Method and device for firewall access control strategy analysis

Method and device for firewall access control strategy analysis

  • CN 103,905,407 A
  • Filed: 12/28/2012
  • Published: 07/02/2014
  • Est. Priority Date: 12/28/2012
  • Status: Active Application
First Claim
Patent Images

1. an analytical method for firewall access control policy, is characterized in that, comprising:

  • Analytical equipment obtains whole access control policies of fire compartment wall, wherein, described in each, access control policy comprises;

    source IP address set, object IP address set, the set of destination slogan and action identification, and wherein, described action identification comprises;

    allow and do not allow;

    Described in each in access control policy, when described action identification is not when allowing, described access control policy is safe access control policy;

    When described action identification is for allowing, and described source IP address set-inclusion is in the IP of the untrusted setting in advance address set, and described object IP address set is contained in the IP address set of the permission access setting in advance, and when the destination slogan set that described destination slogan set-inclusion is accessed in the permission setting in advance, described access control policy is safe access control policy, otherwise described access control policy is unsafe access control policy;

    In the time that the number of described safe access control policy is more than or equal to two, described analytical equipment is according to the inclusion relation of the source IP address set in the access control policy of every two safety, object IP address set and the set of destination slogan, the access control policy of every two safety is optimized to analysis, obtains the optimization analysis result of the access control policy of every two safety.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×