System and method for implementing network security policies on a common network infrastructure
First Claim
1. A secure network configured to carry data, comprising:
- a plurality of network bubbles, each network bubble having a plurality of bubble partitions, each bubble partition having at least one network device configured to transmit and receive data, and wherein each of the plurality of bubble partitions is connected to at least two network control point devices to achieve high availability in the case of a failed interface or network control point device;
all of the network devices corresponding to the same respective network bubble having unrestricted network access with each other and the same network security policy that controls data movement between the network devices of different network bubbles;
a network control point having one or more network control point devices, a first network device of a first network bubble being connected to the network control point through at least one network control point device and a second network device of a second network bubble being connected to the network control point through at least one network control point device wherein the network control point applies the security policy of the first network bubble to data for the first network device and the security policy of the second network bubble to data for the second network device, wherein the security policy of the first network bubble is distinct from the security policy of the second network bubble; and
an inter-bubble device connecting the first and second network bubbles to one another and enforcing the network security policy of the first and second network bubbles.
8 Assignments
0 Petitions
Accused Products
Abstract
A secure network is provided which includes a plurality of network bubbles having a plurality of bubble partitions. Each bubble partition has at least one network device configured to transmit and receive data. All the network devices that belong to or correspond to a particular network bubble have the same network security policy. The secure network also includes a plurality of network control points, which has one or more network control point devices having at least one interface. Each bubble partition is connected to at least one network control point. The network control point is used to provide a connection between at least two network devices. Each network control point device is configured to enforce the network security policy of all the network bubbles that are connected to it. During the transmission of data from one network device to another network device, one or more network control points are traversed.
39 Citations
31 Claims
-
1. A secure network configured to carry data, comprising:
-
a plurality of network bubbles, each network bubble having a plurality of bubble partitions, each bubble partition having at least one network device configured to transmit and receive data, and wherein each of the plurality of bubble partitions is connected to at least two network control point devices to achieve high availability in the case of a failed interface or network control point device; all of the network devices corresponding to the same respective network bubble having unrestricted network access with each other and the same network security policy that controls data movement between the network devices of different network bubbles; a network control point having one or more network control point devices, a first network device of a first network bubble being connected to the network control point through at least one network control point device and a second network device of a second network bubble being connected to the network control point through at least one network control point device wherein the network control point applies the security policy of the first network bubble to data for the first network device and the security policy of the second network bubble to data for the second network device, wherein the security policy of the first network bubble is distinct from the security policy of the second network bubble; and an inter-bubble device connecting the first and second network bubbles to one another and enforcing the network security policy of the first and second network bubbles. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A secure network configured to transmit data, comprising:
-
a first and second network bubble, each network bubble having a distinct network security policy and a plurality of bubble partitions, each bubble partition having a plurality of network devices having unrestricted network access with each other and configured to transmit and receive data, wherein each of the plurality of bubble partitions is connected to at least two network control point devices to achieve high availability in the case of a failed interface or network control point device; a network control point having one or more network control point devices, a first network device of the first network bubble being connected to the network control point to which a second network device of the second bubble is also connected, wherein the network control point device applies the distinct security policy of the first bubble to data for the first network device and the distinct security policy of the second bubble to data for the second network device to control movement of data between the first and a second network bubble; and an inter-bubble device connecting the first and a second network bubble to one another and enforcing the network security policy of the first and a second network bubble. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
Specification