CN114205125B - Policy management method, device, equipment and medium based on security area - Google Patents
Policy management method, device, equipment and medium based on security area Download PDFInfo
- Publication number
- CN114205125B CN114205125B CN202111409959.7A CN202111409959A CN114205125B CN 114205125 B CN114205125 B CN 114205125B CN 202111409959 A CN202111409959 A CN 202111409959A CN 114205125 B CN114205125 B CN 114205125B
- Authority
- CN
- China
- Prior art keywords
- security
- policy
- policies
- safety
- issued
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 42
- 230000004044 response Effects 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 13
- 208000033748 Device issues Diseases 0.000 claims description 5
- 238000000034 method Methods 0.000 claims description 5
- 238000012550 audit Methods 0.000 description 27
- 238000001914 filtration Methods 0.000 description 16
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a policy management method, a device, equipment and a medium based on a security area, which are applied to a security supervision platform, wherein the platform is used for managing various security equipment and security policies in a system, and the policy management method comprises the following steps: defining a strategy type for any security strategy in the system according to the requirement; for any safety area in the system, at least one safety strategy is configured into the safety area according to the requirement; for any safety equipment in the system, the safety equipment is divided into a corresponding safety area according to the requirement, the safety strategy configured in the safety area is matched with the safety strategy belonging to the safety equipment according to the defined strategy type; and for any security device in the system, the configured security policy is issued to the security device. The invention can not only uniformly issue the special strategies of various security devices, but also independently issue the general strategies to the security devices of different types.
Description
Technical Field
The present invention relates to the field of industrial control security technologies, and in particular, to a policy management method, device, equipment, and medium based on a security area.
Background
With the development of network technology and the improvement of informatization degree, a single network security product has difficulty in achieving the purpose of guaranteeing the security of the whole network. More and more enterprises are starting to enable various ways of stacking security products to improve network security, but the diversity and complexity of security product types make policy management problems of security devices increasingly prominent.
In the current industrial control safety field, a safety supervision platform is mostly adopted to perform unified management on equipment. The security supervision platform can be used for intensively configuring the policies of various security devices in the system, and the security supervision platform can be used for issuing the configured policies to the security devices in the system so as to realize policy management of the security devices in the system. According to the characteristics of the safety equipment, the deployment environment and the different requirements of manufacturers, the current situation is as follows: 1) Different classes of security devices have their unique policy requirements, which policies can only be issued to specific classes of security devices; 2) Even though the security devices of the same class have different requirements for policy content, the same policy is not suitable for all devices that issue to the same class of devices; 3) Different classes of security devices may have the same requirements for a certain class of policies, i.e. a certain class of policies may be applicable to different classes of security devices.
Disclosure of Invention
In order to solve the problems, the invention provides a policy management method, a device, equipment and a medium based on a security area, which not only can uniformly issue unique policies of various security equipment, but also can independently issue general policies to the security equipment of different categories.
In order to achieve the above object, a first aspect of the present invention provides a policy management method based on a security area, which is applied to a security supervision platform, where the security supervision platform is used for managing various security devices and security policies in a system, and the policy management method includes:
defining a policy type for any security policy in the system according to the requirement, wherein the security policy of the type represents a specific policy applicable to a certain type of security device or a general policy applicable to a plurality of types of security devices;
for any safety area in the system, at least one safety strategy is configured into the safety area according to the requirement;
for any safety equipment in the system, the safety equipment is divided into a corresponding safety area according to the requirement, the safety strategy configured in the safety area is matched with the safety strategy belonging to the safety equipment according to the defined strategy type;
and for any security device in the system, the configured security policy is issued to the security device.
Further, whether the security policy is a unique policy or a general policy is represented by binary.
Further, for any security area in the system, the unique strategy or the plurality of general strategies are simultaneously configured to the same security area according to the requirements and the deployment environment.
Further, each type of security device includes both its own unique policy and common policies of other security devices.
In order to achieve the above object, another aspect of the present invention provides a policy management device based on a security area, which is applied to a security supervision platform, where the security supervision platform is used for managing security policies of different security devices in a system, and the policy management device includes:
the security area dividing module is used for dividing at least one security area and associating the security policy with the defined category with the security equipment with the corresponding type; at least one security policy and at least one target security device should be included in one security zone;
the security policy configuration module is used for defining policy types, namely creating security policies of different categories, wherein the security policies comprise unique policies and general policies; representing the security policies of different categories with specific identifications; at least one security policy is configured into the security area according to the need;
the security device configuration module is used for configuring security devices of different types, dividing the security devices into one security area according to the need and only dividing the security devices into one security area, so as to prevent policy conflict;
the security policy issuing module is used for finding the security policy belonging to the security area through the security area where the security device is located, and issuing the security policy to the target security device through the type of the security policy.
Further, in the security policy configuration module, whether the security policy is a unique policy or a general policy is represented by binary.
Further, the security policies are associated with the security devices, and the security policies are checked at the same time to determine to which target security device each security policy is to be issued, and if a situation that the security devices cannot be associated exists, the security policies are skipped from being processed.
Further, the security policy is issued asynchronously by using a request and response mode, each request contains a unique request ID, and when the request is responded, the request ID needs to be contained in a response body.
A computer device comprising a memory and a processor, said memory storing a computer program, characterized in that said processor implements the steps of said security zone based policy management method when said computer program is executed.
A computer readable storage medium storing a computer program which when executed by a processor performs the steps of the secure enclave based policy management method.
The invention has the beneficial effects that:
according to the policy management method and device based on the security areas, different security areas are divided according to the deployment condition and implementation requirements of the field network, the general policy or the special policy is defined by combining the equipment types in each area, the security equipment is divided into the corresponding security areas, and the security policy belonging to the equipment is configured. Since each device can be divided into only one type of security area, the problem of policy conflict can be avoided. If multiple device policies in different areas need to be adjusted, the device policies can be modified in the corresponding security areas, and the policies can be updated through the security areas by issuing the policies once. The invention provides the concept of the safety area and the strategy type, and associates the safety area and the strategy type with the safety equipment, thereby not only improving the configuration and strategy issuing efficiency, but also meeting the requirements of users on general strategies and special strategies, and the division of the safety area is more convenient for the strategy management of the safety equipment.
Drawings
FIG. 1 is a flow chart of a conventional security policy management.
Fig. 2 is a flowchart of a security policy management method in embodiment 1 of the present invention.
Fig. 3 is a schematic structural diagram of a security policy management apparatus in embodiment 1 of the present invention.
Detailed Description
Specific embodiments of the present invention will now be described in order to provide a clearer understanding of the technical features, objects and effects of the present invention. It should be understood that the particular embodiments described herein are illustrative only and are not intended to limit the invention, i.e., the embodiments described are merely some, but not all, of the embodiments of the invention. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present invention.
Example 1
In a system composed of different types of security devices, a security supervision platform generally controls and manages each device uniformly, wherein the security supervision platform issues security policies to the security devices, for example, in the security supervision platform system, there are two different security devices including a firewall and an audit device, and there are three different security policies including a packet filtering policy, a protocol audit policy and a blacklist policy, the security supervision platform issues the packet filtering policy and the blacklist policy to a firewall device, issues the protocol audit policy and the blacklist policy to an audit device, and when the policies are validated, the firewall device can perform network protection based on the packet filtering policy and the blacklist policy, and the audit device can perform network audit based on the protocol audit policy and the blacklist policy.
As shown in fig. 1, when the security supervision platform manages the security policies of multiple security devices, one common management scheme is to issue the security policies to different security devices according to different types of security policies. In such a management scheme, when the security devices in the system are more in category and the security policies are more, multiple issues are required, resulting in reduced efficiency and difficult management.
As shown in fig. 2, the present embodiment provides a policy management method based on a secure area, which includes the following steps:
s1, defining a type for any security policy in the system, wherein the type of security policy represents a specific policy applicable to a certain type of security device or a general policy applicable to a plurality of types of security devices.
As described above, in practical applications, the security supervision platform is to manage security devices of different types, where each type of security device includes both a policy unique to itself and a general policy common to other security devices. For example, for a system including two types of security devices, namely a firewall device and an audit device, three types of policies, namely a packet filtering policy, a protocol audit policy and a blacklist policy, are also managed, wherein the packet filtering policy is a unique policy of the firewall device, the protocol audit policy is a unique policy of the audit device, and the blacklist policy is a general policy of the two types of security devices.
Under the above scenario, the packet filtering policy, the audit policy and the blacklist policy need to be classified respectively, and the policy class definition method is as follows, the specific policy of the firewall device is represented by binary 1, the specific policy of the audit device is represented by binary 10, and the general policies of both the firewall device and the audit device are represented by binary 11. Thus, in the above example, the class of packet filtering policies is 1, the class of auditing policies is 10, and the class of blacklist policies is 11.
S2, at least one safety area is configured according to the requirement, at least one safety strategy is configured in the safety area, and multiple strategies with different categories can be simultaneously configured in the same safety area.
It will be appreciated that, on the one hand, for the same type of security policy, the policy content is different when configured due to different locations where security devices are deployed, and so on. For a plurality of security policies with different contents, the security policies are configured into different security areas. On the other hand, according to the requirement, the firewall equipment and the auditing equipment are deployed in the same network, so that correspondingly, different types of security policies can be contained in one security area.
According to the above example, the firewall device is disposed on the network boundary of 192.168.1.0, so as to protect the network, and the packet filtering policy needs to be protected against the 192.168.1.0 network, while the other firewall is disposed on the network boundary of 192.168.2.0, so that the packet filtering policy needs to be protected against the 192.168.2.0 network. Meanwhile, two auditing devices are deployed in the 192.168.1.0 and 192.168.2.0 networks respectively in a mirror image mode, and two protocol auditing strategies are required to be configured at the moment, wherein the content of the two auditing devices is protocol auditing for the 192.168.1.0 and 192.168.2.0 networks respectively. Based on the above conditions, two secure areas a and B are divided, a packet filtering policy and an audit policy for 192.168.1.0 networks are configured into one secure area a, and a packet filtering policy and an audit policy for 192.168.2.0 networks are configured into the secure area B. In addition, there is a blacklist policy that applies to both firewall and audit devices, such that this policy is configured in both A, B security areas.
S3, a safety device configuration module is used for configuring safety devices of different types, and dividing the safety devices into one safety area and only one safety area according to requirements.
According to the above, the requirements of the location and the like where the security device is deployed in the network are different, and the requirements of the policy configuration are different. When the security policy is configured in the security area, the security policy in the security area will be issued to the security device as long as the security device is divided into the security area according to the actual requirement.
According to the above example, for a system managing 2 firewall devices and 2 audit devices, two areas A, B have been divided as required, at which time, only 1 firewall and 1 audit device corresponding to the deployment location need be assigned to the a security area, and the other firewall and audit device assigned to the B security area.
S4, for any safety device in the system, the safety strategy configured for the device is issued to the device.
According to the above, in the security area a, 1 firewall device and 1 audit device are allocated, and 1 packet filtering policy, 1 audit policy, and 1 blacklist policy are configured in the security area. Similarly, 1 firewall device and 1 audit device are allocated in the security area B, and 1 packet filtering policy, 1 audit policy and 1 blacklist policy are allocated in the security area B. At this time, the contents of the packet filtering policy and the audit policy in the security areas a and B are different, and the blacklist policy is the same.
When the strategy is issued, the packet filtering strategy, the auditing strategy and the blacklist strategy are issued to the corresponding target equipment only by issuing the strategy twice according to the safety areas A and B.
For example, when issuing the security policy configured in the security area, the security policy configured in the security area is first classified, according to the security policy class definition method, the packet filtering policy with the policy class 1 and the blacklist policy with the policy class 11 are issued to the firewall device, and the audit policy with the policy class 10 and the blacklist policy with the policy class 11 are issued to the audit device.
It should be noted that, for the sake of simplicity of description, the present embodiment is described as a series of combinations of actions, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously according to the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.
Example 2
This example is based on example 1:
as shown in fig. 3, the present embodiment provides a policy management device based on a secure area, for executing the policy management method of embodiment 1, where the device includes:
the security area dividing module M1 is configured to divide at least one security area, and is configured to associate a security policy of a defined class with a security device of a corresponding type. At least one security policy and at least one target device should be included in one security zone.
The security policy configuration module M2 is configured to define policy types, that is, create security policies of different types, including a unique policy and a general policy. The security policies of different categories are represented by specific identifications; at least one security policy is configured into the security zone as needed.
Specifically, the embodiment designs a method for classifying security policies, which indicates whether the security policies are specific or universal through binary, so that the security devices to which the policies are to be issued can be conveniently distinguished according to the method.
Optionally, an attribute may be defined to represent the version number of the current policy, and the version number is incremented after each policy update, so that when the current policy is issued to the target device, the device may compare the version number of the current policy with the issued version number, and if the version numbers are the same, the policy is not updated, and if the version number is greater than the current version number, the policy needs to be updated.
The security device configuration module M3 is used for configuring security devices of different types. The security devices are divided into one and only one security area according to the requirement, so that policy conflict is prevented.
Specifically, in the above scheme, the created security device is divided into at least one security domain, and one security device can be divided into only one security domain; it will be appreciated that when a security device is classified into a security zone, the security policies within the security zone that the class belongs to are configured. At this point, the policies within the secure area have fully satisfied the security policy requirements of the device. If the same security device is partitioned into another security area again, the issuing may cause a conflict if it has the same policy.
The security policy issuing module M4 is configured to find, for any security device in the system, a security policy belonging to a security area through the security area where the security device is located, and then issue the security policy to the security device through the type of the security policy.
Specifically, on the basis of the scheme, the security policies are associated with the security devices, meanwhile, the security policies are checked, each security policy is determined to be issued to which target device, and if the situation that the security devices cannot be associated exists, the security policies are skipped from being processed. When the system processes the response, the system can correspond to the request. At the time of issuing, there are two results of the response, one is that there is an error in the response and the other is that there is no response. For the condition of response error, the strategy is regulated according to the error prompt, and for the condition of no response, a timeout mechanism is designed, after timeout, the strategy is issued to the target equipment again, 3 times of timeout are continuously carried out, the timeout result is returned, the user checks whether the state of the equipment is on line or not, and the strategy is issued again after the problem is processed. When the target device receives the issued policy, the network is disconnected and cannot send a response to the management system, but the target device issues the policy, and when the policy is issued again, the issued policy can be selected to be updated or ignored according to the version number of the policy.
Example 2
This example is based on example 1:
the present embodiment provides a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the security zone-based policy management method and apparatus of embodiment 1 when the computer program is executed. Wherein the computer program may be in source code form, object code form, executable file or some intermediate form, etc.
Example 3
This example is based on example 1:
the present embodiment provides a computer readable storage medium storing a computer program which when executed by a processor implements the steps of the security zone based policy management method, apparatus of embodiment 1. Wherein the computer program may be in source code form, object code form, executable file or some intermediate form, etc. The storage medium includes: any entity or device capable of carrying computer program code, recording medium, computer memory, read-only memory (ROM), random-access memory (RAM), electrical carrier signals, telecommunications signals, and software distribution media, among others. It should be noted that the content of the storage medium may be appropriately increased or decreased according to the requirements of jurisdictions in which the legislation and the patent practice, such as in some jurisdictions, the storage medium does not include electrical carrier signals and telecommunication signals according to the legislation and the patent practice.
Claims (10)
1. The policy management method based on the security area is applied to a security supervision platform, and the security supervision platform is used for managing various security devices and security policies in a system, and is characterized in that the policy management method comprises the following steps:
defining a policy type for any security policy in the system according to the requirement, wherein the security policy of the type represents a specific policy applicable to a certain type of security device or a general policy applicable to a plurality of types of security devices;
for any safety area in the system, at least one safety strategy is configured into the safety area according to the requirement;
for any safety equipment in the system, the safety equipment is divided into a corresponding safety area according to the requirement, the safety strategy configured in the safety area is matched with the safety strategy belonging to the safety equipment according to the defined strategy type;
for any security device in the system, the configured security policy is issued to the security device;
the security policy is associated with the security device, and the security policy is checked at the same time to determine to which target device each security policy is to be issued, if the situation that the security device cannot be associated exists, the policy is skipped to be processed; when issuing, asynchronously issuing by using a request and response mode, wherein each request comprises a unique request ID; in response, the request ID needs to be contained in the response body, so that the system can correspond to the request when processing the response; for the condition of responding to the error, carrying out strategy adjustment according to the error prompt; for the condition of no response, when the time is overtime, the strategy is issued to the target equipment again, the time is overtime for a plurality of times continuously, the overtime result is returned, whether the state of the equipment is on line is checked, and the strategy is issued again after the problem is processed; when the target device receives the issued policy, the network is disconnected and cannot send a response to the management system, but the target device issues the policy again, and when the target device issues the policy again, the issued policy is selected to be updated or ignored according to the version number of the policy.
2. The security zone-based policy management method according to claim 1, wherein whether the security policy is a unique policy or a general policy is represented by binary.
3. The method of claim 1, wherein for any security zone in the system, the unique policy or the plurality of general policies are configured to the same security zone at the same time according to the requirements and deployment environment.
4. The security zone-based policy management method of claim 1, wherein each type of security device includes both its own unique policy and common policies of other security devices.
5. A policy management device based on a security area, applied to a security supervision platform, where the security supervision platform is used to manage security policies of different security devices in a system, where the policy management device includes:
the security area dividing module is used for dividing at least one security area and associating the security policy with the defined category with the security equipment with the corresponding type; at least one security policy and at least one target security device should be included in one security zone;
the security policy configuration module is used for defining policy types, namely creating security policies of different categories, wherein the security policies comprise unique policies and general policies; representing the security policies of different categories with specific identifications; at least one security policy is configured into the security area according to the need;
the security device configuration module is used for configuring security devices of different types, dividing the security devices into one security area according to the need and only dividing the security devices into one security area, so as to prevent policy conflict;
the security policy issuing module is used for finding out the security policy belonging to the security area through the security area where the security device is located, and issuing the security policy to the target security device through the type of the security policy;
the security policy is associated with the security device, and the security policy is checked at the same time to determine to which target device each security policy is to be issued, if the situation that the security device cannot be associated exists, the policy is skipped to be processed; when issuing, asynchronously issuing by using a request and response mode, wherein each request comprises a unique request ID; in response, the request ID needs to be contained in the response body, so that the system can correspond to the request when processing the response; for the condition of responding to the error, carrying out strategy adjustment according to the error prompt; for the condition of no response, when the time is overtime, the strategy is issued to the target equipment again, the time is overtime for a plurality of times continuously, the overtime result is returned, whether the state of the equipment is on line is checked, and the strategy is issued again after the problem is processed; when the target device receives the issued policy, the network is disconnected and cannot send a response to the management system, but the target device issues the policy again, and when the target device issues the policy again, the issued policy is selected to be updated or ignored according to the version number of the policy.
6. The security zone-based policy management apparatus according to claim 5, wherein the security policy configuration module indicates whether the security policy is a unique policy or a general policy by binary.
7. The security zone based policy management apparatus according to claim 5, wherein the security policies are associated with the security devices while checking the security policies to determine to which target security device each security policy is to be issued, and if there is a case where the security devices cannot be associated, the security policies are skipped from being processed.
8. The security zone-based policy management apparatus according to claim 7, wherein the security policy is issued asynchronously using a request and a response, each request including a unique request ID, and the request ID is included in the response body when the request is responded.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the security zone based policy management method of any of claims 1-4 when the computer program is executed.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the security zone based policy management method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111409959.7A CN114205125B (en) | 2021-11-25 | 2021-11-25 | Policy management method, device, equipment and medium based on security area |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111409959.7A CN114205125B (en) | 2021-11-25 | 2021-11-25 | Policy management method, device, equipment and medium based on security area |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114205125A CN114205125A (en) | 2022-03-18 |
| CN114205125B true CN114205125B (en) | 2024-03-29 |
Family
ID=80648846
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111409959.7A Active CN114205125B (en) | 2021-11-25 | 2021-11-25 | Policy management method, device, equipment and medium based on security area |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114205125B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1988478A (en) * | 2006-12-14 | 2007-06-27 | 上海交通大学 | Integrated tactic managing system based on expandable label language |
| WO2016118478A2 (en) * | 2015-01-20 | 2016-07-28 | Cisco Technology, Inc. | Security policy unification across different security products |
| CN106572112A (en) * | 2016-11-09 | 2017-04-19 | 北京小米移动软件有限公司 | Access control method and device |
| CN108880860A (en) * | 2018-05-24 | 2018-11-23 | 杭州迪普科技股份有限公司 | A kind of policy management method and device |
| CN109150866A (en) * | 2018-08-09 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of policy distribution feedback and check system and method |
| CN110191118A (en) * | 2019-05-28 | 2019-08-30 | 哈尔滨工程大学 | A kind of unified charge method and system of network-oriented safety equipment |
| CN110348201A (en) * | 2019-05-22 | 2019-10-18 | 中国科学院信息工程研究所 | A kind of configuration method and device of device security policy |
| CN110636030A (en) * | 2018-06-21 | 2019-12-31 | 全球能源互联网研究院有限公司 | Hierarchical safety management and control method and system for electric power mobile terminal |
| CN112637149A (en) * | 2020-12-11 | 2021-04-09 | 广东电力通信科技有限公司 | Data communication method between asymmetric security policy partitions |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9727733B2 (en) * | 2011-08-24 | 2017-08-08 | International Business Machines Corporation | Risk-based model for security policy management |
| US9401933B1 (en) * | 2015-01-20 | 2016-07-26 | Cisco Technology, Inc. | Classification of security policies across multiple security products |
| US11368496B2 (en) * | 2019-06-11 | 2022-06-21 | Zscaler, Inc. | Automatic network application security policy expansion |
-
2021
- 2021-11-25 CN CN202111409959.7A patent/CN114205125B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1988478A (en) * | 2006-12-14 | 2007-06-27 | 上海交通大学 | Integrated tactic managing system based on expandable label language |
| WO2016118478A2 (en) * | 2015-01-20 | 2016-07-28 | Cisco Technology, Inc. | Security policy unification across different security products |
| CN106572112A (en) * | 2016-11-09 | 2017-04-19 | 北京小米移动软件有限公司 | Access control method and device |
| CN108880860A (en) * | 2018-05-24 | 2018-11-23 | 杭州迪普科技股份有限公司 | A kind of policy management method and device |
| CN110636030A (en) * | 2018-06-21 | 2019-12-31 | 全球能源互联网研究院有限公司 | Hierarchical safety management and control method and system for electric power mobile terminal |
| CN109150866A (en) * | 2018-08-09 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of policy distribution feedback and check system and method |
| CN110348201A (en) * | 2019-05-22 | 2019-10-18 | 中国科学院信息工程研究所 | A kind of configuration method and device of device security policy |
| CN110191118A (en) * | 2019-05-28 | 2019-08-30 | 哈尔滨工程大学 | A kind of unified charge method and system of network-oriented safety equipment |
| CN112637149A (en) * | 2020-12-11 | 2021-04-09 | 广东电力通信科技有限公司 | Data communication method between asymmetric security policy partitions |
Non-Patent Citations (2)
| Title |
|---|
| Cataldo Basile ; Antonio Lioy ; Christian Pitscheider ; Fulvio Valenza ; Marco Vallini.A novel approach for integrating security policy enforcement with dynamic network virtualization.《Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft)》.2015,全文. * |
| 基于动态策略的移动警务终端安全管控系统的设计与实现;樊志杰; 郑长松; 曹志威;《计算机测量与控制》;第第29卷卷(第第6期期);219-223页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114205125A (en) | 2022-03-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5889953A (en) | Policy management and conflict resolution in computer networks | |
| US7921089B2 (en) | Feature based data management | |
| US6381639B1 (en) | Policy management and conflict resolution in computer networks | |
| US20020184525A1 (en) | Style sheet transformation driven firewall access list generation | |
| CN111147528B (en) | Method for managing network security policy | |
| CN112291298B (en) | Data transmission method, device, computer equipment and storage medium of heterogeneous system | |
| KR20210042241A (en) | Device access control method and apparatus for internet of things | |
| CN113064948B (en) | Efficient and safe data service publishing method | |
| US20090293100A1 (en) | Apparatus and method for checking pc security | |
| US20090006636A1 (en) | System & method for automatically registering a client device | |
| CN112235193A (en) | Data transmission method, device, equipment and medium based on cross-network multi-level routing | |
| CN114205125B (en) | Policy management method, device, equipment and medium based on security area | |
| US10541872B2 (en) | Network policy distribution | |
| US20240095382A1 (en) | Data protection method and vehicle | |
| CN112202711A (en) | Network access control method and device of terminal, electronic equipment and storage medium | |
| CN104717188A (en) | Asset object security protection system and method in industrial control firewall | |
| CN110717645A (en) | Intelligent networking automobile information safety asset identification method based on domain division business | |
| AU2021231671B2 (en) | Systems and methods for implementing universal targets in network traffic classification | |
| CN115174177A (en) | Authority management method, device, electronic apparatus, storage medium and program product | |
| CN114338405A (en) | Method and system for realizing cloud platform tenant-level network policy configuration based on Kubernetes | |
| CN108462713B (en) | Method and system for client to perform credibility verification | |
| AU1623199A (en) | Method and apparatus for multi-stage data filtering by a single device | |
| US11979292B1 (en) | Virtual network interface management for network functions using network definitions | |
| CN115801470B (en) | Micro-isolation method, device and equipment for adaptive cluster network and readable medium | |
| CN114710491B (en) | Protection method of database cluster, database firewall and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |