Generalized security policy user interface
First Claim
Patent Images
1. A method comprising:
- at a management entity to communicate with security devices over a network;
displaying a visualization of a network environment including network icons representing respective network zones at corresponding locations, and device icons representing one or more actors and one or more resources in corresponding ones of the visualized network domains, and one or more network security devices;
receiving user input in the form of a line drawn between a first icon representing an actor in a first visualized network zone and a second icon representing a resource in a second visualized network zone, the line intersecting a third icon representing a network security device between the actor and the resource, wherein the line represents;
whether to allow or block abilities between the actor and the resource;
whether traffic between the actor and the resource is to be monitored;
or whether access between the actor and the resource is permitted;
interpreting the line as a definition of a security policy that controls access between the actor and the resource and, based on the interpreting, generating one or more security rules for configuring the network security device to control the access according to the security policy, each security rule including rule parameters to control the access based on a network protocol and at least one of a source address and a destination address; and
delivering the one or more security rules to the security device to implement the security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A management entity displays a plurality of icons, each icon representing an actor or a resource in a networking environment. The management entity defines security policy by receiving user input in the form of lines drawn between icons representing actors and resources to control abilities between actors and resources.
-
Citations
19 Claims
-
1. A method comprising:
at a management entity to communicate with security devices over a network; displaying a visualization of a network environment including network icons representing respective network zones at corresponding locations, and device icons representing one or more actors and one or more resources in corresponding ones of the visualized network domains, and one or more network security devices; receiving user input in the form of a line drawn between a first icon representing an actor in a first visualized network zone and a second icon representing a resource in a second visualized network zone, the line intersecting a third icon representing a network security device between the actor and the resource, wherein the line represents;
whether to allow or block abilities between the actor and the resource;
whether traffic between the actor and the resource is to be monitored;
or whether access between the actor and the resource is permitted;interpreting the line as a definition of a security policy that controls access between the actor and the resource and, based on the interpreting, generating one or more security rules for configuring the network security device to control the access according to the security policy, each security rule including rule parameters to control the access based on a network protocol and at least one of a source address and a destination address; and delivering the one or more security rules to the security device to implement the security policy. - View Dependent Claims (2, 3, 4, 5, 6, 19)
-
7. An apparatus comprising:
-
a network interface unit to connect with a network and to communicate with security devices over the network; and a processor coupled to the network interface unit to; generate for display a visualization of a network environment including network icons representing respective network zones at corresponding locations, and device icons representing one or more actors and one or more resources in corresponding ones of the visualized network domains, and one or more network security devices; receive user input in the form of a line drawn between a first icon representing an actor in a first visualized network zone and a second icon representing a resource in a second visualized network zone, the line intersecting a third icon representing a network security device between the actor and the resource, wherein the line represents;
whether to allow or block abilities between the actor and the resource;
whether traffic between the actor and the resource is to be monitored;
or whether access between the actor and the resource is permitted;interpret the line as a definition of a security policy that controls access between the actor and the resource and, based on the interpreting, generate one or more security rules for configuring the network security device to control the access according to the security policy, each security rule including rule parameters to control the access based on a network protocol and at least one of a source address and a destination address; and deliver the one or more security rules to the security device to implement the security policy. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory tangible computer readable storage media encoded with instructions that, when executed by a processor of a management entity to communicate with security devices over a network, cause the processor to:
-
generate for display a visualization of a network environment including network icons representing respective network zones at corresponding locations, and device icons representing one or more actors and one or more resources in corresponding ones of the visualized network domains, and one or more network security devices; receive user input in the form of a line drawn between a first icon representing an actor in a first visualized network zone and a second icon representing a resource in a second visualized network zone, the line intersecting a third icon representing a network security device between the actor and the resource, wherein the line represents;
whether to allow or block abilities between the actor and the resource;
whether traffic between the actor and the resource is to be monitored;
or whether access between the actor and the resource is permitted;interpret the line as a definition of a security policy that controls access between the actor and the resource and, based on the interpreting, generate one or more security rules for configuring the network security device to control the access according to the security policy, each security rule including rule parameters to control the access based on a network protocol and at least one of a source address and a destination address; and deliver the one or more security rules to the security device to implement the security policy. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification