFIGURATION
First Claim
Patent Images
1. A computer implemented method of detecting firewall mis-configurations of a firewall operatively associated with a computer network, the method comprising:
- receiving a firewall configuration report exhibiting relationships between any potential packet received by the firewall and a corresponding action taken by the firewall in response, wherein the report is achieved by algorithmically simulating all potential packet receipts on an internal model of the firewall;
converting the firewall configuration report into a computer searchable file enabling detection of firewall mis-configurations;
detecting firewall mis-configurations by searching the computer searchable file for mis-configurations in view of a predefined knowledge base exhibiting risk items associated with corresponding firewall mis-configurations; and
customizing the detected firewall mis-configurations according to the knowledge base and the firewall configuration report thereby producing a list of risks associated with the firewall;
eliminating redundancy of reported risks by defining a suppression code for each risk associated with at least one second risk where the rules of the second risk logically contains the rules of the first risk, wherein the reported risks which have same number of triggering rules as the corresponding second risk defined by suppression code of the first risk, are suppressedwherein the computer searchable file obeys a particular predefined schema indicating relationships between objects exhibited on tables in the report; and
wherein the searched mis-configurations are in a particular predefined search expression format that corresponds with the particular predefined schema;
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for Automatic Risk Assessment of a Firewall Configuration facilitates the automatic generation of a risk assessment of a given firewall configuration. The method scans the firewall analyzer report, before the human user does, and flag the Configuration errors. Each found mis-configuration is called a risk item. The report is analyzed according a Knowledge Base of known risk items. The method further filters duplicate risk item which are trigger by different rules
-
Citations
13 Claims
-
1. A computer implemented method of detecting firewall mis-configurations of a firewall operatively associated with a computer network, the method comprising:
-
receiving a firewall configuration report exhibiting relationships between any potential packet received by the firewall and a corresponding action taken by the firewall in response, wherein the report is achieved by algorithmically simulating all potential packet receipts on an internal model of the firewall; converting the firewall configuration report into a computer searchable file enabling detection of firewall mis-configurations;
detecting firewall mis-configurations by searching the computer searchable file for mis-configurations in view of a predefined knowledge base exhibiting risk items associated with corresponding firewall mis-configurations; and
customizing the detected firewall mis-configurations according to the knowledge base and the firewall configuration report thereby producing a list of risks associated with the firewall;eliminating redundancy of reported risks by defining a suppression code for each risk associated with at least one second risk where the rules of the second risk logically contains the rules of the first risk, wherein the reported risks which have same number of triggering rules as the corresponding second risk defined by suppression code of the first risk, are suppressed wherein the computer searchable file obeys a particular predefined schema indicating relationships between objects exhibited on tables in the report; and wherein the searched mis-configurations are in a particular predefined search expression format that corresponds with the particular predefined schema; - View Dependent Claims (2, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
3. A computer implemented method of detecting firewall mis-configurations of a firewall operatively associated with a computer network, the method comprising:
-
receive a firewall configuration report exhibiting relationships between any potential packet received by the firewall and a corresponding action taken by the firewall in response, wherein the report is achieved by algorithmically simulating all potential packet receipts on an internal model of the firewall;
convert the firewall configuration report into a computer searchable file enabling detection of firewall mis-configurations;
detect firewall mis-configurations by searching the computer searchable file for mis-configurations in view of a predefined knowledge base stored on the memory exhibiting risk items associated with corresponding firewall mis-configurations; and
customize the detected firewall mis-configurations according to the knowledge base and the firewall configuration report thereby producing a list of risks associated with the firewall;conducting a simulation of firewall activation for specific risk type defined a user; integrating simulation results within the computer searchable file; wherein the computer searchable file obeys a particular predefined schema indicating relationships between objects exhibited on tables in the report; and wherein the searched mis-configurations are in a particular predefined search expression format that corresponds with the particular predefined schema; wherein the integrated computer searchable file enable searching according risk type.
-
-
12. A data processing system for detecting firewall mis-configurations of a firewall operatively associated with a computer network, the system comprising:
-
a processor; and a memory, wherein the processor is configured by a computer readable code such that the processor is operable to; receive a firewall configuration report exhibiting relationships between any potential packet received by the firewall and a corresponding action taken by the firewall in response, wherein the report is achieved by algorithmically simulating all potential packet receipts on an internal model of the firewall; convert the firewall configuration report into a computer searchable file enabling detection of firewall mis-configurations;
detect firewall mis-configurations by searching the computer searchable file for mis-configurations in view of a predefined Knowledge Base stored on the memory exhibiting risk items associated with corresponding firewall mis-configurations; andcustomize the detected firewall mis-configurations according to the Knowledge Base and the firewall configuration report thereby producing a list of risks associated with the firewall; eliminating redundancy of reported risks by defining a suppression code for each risk associated with at least one second risk where the rules of the second risk contains the rules of the first risk, wherein the reported risks which have same number of triggering rules as the corresponding second risk defined by suppression code of the first risk, are suppressed. wherein the computer searchable file obeys a particular predefined schema indicating relationships between objects exhibited on tables in the report; and wherein the searched mis-configurations are in a particular predefined search expression format that corresponds with the particular predefined schema.
-
-
13. A computer implemented method of detecting firewall mis-configurations of a firewall operatively associated with a computer network, the method comprising:
-
receiving a firewall configuration report exhibiting relationships between any potential packet received by the firewall and a corresponding action taken by the firewall in response, wherein the report is achieved by algorithmically simulating all potential packet receipts on an internal model of the firewall; converting the firewall configuration report into a computer searchable file enabling detection of firewall mis-configurations; detecting firewall mis-configurations by searching the computer searchable file for mis-configurations in view of a predefined knowledge base exhibiting risk items associated with corresponding firewall mis-configurations; and customizing the detected firewall mis-configurations according to the knowledge base and the firewall configuration report thereby producing a list of risks associated with the firewall; wherein the computer searchable file obeys a particular predefined schema indicating relationships between objects exhibited on tables in the report; and wherein the searched mis-configurations are in a particular predefined search expression format that corresponds with the particular predefined schema;
-
Specification