Generalized security policy management system and method
First Claim
1. A method of regulating the flow of internetwork connections through a firewall having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer, the method comprising the steps of:
- determining parameters characteristic of a connection request, wherein the parameters include a netelement parameter characteristic of where the connection request came from;
generating a query, wherein the step of generating a query includes the step of adding the parameters to a query list;
determining if there is a rule corresponding to the query;
if there is a rule, determining if authentication is required by the rule;
if authentication is required by the rule, executing an authentication protocol; and
activating the connection if the authentication protocol is completed successfully.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for regulating the flow of internetwork connections through a firewall having a network protocol stack which includes an Internet Protocol (IP) layer. A determination is made of the parameters characteristic of a connection request, including a netelement parameter characteristic of where the connection request came from. A query is generated and a determination is made whether there is a rule corresponding to that query. If there is a rule corresponding to the query, a determination is made whether authentication is required by the rule. If authentication is required by the rule, an authentication protocol is activated and the connection is activated if the authentication protocol is completed successfully.
-
Citations
19 Claims
-
1. A method of regulating the flow of internetwork connections through a firewall having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer, the method comprising the steps of:
-
determining parameters characteristic of a connection request, wherein the parameters include a netelement parameter characteristic of where the connection request came from; generating a query, wherein the step of generating a query includes the step of adding the parameters to a query list; determining if there is a rule corresponding to the query; if there is a rule, determining if authentication is required by the rule; if authentication is required by the rule, executing an authentication protocol; and activating the connection if the authentication protocol is completed successfully. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of regulating the flow of internetwork connections through a firewall having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer, the method comprising the steps of:
-
forming an access control list, wherein the access control list includes a plurality of rules, wherein each rule includes a plurality of rule parameters and values associated with said rule parameters; determining query parameters characteristic of a connection request, wherein said query parameters include a netelement parameter characteristic of where the connection request came from; generating a query, wherein the step of generating a query includes the step of adding the query parameters to a query list; applying the query to the access control list, wherein the step of applying includes the step of determining if there is a rule corresponding to the query; if there is a rule, determining if authentication is required by the rule; if authentication is required by the rule, executing an authentication protocol; and activating the connection is the authentication protocol is completed successfully. - View Dependent Claims (10, 11)
-
-
12. A firewall, comprising:
-
a first communications interface; a second communications interface; a first network protocol stack connected to the first communications interface, wherein the first network protocol stack includes an Internet Protocol (IP) layer and a transport layer; a second network protocol stack connected to the second communications interface, wherein the second network protocol stack includes an Internet Protocol (IP) layer and a transport layer, wherein communication between the first and second communications interfaces passes through a proxy operably coupled to the protocol stacks and communication is otherwise restricted between the protocol stacks; an access control list process, wherein the access control list process accesses a plurality of rules implementing a security policy; and an agent, connected to the access control list process and to the transport layers of said first and second network protocol stacks, wherein the agent receives messages from the transport layer, sends the access control list process a query based on parameters associated with the message and executes an authentication protocol selected by the access control list process as a result of the query. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer program product, comprising:
a computer usable medium having computer readable program code embodied thereon, the computer readable program code, when executed, implementing on the computer a method of regulating the flow of internetwork connections through a firewall having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer, the method comprising the steps of; determining parameters characteristic of a connection request, wherein the parameters include a netelement parameter characteristic of where the connection request came from; generating a query, wherein the step of generating a query includes the step of adding the parameters to a query list; determining if there is a rule corresponding to the query; if there is a rule, determining if authentication is required by the rule; if authentication is required by the rule, executing an authentication protocol; and activating the connection if the authentication protocol is completed successfully. - View Dependent Claims (19)
Specification