System and method for implementing a bubble policy to achieve host and network security
First Claim
1. In a network security system having a plurality of bubbles, where each bubble has a plurality of bubble partitions, a method of creating a structured access list template, the method comprising:
- dividing a first access list template into a plurality of sections, where each section includes rules that implement a function;
assigning a first plurality of network devices to a first bubble;
assigning a second plurality of network devices to a second bubble;
creating an inbound local rule group for the first bubble;
creating an outbound local rule group for the first bubble;
creating an inbound remote rule group for the first bubble for use by the second bubble for allowing access from the first plurality of network devices of the first bubble;
creating an outbound remote rule group for the first bubble for use by the second bubble for allowing access to the plurality of network devices of the first bubble;
arranging the inbound local rule group and the outbound local rule group in one of the plurality of sections of the first access list template; and
arranging the inbound remote rule group and the outbound remote rule group in one of the plurality of sections of the first access list template.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of creating a structured access list template, which includes dividing an access list template into a plurality of sections, creating an inbound local rule group for the bubble, creating an outbound local rule group for the bubble, creating an inbound remote rule group for the bubble, and creating an outbound remote rule group for the bubble. A method of creating an access list for each of the plurality of bubble boundary devices, which includes creating an address table that includes a plurality of addresses corresponding to devices in a bubble partition, creating a protocol table that includes a list of network services and whether each of the network services are granted or denied access to the bubble partition, creating an access list template using the address table and the protocol table, generating an access list from the access list template, and providing the access list to one of the plurality of bubble boundary devices.
44 Citations
10 Claims
-
1. In a network security system having a plurality of bubbles, where each bubble has a plurality of bubble partitions, a method of creating a structured access list template, the method comprising:
-
dividing a first access list template into a plurality of sections, where each section includes rules that implement a function; assigning a first plurality of network devices to a first bubble; assigning a second plurality of network devices to a second bubble; creating an inbound local rule group for the first bubble; creating an outbound local rule group for the first bubble; creating an inbound remote rule group for the first bubble for use by the second bubble for allowing access from the first plurality of network devices of the first bubble; creating an outbound remote rule group for the first bubble for use by the second bubble for allowing access to the plurality of network devices of the first bubble; arranging the inbound local rule group and the outbound local rule group in one of the plurality of sections of the first access list template; and arranging the inbound remote rule group and the outbound remote rule group in one of the plurality of sections of the first access list template. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of creating a structured network for providing security comprising:
-
assigning a first plurality of network devices to a first bubble; assigning a second plurality of network devices to a second bubble; providing a first access list template having a plurality of sections, where each section includes rules that implement a function; providing an inbound local rule group for the first bubble; providing an outbound local rule group for the first bubble; providing an inbound remote rule group for the first bubble for use by the second bubble for allowing access from the first plurality of network devices of the first bubble; providing an outbound remote rule group for the first bubble for use by the second bubble for allowing access to the first plurality of network devices of the first bubble; arranging the inbound local rule group and the outbound local rule group in one of the plurality of sections of the first access list template; arranging the inbound remote rule group and the outbound remote rule group in one of the plurality of sections of the first access list template; and utilizing the first access list template to ensure consistency in implementation of network security policies between the first bubble and the second bubble. - View Dependent Claims (7, 8, 9, 10)
-
Specification