OBJECT-RELATION USER INTERFACE FOR VIEWING SECURITY CONFIGURATIONS OF NETWORK SECURITY DEVICES

US 20170054757A1
Filed: 12/21/2015
Published: 02/23/2017
Est. Priority Date: 08/21/2015
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

generating for display selectable device icons that represent respective network security devices;

responsive to a selection of one of the device icons, generating for display selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon;

responsive to a selection of one of the interface icons, generating for display selectable policy icons that represent respective security polices used by the network interface represented by the selected interface icon, the security policies including security rules, each security rule including objects arranged according to a predetermined rule syntax to control access to a resource, at least some of the objects having respective object values; and

responsive to a selection of one of the policy icons, generating for display selectable object group icons that represent respective groups of objects used in the security policy represented by the selected policy icon.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computer implemented method, selectable device icons that represent respective network security devices are generated for display. Responsive to a selection of one of the device icons, selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon are generated for display. Responsive to a selection of one of the interface icons, selectable policy icons that represent respective security polices applied to the network interface represented by the selected interface icon are generated for display. Responsive to a selection of one of the policy icons, selectable object group icons that represent respective groups of security rule objects used in the network security policy represented by the selected policy icon are generated for display.

44 Citations

View as Search Results

23 Claims

1. A computer implemented method comprising:
- generating for display selectable device icons that represent respective network security devices;
  
  responsive to a selection of one of the device icons, generating for display selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon;
  
  responsive to a selection of one of the interface icons, generating for display selectable policy icons that represent respective security polices used by the network interface represented by the selected interface icon, the security policies including security rules, each security rule including objects arranged according to a predetermined rule syntax to control access to a resource, at least some of the objects having respective object values; and
  
  responsive to a selection of one of the policy icons, generating for display selectable object group icons that represent respective groups of objects used in the security policy represented by the selected policy icon.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - responsive to a selection of one of the object group icons, generating for display respective object values for the security rule objects in the group of objects represented by the selected object group icon.
  - 3. The method of claim 2, wherein each device icon indicates, for the network security device represented by the device icon:
    - a type of network security device;
      
      a network security device name; and
      
      at least one of;
      
      a number of network interfaces of the network security device;
      
      ora number of network security policies used by the network security device and a number of security rule objects in the network security policies.
  - 4. The method of claim 2, wherein each interface icon indicates, for the network interface represented by the interface icon, a network interface name, a name of the network security device that uses the network interface, and at least one of a number of security policies used by the network interface or a number of objects in the security policy.
  - 5. The method of claim 2, wherein each policy icon indicates, for the security policy represented by the policy icon, a name of the security policy, and a number of objects in the security policy.
  - 6. The method of claim 2, wherein each object group icon indicates, for the group of objects represented by the object group icon, a name of the group of objects, a name of a network interface that uses the group of objects, and a number of objects in the group of objects.
  - 7. The method of claim 2, wherein the generating for display the object values includes generating for display the object values in an editable form that permits editing of the object values, including adding a new object value, deleting one of the object values, or modifying one of the object values.
  - 8. The method of claim 2, further comprising:
    - generating for concurrent display the device icons and the interface icons; and
      
      generating for concurrent display the interface icons and the policy icons.
  - 9. The method of claim 8, further comprising:
    - generating for concurrent display the policy icons and the object group icons; and
      
      generating for concurrent display the object group icons and the object values.
  - 10. The method of claim 2, further comprising:
    - generating for concurrent display a selectable permit filter, a selectable deny filter, and the selectable policy icons;
      
      receiving, in addition to the selection of the policy icon, a selection of either the permit filter or the deny filter;
      
      if the permit filter is selected, identifying in the security policy represented by the selected policy icon security rules configured to permit access to a network resource; and
      
      if the deny filter is selected, identifying in the security policy represented by the selected policy icon security rules configured to deny access to a network resource; and
      
      generating for display objects used by the identified security rules.
  - 11. The method of claim 2, further comprising:
    - generating for concurrent display a selectable identical filter, a selectable similar filter, and the object group icons;
      
      receiving a selection of either the identical filter or the similar filter;
      
      if a selection of the identical filter is received;
      
      identifying identical objects among the object groups represented by the object group icons; and
      
      generating for display the identical objects;
      
      if a selection of the similar filter is received;
      
      identifying similar objects among the object groups represented by the object group icons; and
      
      generating for display the similar objects.

12. An apparatus comprising:
- a network interface unit configured to enable communications over a network; and
  
  a processor, coupled to the network interface unit, configured to;
  
  generate for display selectable device icons that represent respective network security devices;
  
  responsive to a selection of one of the device icons, generate for display selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon;
  
  responsive to a selection of one of the interface icons, generate for display selectable policy icons that represent respective security polices used by the network interface represented by the selected interface icon, the security policies including security rules, each security rule including objects arranged according to a rule syntax to control access to a resource, at least some of the objects having respective object values; and
  
  responsive to a selection of one of the policy icons, generate for display selectable object group icons that represent respective groups of objects used in the security policy represented by the selected policy icon.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The apparatus of claim 12, wherein the processor is further configured to:
    - responsive to a selection of one of the object group icons, generate for display respective object values for the security rule objects in the group of objects represented by the selected object group icon.
  - 14. The apparatus of claim 13, wherein each device icon indicates, for the network security device represented by the device icon:
    - a type of network security device;
      
      a network security device name; and
      
      at least one of;
      
      a number of network interfaces of the network security device;
      
      ora number of network security policies used by the network security device and a number of security rule objects in the network security policies.
  - 15. The apparatus of claim 13, wherein the processor is configured to generate for display the object values by generating for display the object values in an editable form that permits editing of the object values, wherein the permitted editing includes adding a new object value, deleting one of the object values, or modifying one of the object values.
  - 16. The apparatus of claim 13, wherein the processor is further configured to:
    - generate for concurrent display the device icons and the interface icons; and
      
      generate for concurrent display the interface icons and the policy icons.
  - 17. The apparatus of claim 16, wherein the processor is further configured to:
    - generate for concurrent display the policy icons and the object group icons; and
      
      generate for concurrent display the object group icons and the object values.

18. A non-transitory computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to:
- generate for display selectable device icons that represent respective network security devices;
  
  responsive to a selection of one of the device icons, generate for display selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon;
  
  responsive to a selection of one of the interface icons, generate for display selectable policy icons that represent respective security polices used by the network interface represented by the selected interface icon, the security policies including security rules, each security rule including objects arranged according to a rule syntax to control access to a resource, at least some of the objects having respective object values; and
  
  responsive to a selection of one of the policy icons, generate for display selectable object group icons that represent respective groups of objects used in the security policy represented by the selected policy icon.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The computer readable storage media of claim 18, further comprising instruction to cause the processor to:
    - responsive to a selection of one of the object group icons, generate for display respective object values for the security rule objects in the group of objects represented by the selected object group icon.
  - 20. The computer readable storage media of claim 19, wherein each device icon indicates, for the network security device represented by the device icon:
    - a type of network security device;
      
      a network security device name; and
      
      at least one of;
      
      a number of network interfaces of the network security device;
      
      ora number of network security policies used by the network security device and a number of security rule objects in the network security policies.
  - 21. The computer readable storage media of claim 19, wherein the instructions to cause the processor to generate for display the object values include instructions to cause the processor to generate for display the object values in an editable form that permits editing of the object values, wherein the permitted editing includes adding a new object value, deleting one of the object values, or modifying one of the object values.
  - 22. The computer readable storage media of claim 19, further comprising instructions to cause the processor to:
    - generate for concurrent display the device icons and the interface icons; and
      
      generate for concurrent display the interface icons and the policy icons.
  - 23. The computer readable storage media of claim 22, further comprising instructions to cause the processor to:
    - generate for concurrent display the policy icons and the object group icons; and
      
      generate for concurrent display the object group icons and the object values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Miglani, Umesh Kumar, Catubig, Karyll, Siswick, Zachary D., Hollingshead, Daniel, Dotan, Yedidya, Knjazihhin, Denis

Granted Patent

US 9,948,679 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 3/04817   using icons graphical or vi...

G06F 3/04842   Selection of displayed obje...

H04L 63/02   for separating internal fro...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

OBJECT-RELATION USER INTERFACE FOR VIEWING SECURITY CONFIGURATIONS OF NETWORK SECURITY DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

OBJECT-RELATION USER INTERFACE FOR VIEWING SECURITY CONFIGURATIONS OF NETWORK SECURITY DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links