Firewall strategy-generating method, device and system

A firewall strategy and strategy technology, applied in the transmission system, electrical components, etc., can solve the problems of low accuracy and complicated operation, and achieve high accuracy and simple effect

Active Publication Date: 2012-11-28
INDUSTRIAL AND COMMERCIAL BANK OF CHINA
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The main purpose of the embodiment of the present invention is to provide a firewall policy generation method, device and system to solve the problems of complex operation and low accuracy in the firewall policy generation technology in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall strategy-generating method, device and system
  • Firewall strategy-generating method, device and system
  • Firewall strategy-generating method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] An embodiment of the present invention provides a method for generating a firewall policy, such as figure 1 As shown, the method includes:

[0045] Step 101, receiving policy demand information including demand source address, demand destination address, demand service type and demand status;

[0046] Step 102, obtain the area where the source server and the destination server are located from the pre-stored address area relationship table according to the demand source address and the demand destination address;

[0047] Step 103, according to the area where the source server and the destination server are located, obtain the area policy information corresponding to the area where the source server and the destination server are located, including the source address of the policy, the destination address of the policy, the type of policy service, and the policy status ;

[0048] Step 104: Perform logic operations on the demand source address and the policy source add...

Embodiment 2

[0125] The embodiment of the present invention also provides a firewall policy generation device, which is preferably used to implement the method in the first embodiment above, such as Figure 6 As shown, the device includes:

[0126] A demand information receiving unit 601, configured to receive strategic demand information including a demand source address, a demand destination address, a demand service type, and a demand status;

[0127] The area obtaining unit 602 is configured to obtain the area where the source server and the destination server are located from the pre-stored address area relationship table according to the demand source address and the demand destination address, wherein the address area relationship table is used to represent the correspondence between areas and addresses relation;

[0128] The area policy obtaining unit 603 is used to obtain the policy source address, policy destination address, policy service type and policy corresponding to the ar...

Embodiment 3

[0142] An embodiment of the present invention also provides a firewall policy generation system, including the firewall policy generation device as described in Embodiment 2, such as Figure 9 As shown, the system adopts a three-layer structure, which consists of presentation layer 1, functional logic layer 2, and data layer 3 from top to bottom. The three-layer structure is described below in order from bottom to top.

[0143] The data layer 3 is responsible for providing the configuration information of the firewall to the functional logic layer 2, which is divided into configuration files 31 and configuration information database 30. The data in the configuration information database is obtained by parsing configuration files in advance.

[0144] The functional logic layer 2 is used to simulate firewall devices according to the firewall configuration information, and provide different functions to the presentation layer 1. The functional logic layer 2 is further divided int...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides firewall strategy-generating method, device and system. The firewall strategy-generating method comprises the following steps: receiving strategy demand information containing a demand source address, a demand destination address and a demand service type; acquiring the regions of a source server and a destination server from a prestored address region relation table according to the demand source address and the demand destination address; acquiring region strategy information from a prestored region and strategy relation table according to the regions of the source server and the destination server, wherein the region strategy information corresponds to the regions of the source server and the destination server and contains a strategy source address, a strategy destination address and a strategy service type; logically calculating the demand source address and the strategy source address to generate a source address logic result; logically calculating the demand destination address and the strategy destination address to generate a destination address logic result; logically calculating the demand service type and the strategy service type to generate a service type logic result; and generating a firewall strategy according to the source address logic result, the destination address logic result, the service type logic result and the relation between a demand state and a strategy state.

Description

technical field [0001] The present invention relates to the technical field of computer network security, in particular, to a method, device and system for generating a firewall policy. Background technique [0002] At present, more and more work is being done to deploy firewalls and implement firewall policies in bank data centers. According to preliminary statistics, the number of firewall policy changes in a bank's data center accounts for more than 40% of the total number of changes in the bank's data center. Since the writing and implementation of firewall policy change steps are currently done manually by staff based on the firewall policy application form, writing and implementing a large number of firewall policy change steps is not only a huge workload, but also prone to errors. Once an error occurs, it will affect the normal operation of the banking network and the normal operation of the banking business. For this reason, related industries have been studying th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 张颖岳红超张晓丹王希王颖李新印肖国彬
Owner INDUSTRIAL AND COMMERCIAL BANK OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap