System and method for unified threat management with a relational rules methodology
DCFirst Claim
1. A method of controlling access to a networked device, the method comprising:
- receiving an incoming message packet by a security gateway coupled to said networked device;
evaluating the received message packet to determine if the received message packet is compliant with a first test, the first test corresponding to a first level of a security hierarchy implemented by said security gateway,wherein the security hierarchy establishes a relationship between security functions from a lowest level to a highest level; and
the received packet is rejected at the earliest possible operation in the processing of the packet in the security hierarchy;
forwarding the received packet and an indication of its compliance with the first test for subsequent processing upon the received packet complying with the first test; and
dropping the received packet whereby no further processing of the received packet is performed upon the received packet not complying with the first test.
3 Assignments
Litigations
1 Petition
Accused Products
Abstract
A unified threat management system is provided with a uniform relational rules model. The unified relational rules model provides for the sub-setting of rules and the ability to derive a result based partially from previous security measurements. The sharing of a security check from one security implementation to another using an object-oriented methodology is facilitated. Security policy is divided into specific security features that result in a security hierarchy. The security features may be considered to be listed sequentially, from bottom to top, and form a relationship with one another. These relationships are used to build a current security measure upon a previous security measure and may be used as a pre-cursor when marshalling data content to be validated.
134 Citations
19 Claims
-
1. A method of controlling access to a networked device, the method comprising:
-
receiving an incoming message packet by a security gateway coupled to said networked device; evaluating the received message packet to determine if the received message packet is compliant with a first test, the first test corresponding to a first level of a security hierarchy implemented by said security gateway, wherein the security hierarchy establishes a relationship between security functions from a lowest level to a highest level; and the received packet is rejected at the earliest possible operation in the processing of the packet in the security hierarchy; forwarding the received packet and an indication of its compliance with the first test for subsequent processing upon the received packet complying with the first test; and dropping the received packet whereby no further processing of the received packet is performed upon the received packet not complying with the first test. - View Dependent Claims (2, 3, 4)
-
-
5. A method of controlling access to a networked device, the method comprising:
-
receiving a plurality of incoming message packets by a security gateway coupled to said networked device; identifying, at a level of a security hierarchy implemented by said security gateway, a subset of the plurality of incoming message packets as being an attack on the networked device, wherein the security hierarchy establishes a relationship between security functions from a lowest level to a highest level; determining a plurality of indicator parameters of the identified subset of attacking message packets; dynamically defining an attack defense processing rule as a function of the determined plurality of indicator parameters, wherein said attack defense processing rule may be at any level of said security hierarchy; and applying the attack defense processing rule to subsequently received incoming message packets to fend off the identified attack. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of controlling access at a networked device, the method comprising:
-
identifying a type of access to be controlled by a security gateway coupled to said networked device; and generating an access control rule applicable to the identified access type, wherein the generated access control rule comprises two portions, each portion corresponding to a level of a security hierarchy implemented by said security gateway; and the security hierarchy establishes a relationship between security functions from a lowest level to a highest level. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification