Method and apparatus for reconfiguring and managing firewalls and security devices

US 6,243,815 B1
Filed: 12/24/1997
Issued: 06/05/2001
Est. Priority Date: 04/25/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for reconfiguring network security devices coupled to a network directory services server from a single administration point, the network directory services server providing network directory services to the network security devices, the method comprising:

providing a hierarchical directory structure having interconnected sub-directories, the hierarchical directory structure coupled to the network security devices and the network directory services server;

storing configuration data for the network security devices at a pre-determined directory location, the network security devices capable of providing security for at least both IP and IPX protocol environments;

copying the configuration data from the predetermined directory location to a first sub-directory using the network directory services provided by the network directory services server in response to a first reconfigure request;

copying the configuration data from the first sub-directory to any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory in the hierarchical directory structure;

installing the configuration data on any network security device coupled to the first sub-directory and any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory; and

updating configuration of the network security devices according to the configuration data.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for reconfiguring network security devices coupled to a network directory services server, the network directory services server providing network directory services to the network security devices, includes the steps of storing configuration data for a first network security device at a pre-determined directory location, copying the configuration data from the predetermined directory location to a directory used by the first network security device using the network directory services in response to a first reconfigure request, and updating configuration of the first network security device according to the configuration data in the directory used by the first network security device.

Citations

24 Claims

1. A method for reconfiguring network security devices coupled to a network directory services server from a single administration point, the network directory services server providing network directory services to the network security devices, the method comprising:
- providing a hierarchical directory structure having interconnected sub-directories, the hierarchical directory structure coupled to the network security devices and the network directory services server;
  
  storing configuration data for the network security devices at a pre-determined directory location, the network security devices capable of providing security for at least both IP and IPX protocol environments;
  
  copying the configuration data from the predetermined directory location to a first sub-directory using the network directory services provided by the network directory services server in response to a first reconfigure request;
  
  copying the configuration data from the first sub-directory to any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory in the hierarchical directory structure;
  
  installing the configuration data on any network security device coupled to the first sub-directory and any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory; and
  
  updating configuration of the network security devices according to the configuration data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising receiving the first reconfigure request from a first network security device, wherein the first network security device is one of the any network security device coupled to the first sub-directory and any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory.
  - 3. The method of claim 1 further comprising generating the first reconfigure request when operation of a first network security device is disrupted, wherein the first network security device is one of the any network security device coupled to the first sub-directory and any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory.
  - 4. The method of claim 1 further comprising:
5. The method of claim 4 further comprising receiving the second reconfigure request from the first subset of the network security devices.
6. The method of claim 4 further comprising the step of generating the second reconfigure request when operation of the first subset of the network security devices is disrupted.
7. The method of claim 1 wherein the network directory services is selected from a class comprising Novell Directory Services, Light weight Directory Access Protocol, and Microsoft Active Directory Services.
8. The method of claim 1 further comprising providing a first network security device, wherein the first network security device provides functionality of a firewall.

9. A method for configuring network security devices comprising:
- providing a network directory server providing network directory services to a plurality of network security devices which are capable of providing security for a plurality of network environments;
  
  classifying each network security device into one or more hierarchical classes of network security devices, said hierarchical classes including a network security class, a first network security sub-class, and a second network security sub-class, said first and said second network security sub-classes being sub-classes of said network security class;
  
  storing configuration data for said first and said second network security sub-classes at a first directory location coupled to the network directory server, said first directory location including one or more directories;
  
  copying the configuration data from the first directory location to a first sub-directory using the network directory services provided by the network directory server, in response to a first update request;
  
  copying the configuration data to each sub-directory coupled to said first sub-directory, wherein the first sub-directory and each sub-directory coupled to said first sub-directory are used by network security devices classified within the first network security sub-class; and
  
  updating configuration of network security devices classified within the first network security sub-class according to the configuration data in the respective sub-directories.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9 further comprising generating the first update request when operation of one of the network security devices classified within the first network security sub-class is disrupted.
  - 11. The method of claim 9 further comprising:
12. The method of claim 9 wherein the network directory services is selected from a class comprising Novell Directory Services, Light weight Directory Access Protocol, and Microsoft Active Directory Services.
13. The method of claim 9 wherein the network security devices classified within the first network security sub-class include firewall functionality.

14. A network of network security devices including a computer system for reconfiguring the network security devices and for providing directory services to the network security devices, the computer system including:
- a processor; and
  
  a computer readable media including;
  
  code that directs the processor to provide a hierarchical directory structure having interconnected sub-directories, the hierarchical directory structure coupled to the network security devices;
  
  code that directs the processor to store configuration data for the network security devices at a pre-determined directory location, the network security devices capable of providing security for at least both IP and IPX protocol environments;
  
  code that directs the processor to copy the configuration data from the predetermined directory location to a first sub-directory using the directory services, in response to a reconfigure request;
  
  code that directs the processor to copy the configuration data from the first sub-directory to any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory in the hierarchical directory structure;
  
  code that directs the processor to install the configuration data on any network security device coupled to the first sub-directory and any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory; and
  
  code that directs the first network security device to reconfigure according to the configuration data in the sub-directory used by the first network security device.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The network of claim 14 wherein the computer readable media also includes:
16. The network of claim 15 wherein the network security devices are based upon a Novell IntranetWare operating system, and the second network security device is based upon an operating system selected from the class comprising WindowsNT, Novell NetWare, Novell IntranetWare, and UNIX.
17. The network of claim 14 wherein the directory services is selected from a class comprising Novell Directory Services, Lightweight Directory Access Protocol, and Microsoft Active Directory Services.
18. The network of claim 14 wherein the network security devices include firewall features.

19. A method for reconfiguring one or more network security devices from a single administration point, the network security devices coupled to a network directory services server, the network directory services server providing network directory services to the network security devices, the method comprising:
- storing configuration data at a predetermined directory location, the directory location coupled to the network directory services server;
  
  classifying each of the one or more network security devices into a hierarchical directory structure, the directory structure comprising a plurality of subdirectories;
  
  copying the configuration data from the directory location to a first subdirectory using the network directory services in response to an update request;
  
  copying the configuration data to each subdirectory directly coupled or indirectly coupled to the first subdirectory in the hierarchical directory structure;
  
  installing the configuration data on all network security devices coupled to the first subdirectory and each subdirectory directly coupled or indirectly coupled to the first subdirectory.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method of claim 19 wherein the step of storing configuration data at a predetermined directory location further comprises storing configuration data in a database coupled to the network directory services server.
  - 21. The method of claim 19 wherein the installing the configuration data further comprises automatically installing the configuration data at predetermined intervals.
  - 22. The method of claim 19 wherein the installing step further comprises installing the configuration data in response to a command from the single administration point.
  - 23. The method of claim 19 further comprising at least one first level subdirectory and at least one second level subdirectory, wherein each second level subdirectory is coupled to at least one first level subdirectory, and wherein a copying step performed in a first level subdirectory automatically performs the copying step in the first level subdirectory in any second level subdirectory coupled to the first level subdirectory.
  - 24. The method of claim 23 further comprising at least one third level subdirectory coupled to at least one second level subdirectory wherein the copying step in the second level subdirectory is automatically performed in any third level subdirectory coupled to the second level subdirectory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Bisht, Naveen S., Puri, Hemant, Sawhney, Sanjay, Antur, Anand K.
Primary Examiner(s)
Beausoleil, Robert
Assistant Examiner(s)
Bonzo, Bryce P.

Application Number

US08/998,313
Time in Patent Office

1,259 Days
Field of Search

713/201, 713/200, 709/220, 709/221, 709/223
US Class Current

726/11
CPC Class Codes

H04L 41/0806   for initial configuration o...

H04L 41/082   the condition being updates...

H04L 41/0856   by backing up or archiving ...

H04L 41/0893   Assignment of logical group...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 63/02   for separating internal fro...

H04L 63/20   for managing network securi...

Method and apparatus for reconfiguring and managing firewalls and security devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for reconfiguring and managing firewalls and security devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links