Method and system for determining whether to alter a firewall configuration
First Claim
Patent Images
1. A computer-implemented method to determine whether to alter a firewall configuration, said method comprising:
- a computer receiving message flow data associated with a message packet that was blocked by a firewall based on the firewall not having a message flow rule which permitted passage of said message packet, said message flow data identifying a source network associated with said message packet, a destination network associated with said message packet and a destination port associated with said message packet;
the computer determining a first risk value and a second risk value that indicate levels of trust respectively associated with first and second zones in which said source and destination networks are respectively located, a third risk value that indicates whether said source network is authorized to be a network that is a source of said message packet in a communication session, a fourth risk value that indicates whether said destination network is authorized to be a network that receives said message packet in said communication session, and a fifth risk value that indicates whether said destination port in said destination network is authorized to be a port that receives said message packet in said communication session; and
based on the first, second, third, fourth and fifth risk values, the computer determining and generating an electronic recommendation indicating whether to add to said firewall a message flow rule that permits said message flow to pass.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for determining whether to alter a firewall configuration. Message flow data associated with a message packet blocked by a firewall is received. The packet was blocked based on the firewall not having a message flow rule that permitted passage of the message packet. Risk values associated with a source network, destination network and destination port are identified by the message flow data. Based on the risk values, an electronic recommendation indicating whether to add to the firewall a message flow rule that permits the message flow to pass is determined and generated.
61 Citations
20 Claims
-
1. A computer-implemented method to determine whether to alter a firewall configuration, said method comprising:
-
a computer receiving message flow data associated with a message packet that was blocked by a firewall based on the firewall not having a message flow rule which permitted passage of said message packet, said message flow data identifying a source network associated with said message packet, a destination network associated with said message packet and a destination port associated with said message packet; the computer determining a first risk value and a second risk value that indicate levels of trust respectively associated with first and second zones in which said source and destination networks are respectively located, a third risk value that indicates whether said source network is authorized to be a network that is a source of said message packet in a communication session, a fourth risk value that indicates whether said destination network is authorized to be a network that receives said message packet in said communication session, and a fifth risk value that indicates whether said destination port in said destination network is authorized to be a port that receives said message packet in said communication session; and based on the first, second, third, fourth and fifth risk values, the computer determining and generating an electronic recommendation indicating whether to add to said firewall a message flow rule that permits said message flow to pass. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system for determining whether to alter a firewall configuration, the computer system comprising:
-
a CPU; a computer-readable memory; a computer-readable, tangible storage device; first program instructions to receive message flow data associated with a message packet that was blocked by a firewall based on the firewall not having a message flow rule which permitted passage of said message packet, said message flow data identifying a source network associated with said message packet, a destination network associated with said message packet and a destination port associated with said message packet; second program instructions to determine a first risk value and a second risk value that indicate levels of trust respectively associated with first and second zones in which said source and destination networks are respectively located, a third risk value that indicates whether said source network is authorized to be a network that is a source of said message packet in a communication session, a fourth risk value that indicates whether said destination network is authorized to be a network that receives said message packet in said communication session, and a fifth risk value that indicates whether said destination port in said destination network is authorized to be a port that receives said message packet in said communication session; and third program instructions to determine and generate, based on the first, second, third, fourth and fifth risk values, an electronic recommendation indicating whether to add to said firewall a message flow rule that permits said message flow to pass, wherein said first, second and third program instructions are stored on said computer-readable, tangible storage device for execution by said CPU via said computer-readable memory. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product comprising a computer-readable, tangible storage device(s) and computer-readable program instructions stored on the computer-readable, tangible storage device(s) to determine whether to alter a firewall configuration, the computer-readable program instructions, when executed by a CPU:
-
receive message flow data associated with a message packet that was blocked by a firewall based on the firewall not having a message flow rule which permitted passage of said message packet, said message flow data identifying source network associated with said message packet, a destination network associated with said message packet and a destination port associated with said message packet; determine a first risk value and a second risk value that indicate levels of trust respectively associated with first and second zones in which said source and destination networks are respectively located, a third risk value that indicates whether said source network is authorized to be a network that is a source of said message packet in a communication session, a fourth risk value that indicates whether said destination network is authorized to be a network that receives said message packet in said communication session, and a fifth risk value that indicates whether said destination port in said destination network is authorized to be a port that receives said message packet in said communication session; and based on the first, second, third, fourth and fifth risk values, determine and generate an electronic recommendation indicating whether to add to said firewall a message flow rule that permits said message flow to pass. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification