System and method for implementing a bubble policy to achieve host and network security
First Claim
Patent Images
1. In a network security system having a plurality of bubbles, where each bubble has a plurality of bubble partitions, a method of creating a structured access list template, the method comprising:
- dividing a first access list template into a plurality of sections, where each section includes rules that implement a function;
assigning a first plurality of network devices to a first bubble;
assigning a second plurality of network devices to a second bubble;
creating an inbound local rule group for the first bubble;
creating an outbound local rule group for the first bubble;
creating an inbound remote rule group for the first bubble for use by the second bubble for allowing access from the first plurality of network devices of the first bubble;
creating an outbound remote rule group for the first bubble for use by the second bubble for allowing access to the plurality of network devices of the first bubble;
arranging the inbound local rule group and the outbound local rule group in one of the plurality of sections of the first access list template; and
arranging the inbound remote rule group and the outbound remote rule group in one of the plurality of sections of the first access list template.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of creating a structured access list template, which includes dividing an access list template into a plurality of sections, creating an inbound local rule group for the bubble, creating an outbound local rule group for the bubble, creating an inbound remote rule group for the bubble, and creating an outbound remote rule group for the bubble. A method of creating an access list for each of the plurality of bubble boundary devices, which includes creating an address table that includes a plurality of addresses corresponding to devices in a bubble partition, creating a protocol table that includes a list of network services and whether each of the network services are granted or denied access to the bubble partition, creating an access list template using the address table and the protocol table, generating an access list from the access list template, and providing the access list to one of the plurality of bubble boundary devices.
44 Citations
10 Claims
-
1. In a network security system having a plurality of bubbles, where each bubble has a plurality of bubble partitions, a method of creating a structured access list template, the method comprising:
-
dividing a first access list template into a plurality of sections, where each section includes rules that implement a function; assigning a first plurality of network devices to a first bubble; assigning a second plurality of network devices to a second bubble; creating an inbound local rule group for the first bubble; creating an outbound local rule group for the first bubble; creating an inbound remote rule group for the first bubble for use by the second bubble for allowing access from the first plurality of network devices of the first bubble; creating an outbound remote rule group for the first bubble for use by the second bubble for allowing access to the plurality of network devices of the first bubble; arranging the inbound local rule group and the outbound local rule group in one of the plurality of sections of the first access list template; and arranging the inbound remote rule group and the outbound remote rule group in one of the plurality of sections of the first access list template. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of creating a structured network for providing security comprising:
-
assigning a first plurality of network devices to a first bubble; assigning a second plurality of network devices to a second bubble; providing a first access list template having a plurality of sections, where each section includes rules that implement a function; providing an inbound local rule group for the first bubble; providing an outbound local rule group for the first bubble; providing an inbound remote rule group for the first bubble for use by the second bubble for allowing access from the first plurality of network devices of the first bubble; providing an outbound remote rule group for the first bubble for use by the second bubble for allowing access to the first plurality of network devices of the first bubble; arranging the inbound local rule group and the outbound local rule group in one of the plurality of sections of the first access list template; arranging the inbound remote rule group and the outbound remote rule group in one of the plurality of sections of the first access list template; and utilizing the first access list template to ensure consistency in implementation of network security policies between the first bubble and the second bubble. - View Dependent Claims (7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company), Valtrus Innovations Limited (f/k/a Dolya Holdco 9 Limited) (Key Patent Innovations Limited)
-
Original AssigneeHewlett-Packard Development Company, L.P. (HP Inc.)
-
InventorsJemes, Brian, Buch-Pedersen, Leif, Brawn, John Melvin
-
Primary Examiner(s)Vu; Kim
-
Assistant Examiner(s)Pich; Ponnoreay
-
Application NumberUS09/861,986Publication NumberTime in Patent Office2,563 DaysField of Search713150-154, 713200-201, 209/213, 209/214, 209217-230, 209238-239, 209248-250, 710 1- 4, 710 15- 18, 707 1- 2, 707 9- 10, 709220-230, 709/249US Class Current726/3CPC Class CodesH04L 2101/604 Address structures or formatsH04L 61/5061 Pools of addressesH04L 63/0218 Distributed architectures, ...H04L 63/0227 Filtering policies mail mes...H04L 63/0263 Rule managementH04L 63/104 Grouping of entitiesH04L 69/40 for recovering from a failu...H04L 9/40 Network security protocols
