Method and apparatus for automatic risk assessment of a firewall configuration
First Claim
Patent Images
1. A computer implemented method of detecting firewall mis-configurations of a firewall operatively associated with a computer network, the method is comprising the following steps:
- receiving a firewall configuration;
algorithmically simulating all potential packet received on an internal model of the firewall;
generating a simulation report that is exhibiting relationships between any potential packet received by the firewall and a corresponding action taken by the firewall in response;
converting the simulation report into a computer searchable file thus enabling detection of firewall mis-configurations;
detecting firewall mis-configurations by searching the computer searchable file for mis-configurations in view of a predefined knowledge base exhibiting risk items associated with corresponding firewall mis-configurations;
producing a list of risks associated with the firewall based on a customization of the detected firewall mis-configurations, wherein the customization is according to the knowledge base and the simulation report; and
eliminating redundancy of reported risks by defining a suppression code for each risk associated with at least one second risk where the rules of the second risk logically contains the rules of the first risk,wherein the reported risks which have same number of triggering rules as the corresponding second risk defined by suppression code of the first risk, are suppressed,wherein the computer searchable file obeys a particular predefined schema indicating relationships between objects exhibited on tables in the simulation report, andwherein the searched mis-configurations are in a particular predefined search expression format that corresponds with the particular predefined schema.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for Automatic Risk Assessment of a Firewall Configuration facilitates the automatic generation of a risk assessment of a given firewall configuration. The method scans the firewall analyzer report, before the human user does, and flag the Configuration errors. Each found mis-configuration is called a risk item. The report is analyzed according a Knowledge Base of known risk items. The method further filters duplicate risk item which are trigger by different rules.
-
Citations
13 Claims
-
1. A computer implemented method of detecting firewall mis-configurations of a firewall operatively associated with a computer network, the method is comprising the following steps:
-
receiving a firewall configuration; algorithmically simulating all potential packet received on an internal model of the firewall; generating a simulation report that is exhibiting relationships between any potential packet received by the firewall and a corresponding action taken by the firewall in response; converting the simulation report into a computer searchable file thus enabling detection of firewall mis-configurations; detecting firewall mis-configurations by searching the computer searchable file for mis-configurations in view of a predefined knowledge base exhibiting risk items associated with corresponding firewall mis-configurations; producing a list of risks associated with the firewall based on a customization of the detected firewall mis-configurations, wherein the customization is according to the knowledge base and the simulation report; and eliminating redundancy of reported risks by defining a suppression code for each risk associated with at least one second risk where the rules of the second risk logically contains the rules of the first risk, wherein the reported risks which have same number of triggering rules as the corresponding second risk defined by suppression code of the first risk, are suppressed, wherein the computer searchable file obeys a particular predefined schema indicating relationships between objects exhibited on tables in the simulation report, and wherein the searched mis-configurations are in a particular predefined search expression format that corresponds with the particular predefined schema. - View Dependent Claims (2, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
3. A computer implemented method of detecting firewall mis-configurations of a firewall operatively associated with a computer network, the method comprising:
-
receiving a firewall configuration; algorithmically simulating all potential packet received on an internal model of the firewall; generating a simulation report that is exhibiting relationships between any potential packet received by the firewall and a corresponding action taken by the firewall in response; converting the simulation report into a computer searchable file enabling detection of firewall mis-configurations; detecting firewall mis-configurations by searching the computer searchable file for mis-configurations in view of a predefined knowledge base stored on the memory exhibiting risk items associated with corresponding firewall mis-configurations; and customizing the detected firewall mis-configurations according to the knowledge base and the simulation report thereby producing a list of risks associated with the firewall; conducting a simulation of firewall activation for specific risk type defined by a user; and integrating simulation results within the computer searchable file, wherein the computer searchable file obeys a particular predefined schema indicating relationships between objects exhibited on tables in the report, and wherein the searched mis-configurations are in a particular predefined search expression format that correspond with the particular predefined schema, and wherein the integrated computer searchable file enables searching according risk type.
-
-
12. A data processing system for detecting firewall mis-configurations of a firewall, operatively associated with a computer network, the system comprising:
-
a processor; and a memory, wherein the processor is configured by a computer readable code such that the processor is operable to; receive a firewall configuration; algorithmically simulate all potential packet received on an internal model of the firewall; generate a simulation report that is exhibiting relationships between any potential packet received by the firewall and a corresponding action taken by the firewall in response; convert the simulation report into a computer searchable file enabling detection of firewall mis-configurations; detect firewall mis-configurations by searching the computer searchable file for mis-configurations in view of a predefined knowledge base stored on the memory exhibiting risk items associated with corresponding firewall mis-configurations; produce a list of risks associated with the firewall based on a customization of the detected firewall mis-configurations, wherein the customization is according to the knowledge base and the simulation report thereby producing a list of risks associated with the firewall; and eliminate redundancy of reported risks by defining a suppression code for each risk associated with at least one second risk where the rules of the second risk contains the rules of the first risk, wherein the reported risks which have same number of triggering rules as the corresponding second risk defined by suppression code of the first risk, are suppressed, wherein the computer searchable file obeys a particular predefined schema indicating relationships between objects exhibited on tables in the report, and wherein the searched mis-configurations are in a particular predefined search expression format that corresponds with the particular predefined schema.
-
-
13. A computer implemented method of detecting firewall mis-configurations of a firewall operatively associated with a computer network, the method comprising:
-
receiving a firewall configuration; algorithmically simulating all potential packet receipts on an internal model of the firewall; generating a simulation report that is exhibiting relationships between any potential packet received by the firewall and a corresponding action taken by the firewall in response; converting the simulation report into a computer searchable file thus enabling detection of firewall mis-configurations; detecting firewall mis-configurations by searching the computer searchable file for mis-configurations in view of a predefined knowledge base exhibiting risk items associated with corresponding firewall mis-configurations; and producing a list of risks associated with the firewall according to customization of the detected firewall mis-configurations, wherein the customization is according to the knowledge base and the simulation report, wherein the computer searchable file obeys a particular predefined schema indicating relationships between objects exhibited on tables in the report, and wherein the searched mis-configurations are in a particular predefined search expression format that corresponds with the particular predefined schema.
-
Specification