AUTOMATICALLY GENERATING RULES FOR CONNECTION SECURITY
First Claim
1. A method performed by a processor executing computer-executable instructions stored in a memory of a computer system to create a firewall policy and a connection policy, the executed method further comprising:
- providing a user interface through which a user can specify security rules relating to the firewall policy and the connection policy; and
automatically generating by the processor firewall rules and connection rules from the specified security rules, the security rules being higher level rules than the firewall rules and the connection rules, the generated firewall rules for input into a firewall engine and specifying addresses of computing devices that are authorized to send data to the computer system and the generated connection rules for input into an internet protocol security engine and specifying an authentication protocol for authenticating a computing device that sends data to the computer system and a confidentiality protocol and an integrity protocol for ensuring the confidentiality and integrity of data sent to the computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.
-
Citations
20 Claims
-
1. A method performed by a processor executing computer-executable instructions stored in a memory of a computer system to create a firewall policy and a connection policy, the executed method further comprising:
-
providing a user interface through which a user can specify security rules relating to the firewall policy and the connection policy; and automatically generating by the processor firewall rules and connection rules from the specified security rules, the security rules being higher level rules than the firewall rules and the connection rules, the generated firewall rules for input into a firewall engine and specifying addresses of computing devices that are authorized to send data to the computer system and the generated connection rules for input into an internet protocol security engine and specifying an authentication protocol for authenticating a computing device that sends data to the computer system and a confidentiality protocol and an integrity protocol for ensuring the confidentiality and integrity of data sent to the computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable storage device storing computer-executable instructions for controlling a computer system to create a firewall policy and a connection policy, by a method comprising:
-
providing security rules of a security policy of an enterprise; and automatically generating by the computer system firewall rules and connection rules from the provided security rules, the firewall rules and the connection rules being lower level rules than the security, the generated firewall rules for input into a firewall engine of enterprise computing devices and specifying addresses of computing devices that are authorized to send data to the enterprise computing devices and the generated connection rules for input into an internet protocol security engine of the enterprise computing devices and specifying an authentication protocol for authenticating a computing device that sends data to the enterprise computing devices. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer system that automatically generates a firewall policy and a connection policy based on a security policy with security rules, the security rules being higher level rules than the firewall rules and the connection rules, the computer system comprising:
-
a memory storing computer-executable instructions of; a component that generates firewall rules from the specified security rules for input into a firewall engine of a target device, generated firewall rules specifying addresses of computing devices that are authorized to send data to the target computing device; and a component that generates connection rules from the security rules of the security policy for input into an internet protocol security engine of the target device, the generated connection rules specifying an authentication protocol for authenticating a computing device that sends data to the target computing device; and a processor that executes the computer-executable instructions stored in the memory. - View Dependent Claims (17, 18, 19, 20)
-
Specification