×

Security checking program for communication between networks

  • US 7,318,097 B2
  • Filed: 06/17/2003
  • Issued: 01/08/2008
  • Est. Priority Date: 06/17/2003
  • Status: Expired due to Fees
First Claim
Patent Images

1. A system for managing a security policy for a multiplicity of networks, said system comprising:

  • means for recording, for each of said multiplicity of networks, (a) a type of said each network, (b) whether said each network is a source and/or a destination network, and (c) a list of IP protocol(s) supported by said each network, said multiplicity of networks comprising a trusted type, a DMZ type, and an untrusted type, said DMZ type of network being managed by a same enterprise that manages said trusted type of network to provide security for said DMZ type of network;

    means for recording, for said each network, a multiplicity of permitted message flows for which a firewall for said each network is configured, each of said permitted message flows comprising a combination of IP protocol, destination network and source network;

    means for automatically identifying a multiplicity of possible combinations of said multiplicity of networks, wherein each of said possible combinations comprises a source network and a destination network;

    means for automatically determining, based on a type of said each network, a subset of said possible combinations, each of said possible combinations in said subset comprising two networks which are permitted to communicate with each other based on the respective types of said two networks, a trusted network being permitted to communicate with said DMZ network but not with said untrusted network, said DMZ network being permitted to communicate with both said trusted network and said untrusted network;

    means for automatically determining, for each of said possible combinations in said subset, (a) what IP protocol(s) are supported by said networks in said each possible combination in said subset, and (b) whether respective firewalls for said networks in said each possible combination in said subset permit message flows having IP protocols supported by said networks in said each possible combination of said subset; and

    means, based on determinations by both automatic determining means, for automatically determining which combinations of said multiplicity of networks comprise networks which are both (a) entitled to communicate with each other based on types of networks within each combination of said multiplicity of networks and (b) able to communicate with each other based on IP protocols supported by networks in each combination of said multiplicity of networks and IP protocols of permitted message flows through a firewall(s) for networks in each combination of said multiplicity of networks.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×