CN105812326B - A kind of centralized control method and system of isomery firewall policy - Google Patents
A kind of centralized control method and system of isomery firewall policy Download PDFInfo
- Publication number
- CN105812326B CN105812326B CN201410848484.5A CN201410848484A CN105812326B CN 105812326 B CN105812326 B CN 105812326B CN 201410848484 A CN201410848484 A CN 201410848484A CN 105812326 B CN105812326 B CN 105812326B
- Authority
- CN
- China
- Prior art keywords
- firewall
- network security
- firewall rule
- rule
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of centralized control method and systems of isomery firewall policy, comprising: respectively according to the different fire-proof model of different manufacturers, different fire prevention wall forms is customized using xml high abstraction modelling technique.Selection fire prevention wall form, for the distinct device of same model firewall, building is applied to the network security combined strategy of distinct device in fire prevention wall form, includes one or more firewall rules in each network security combined strategy.Firewall rule is combined, delete and/or is modified, and to the combination, delete and/or modify and be monitored.By the one or many citation network security combination strategies of scheduling engine, execute firewall rule issue and/or not timing is synchronous.Scheme through the invention can satisfy high efficiency network security control demand.
Description
Technical field
The present invention relates to computer network security application field more particularly to a kind of centralized controls of isomery firewall policy
Method and system.
Background technique
With the high speed development of IT application in enterprises, each viroid, wooden horse, illegal invasion are just seriously threatening the network of enterprise
Safety." patron saint " of the firewall as maintaining enterprise network security, the just of interest, use by more and more enterprises.Fire prevention
Wall has been effectively isolated the Intranet and outer network environment of enterprise, by scientific allocation, reasonable security strategy, to different trust regions
Data flow effectively controlled, unreasonable strategy configuration will make it perform practically no function.The increasingly complication of network environment,
The continuous improvement of demand for security, the upgrading repeatedly of undue influence, an urgent demand can in time, rationally, efficient grasp and adjustment
The firewall security policy of variant position in network realizes the safeguard protection effect of firewall conscientiously.
Summary of the invention
To solve the above-mentioned problems, the invention proposes a kind of centralized control method and system of isomery firewall policy,
It can satisfy high efficiency network security control demand.
In order to achieve the above object, the invention proposes a kind of centralized control method of isomery firewall policy, this method
Include:
Respectively according to the different fire-proof model of different manufacturers, customized using xml high abstraction modelling technique different anti-
Wall with flues template.
Selection fire prevention wall form is constructed in fire prevention wall form and is applied to for the distinct device of same model firewall
The network security combined strategy of distinct device includes one or more firewall rules in each network security combined strategy.
Firewall rule is combined, delete and/or is modified, and to the combination, delete and/or modify and be monitored.
By the one or many citation network security combination strategies of scheduling engine, execute firewall rule issue and/or
Not timing is synchronous.
Preferably, this method further include: the firewall of each model can only customize a fire prevention wall form, each fire prevention
Wall form completes the synchronous task of the firewall rule binding in fire prevention wall form and/or issues task;Same model is prevented
The firewall rule of wall with flues customization can be applied in combination simultaneously, and the firewall rule of the firewall customization of different model can not be same
When be applied in combination.
Preferably, for the distinct device of same model firewall, building is applied to distinct device in fire prevention wall form
Network security combined strategy refer to: according to the different situations of distinct device, the network security policy of every kind of equipment is formulated, when this
When network security policy is not able to satisfy network security and needs, prepared network security policy is added or to previously made
Fixed multiple network security policies are combined, and construct multiple network security policies of the various combination of same model firewall.
Preferably, firewall rule is combined, deleted and/or modified and referred to: according to network security demand, deleting net
Useless firewall rule in network security combination strategy, and current firewall rule in network security combined strategy cannot expire
When sufficient network security demand, formulates new firewall rule or the firewall rule previously formulated is reconfigured.
Preferably, execute the synchronization of firewall rule the following steps are included:
It is detection origin with administrative center's firewall objects of managed network, from target of the detection origin into managed network
Node sends detection firewall rule data packet.
Each destination node is acquired to the feedback information packet of detection firewall rule data packet, feedback information packet is parsed, obtains
The detection feedback information information of each destination node is taken, detection feedback information information includes detection destination address and detective path letter
Breath.
Traversal and duplicate removal processing are carried out to the path of detection feedback information information, obtain acl list, the address pair of firewall
As, address group objects, service object, service group object, time object, equipment Regulation version snapshot, execute record management.
Preferably, this method further include: after carrying out traversal parsing to the implementing result that firewall rule each time issues
The implementing result for executing snapshot, and two same firewall rules under different time being selected to issue, to two implementing results
Snapshot edition comparison is carried out, and the difference of two snapshot versions is labeled.
The present invention also proposes a kind of centralized control system of isomery firewall policy, the system include: template customized module,
Network security combined strategy constructs module, firewall rule manages module, firewall rule issues and synchronization module.
Template customized module, for respectively according to the different fire-proof model of different manufacturers, using xml high abstraction model
Technology customizes different fire prevention wall forms.
Network security combined strategy constructs module, for selecting fire prevention wall form, for the difference of same model firewall
Equipment, building is applied to the network security combined strategy of distinct device, each network security combined strategy in fire prevention wall form
In include one or more firewall rules.
Firewall rule manage module, for being combined, deleting and/or modifying to firewall rule, and to the combination,
It deletes and/or modifies and be monitored.
Firewall rule issues and synchronization module, for passing through the one or many citation network security combination plans of scheduling engine
Slightly, execute firewall rule issue and/or not timing is synchronous.
Preferably, network security combined strategy building module is also used to: according to the different situations of distinct device, formulating every kind
The network security policy of equipment, when network security policy, which is not able to satisfy network security, to be needed, to prepared network security plan
It is slightly added or previous prepared multiple network security policies is combined, construct different groups of same model firewall
The multiple network security policies closed.
Preferably, firewall rule control module is also used to: according to network security demand, deleting network security combined strategy
In useless firewall rule, and current firewall rule in network security combined strategy is not able to satisfy network security demand
When, it formulates new firewall rule or the firewall rule previously formulated is reconfigured.
Preferably, firewall rule, which is issued, is also used to execute the same of firewall rule by following steps with synchronization module
Step:
It is detection origin with administrative center's firewall objects of managed network, from target of the detection origin into managed network
Node sends detection firewall rule data packet.
Each destination node is acquired to the feedback information packet of detection firewall rule data packet, feedback information packet is parsed, obtains
The detection feedback information information of each destination node is taken, detection feedback information information includes detection destination address and detective path letter
Breath.
Traversal and duplicate removal processing are carried out to the path of detection feedback information information, obtain acl list, the address pair of firewall
As, address group objects, service object, service group object, time object, equipment Regulation version snapshot, execute record management.
Preferably, which further includes snapshot module, and the implementing result for issuing to firewall rule each time carries out
The implementing result for executing snapshot after traversal parsing, and two same firewall rules under different time being selected to issue is right
Two implementing results carry out snapshot edition comparison, and are labeled to the difference of two snapshot versions.
Compared with prior art, the present invention includes: the different fire-proof model according to different manufacturers respectively, using xml high
Degree abstract model technology customizes different fire prevention wall forms.Selection fire prevention wall form, sets for the difference of same model firewall
Standby, building is applied to the network security combined strategy of distinct device in fire prevention wall form, in each network security combined strategy
Include one or more firewall rules.Firewall rule is combined, delete and/or is modified, and to the combination, delete
And/or modification is monitored.By the one or many citation network security combination strategies of scheduling engine, firewall rule is executed
It issues and/or not timing is synchronous.Scheme through the invention can satisfy high efficiency network security control demand.
Detailed description of the invention
The attached drawing in the embodiment of the present invention is illustrated below, the attached drawing in embodiment be for of the invention into one
Step understands, is used to explain the present invention, does not constitute a limitation on the scope of protection of the present invention together with specification.
Fig. 1 is the centralized control method flow diagram of isomery firewall policy of the invention;
Fig. 2 is the centralized control system block diagram of isomery firewall policy of the invention.
Specific embodiment
For the ease of the understanding of those skilled in the art, the invention will be further described with reference to the accompanying drawing, not
It can be used to limit the scope of the invention.
Traditional both firewall operations rule issues, need to write by third party's tool many cumbersome instructions be handed down to manually it is anti-
Wall with flues, although instruction can also be handed down to corresponding firewall by this method, so that the effect to firewall control is played,
It issues and once command is once write again to a firewall, cumbersome efficiency is very low.
Therefore the working method for needing to find a kind of higher efficiency meets high efficiency network security control demand.To understand
The certainly above problem, example of the invention provide a kind of corresponding method that multiple firewalls can be used of strategy customization.
Specifically, the invention proposes a kind of centralized control methods of isomery firewall policy, as shown in Figure 1, this method
Include:
S101, respectively according to the different fire-proof model of different manufacturers, customized using xml high abstraction modelling technique different
Fire prevention wall form.
The embodiment of the present invention is based on the further investigation managed to Network Security Device, the comprehensive spy for using firewall box
Point creates a template using certain Cisco, Huawei, juniper firewall as each model of example.
S102, selection fire prevention wall form are constructed in fire prevention wall form and are answered for the distinct device of same model firewall
The network security combined strategy of distinct device is used, includes one or more firewall rule in each network security combined strategy
Then.
Each template creates one or more prefabricated firewall rule of a strategy, not with spare same money firewall
With the equipment calls strategy, such combined strategy can be applied to one or more firewall boxes.
Preferably, for the distinct device of same model firewall, building is applied to distinct device in fire prevention wall form
Network security combined strategy refer to: according to the different situations of distinct device, the network security policy of every kind of equipment is formulated, when this
When network security policy is not able to satisfy network security and needs, prepared network security policy is added or to previously made
Fixed multiple network security policies are combined, and construct multiple network security policies of the various combination of same model firewall.
S103, firewall rule is combined, delete and/or is modified, and to the combination, delete and/or modify progress
Monitoring.
Preferably, this method further include: the firewall of each model can only customize a fire prevention wall form, each fire prevention
Wall form completes the synchronous task of the firewall rule binding in fire prevention wall form and/or issues task;Same model is prevented
The firewall rule of wall with flues customization can be applied in combination simultaneously, and the firewall rule of the firewall customization of different model can not be same
When be applied in combination.
Preferably, firewall rule is combined, deleted and/or modified and referred to: according to network security demand, deleting net
Useless firewall rule in network security combination strategy, and current firewall rule in network security combined strategy cannot expire
When sufficient network security demand, formulates new firewall rule or the firewall rule previously formulated is reconfigured.
In this step, rule can be issued to firewall before strategy is called and be combined, this form mainly for
Safety equipment upgrading, rule binding.Rule can be issued to firewall before strategy is called to carry out deleting modification etc., this shape
Formula upgrades mainly for safety equipment, rule changes, modification of orders.
S104, pass through the one or many citation network security combination strategies of scheduling engine, execute issuing for firewall rule
And/or not timing is synchronous.
Preferably, execute the synchronization of firewall rule the following steps are included:
It S1041, take administrative center's firewall objects of managed network as detection origin, from detection origin into managed network
Destination node send detection firewall rule data packet.(tri- sections of Cisco, Huawei, juniper mainstream firewalls)
S1042, each destination node of acquisition parse feedback information to the feedback information packet of detection firewall rule data packet
Packet, obtains the detection feedback information information of each destination node, and detection feedback information information includes detection destination address and detection
Routing information.
S1043, to detection feedback information information path carry out traversal and duplicate removal processing, obtain firewall acl list,
Address object, service object, service group object, time object, equipment Regulation version snapshot, executes record pipe at address group objects
Reason.
Preferably, in the case where authorizing network environment, manual synchronization firewall rule can be used, is specifically included:
From a certain producer's firewall, manual synchronization obtains firewall acl list, address object, address group objects, service pair
As, service group object, time object, equipment Regulation version snapshot, execute record management etc..
Preferably, this method further include: after carrying out traversal parsing to the implementing result that firewall rule each time issues
The implementing result for executing snapshot, and two same firewall rules under different time being selected to issue, to two implementing results
Snapshot edition comparison is carried out, and the difference of two snapshot versions is labeled.
Preferably, this method further include: under non-artificial mode, timing carries out the inspection about network security combined strategy
It looks into, which includes being judged with content combined strategy the process strategy of firewall rule change, and determining the process
Being alerted when violation problem occur in strategy and content combined strategy.And implementation strategy checks problem informing function, the function
It is realized based on workflow system, the problem of advising report is closed in output as unit of equipment, by the problem report with one starting of work order
Equipment responsible person is given, request handles violation problem.
The present invention also proposes a kind of centralized control system 01 of isomery firewall policy, as shown in Fig. 2, the system includes:
Template customized module 02, network security combined strategy building module 03, firewall rule control module 04, firewall rule issue
With synchronization module 05.
Template customized module 02, for respectively according to the different fire-proof model of different manufacturers, using xml high abstraction mould
Type technology customizes different fire prevention wall forms.
Network security combined strategy constructs module 03, for selecting fire prevention wall form, not for same model firewall
Same equipment, building is applied to the network security combined strategy of distinct device in fire prevention wall form, and each network security combines plan
Include one or more firewall rules in slightly.
Firewall rule manages module 04, for being combined, deleting and/or modifying to firewall rule, and to the group
It closes, delete and/or modifies and be monitored.
Firewall rule issue with synchronization module 05, for pass through the one or many citation network security combinations of scheduling engine
Strategy, execute firewall rule issue and/or not timing is synchronous.
Preferably, network security combined strategy building module 03 is also used to: according to the different situations of distinct device, being formulated every
The network security policy of kind equipment, when network security policy, which is not able to satisfy network security, to be needed, to prepared network security
Strategy is added or is combined to previous prepared multiple network security policies, constructs the difference of same model firewall
Multiple network security policies of combination.
Preferably, firewall rule control module 04 is also used to: according to network security demand, being deleted network security and is combined plan
Useless firewall rule in slightly, and current firewall rule in network security combined strategy is not able to satisfy network security and needs
When asking, formulates new firewall rule or the firewall rule previously formulated is reconfigured.
Preferably, firewall rule, which is issued, is also used to execute the same of firewall rule by following steps with synchronization module 05
Step:
It is detection origin with administrative center's firewall objects of managed network, from target of the detection origin into managed network
Node sends detection firewall rule data packet.
Each destination node is acquired to the feedback information packet of detection firewall rule data packet, feedback information packet is parsed, obtains
The detection feedback information information of each destination node is taken, detection feedback information information includes detection destination address and detective path letter
Breath.
Traversal and duplicate removal processing are carried out to the path of detection feedback information information, obtain acl list, the address pair of firewall
As, address group objects, service object, service group object, time object, equipment Regulation version snapshot, execute record management.
Preferably, which further includes snapshot module 06, the implementing result for being issued to firewall rule each time into
The implementing result for executing snapshot after row traversal parsing, and two same firewall rules under different time being selected to issue,
Snapshot edition comparison is carried out to two implementing results, and the difference of two snapshot versions is labeled.
The centralized management of firewall policy facilitates from global angle and understands each firewall policy configuring condition, improves
Plan as a whole, manage each local firewall policy configuration capabilities, supporting timely, efficient process burst firewall policy configuration needs
It wants, has ensured the orderly progress of enterprise's commodity network trouble free service.
It should be noted that embodiment described above be merely for convenience of it will be understood by those skilled in the art that, and
It is not used in and limits the scope of the invention, under the premise of not departing from inventive concept of the invention, those skilled in the art couple
Any obvious replacement and improvement that the present invention is made etc. are within the scope of the present invention.
Claims (11)
1. a kind of centralized control method of isomery firewall policy, which is characterized in that the described method includes:
Respectively according to the different fire-proof model of different manufacturers, different firewalls is customized using xml high abstraction modelling technique
Template;
The fire prevention wall form is selected, for the distinct device of same model firewall, constructs and answers in the fire prevention wall form
The network security combined strategy of the distinct device is used, is prevented in each network security combined strategy comprising one or more
Wall with flues rule;
The firewall rule is combined, deleted and/or modified, and to it is described combination, delete and/or modify and supervise
Control;
By the one or many reference network security combined strategies of scheduling engine, issuing for the firewall rule is executed
And/or not timing is synchronous.
2. the method as described in claim 1, which is characterized in that the method also includes: the firewall of each model can only
A fire prevention wall form is customized, completes the firewall rule in the fire prevention wall form in each fire prevention wall form
The synchronous task then bound and/or issue task;It can be simultaneously to the firewall rule of the firewall customization of same model
It is applied in combination, the firewall rule of the firewall customization of different model can not be applied in combination simultaneously.
3. the method as described in claim 1, which is characterized in that the distinct device for same model firewall, in institute
It states the network security combined strategy that building is applied to the distinct device in fire prevention wall form to refer to: according to the distinct device
Different situations formulate the network security policy of every kind of equipment, when the network security policy, which is not able to satisfy network security, to be needed,
The prepared network security policy is added or group is carried out to previous prepared multiple network security policies
It closes, constructs multiple network security policies of the various combination of the same model firewall.
4. the method as described in claim 1, which is characterized in that it is described the firewall rule is combined, delete and/or
Modification refers to: according to network security demand, delete the firewall rule useless in the network security combined strategy, and
When the current firewall rule is not able to satisfy the network security demand in the network security combined strategy, formulate new
The firewall rule reconfigures the firewall rule previously formulated.
5. the method as described in claim 1, which is characterized in that the synchronization for executing the firewall rule includes following step
It is rapid:
It is detection origin with administrative center's firewall objects of managed network, from the detection origin into the managed network
Destination node sends detection firewall rule data packet;
Each destination node is acquired to the feedback information packet of the detection firewall rule data packet, parses the feedback number
According to packet, the detection feedback information information of each destination node is obtained, the detection feedback information information includes detection target
Address and detecting routing information;
To it is described detection feedback information information path carry out traversal and duplicate removal processing, obtain the firewall acl list,
Location object, service object, service group object, time object, equipment Regulation version snapshot, executes record management at address group objects.
6. the method as described in claim 1, which is characterized in that the method also includes: to the firewall rule each time
The implementing result issued carries out executing snapshot after traversal parsing, and selects two same firewall rules under different time
The implementing result issued carries out snapshot edition comparison to two implementing results, and to the difference of two snapshot versions
It is labeled.
7. a kind of centralized control system of isomery firewall policy, which is characterized in that the system comprises: template customized module,
Network security combined strategy constructs module, firewall rule manages module, firewall rule issues and synchronization module;
The template customized module, for respectively according to the different fire-proof model of different manufacturers, using xml high abstraction model
Technology customizes different fire prevention wall forms;
The network security combined strategy constructs module, for selecting the fire prevention wall form, for same model firewall
Distinct device, building is applied to the network security combined strategy of the distinct device in the fire prevention wall form, each described
Include one or more firewall rules in network security combined strategy;
The firewall rule manages module, for the firewall rule to be combined, deletes and/or modified, and to institute
Combination is stated, deletes and/or modifies and be monitored;
The firewall rule issues and synchronization module, for passing through the one or many reference network security groups of scheduling engine
Close strategy, execute the firewall rule issue and/or not timing is synchronous.
8. system as claimed in claim 7, which is characterized in that the network security combined strategy building module is also used to: root
According to the different situations of the distinct device, the network security policy of every kind of equipment is formulated, when the network security policy cannot expire
When sufficient network security needs, the prepared network security policy is added or to previous prepared multiple nets
Network security strategy is combined, and constructs multiple network security policies of the various combination of the same model firewall.
9. system as claimed in claim 7, which is characterized in that the firewall rule control module is also used to: according to network
Demand for security is deleted the firewall rule useless in the network security combined strategy, and is combined in the network security
When the current firewall rule is not able to satisfy the network security demand in strategy, formulate the new firewall rule or
The firewall rule previously formulated is reconfigured.
10. system as claimed in claim 7, which is characterized in that the firewall rule is issued to be also used to lead to synchronization module
Cross the synchronization that following steps execute the firewall rule:
It is detection origin with administrative center's firewall objects of managed network, from the detection origin into the managed network
Destination node sends detection firewall rule data packet;
Each destination node is acquired to the feedback information packet of the detection firewall rule data packet, parses the feedback number
According to packet, the detection feedback information information of each destination node is obtained, the detection feedback information information includes detection target
Address and detecting routing information;
To it is described detection feedback information information path carry out traversal and duplicate removal processing, obtain the firewall acl list,
Location object, service object, service group object, time object, equipment Regulation version snapshot, executes record management at address group objects.
11. system as claimed in claim 7, which is characterized in that the system also includes snapshot modules, for institute each time
It states the implementing result that firewall rule issues to carry out executing snapshot after traversal parsing, and selection two is same under different time
The implementing result that one firewall rule issues carries out snapshot edition comparison to two implementing results, and described fast to two
It is labeled according to the difference of version.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410848484.5A CN105812326B (en) | 2014-12-29 | 2014-12-29 | A kind of centralized control method and system of isomery firewall policy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410848484.5A CN105812326B (en) | 2014-12-29 | 2014-12-29 | A kind of centralized control method and system of isomery firewall policy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105812326A CN105812326A (en) | 2016-07-27 |
| CN105812326B true CN105812326B (en) | 2019-06-11 |
Family
ID=56420247
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410848484.5A Active CN105812326B (en) | 2014-12-29 | 2014-12-29 | A kind of centralized control method and system of isomery firewall policy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105812326B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106973058A (en) * | 2017-03-31 | 2017-07-21 | 北京奇艺世纪科技有限公司 | A kind of Web application firewalls rule update method, apparatus and system |
| CN108040055A (en) * | 2017-12-14 | 2018-05-15 | 广东天网安全信息科技有限公司 | A kind of fire wall combined strategy and safety of cloud service protection |
| CN108092979B (en) * | 2017-12-20 | 2021-05-28 | 国家电网公司 | Firewall policy processing method and device |
| CN108650222B (en) * | 2018-03-29 | 2020-10-02 | 华付云技术(深圳)有限公司 | Firewall rule updating method and system based on stretching filtering |
| CN109413017B (en) * | 2018-04-28 | 2020-07-31 | 武汉思普崚技术有限公司 | Method and system for managing heterogeneous firewall |
| CN108429774A (en) * | 2018-06-21 | 2018-08-21 | 蔡梦臣 | A kind of firewall policy centralized optimization management method and its system |
| CN109714197B (en) * | 2018-12-12 | 2021-09-21 | 杭州迪普科技股份有限公司 | Method and device for configuring centralized control strategy in centralized control |
| CN109413110A (en) * | 2018-12-19 | 2019-03-01 | 武汉思普崚技术有限公司 | A kind of method and system of the managing main frame strategy based on firewall policy linkage |
| CN109547502A (en) * | 2019-01-22 | 2019-03-29 | 成都亚信网络安全产业技术研究院有限公司 | Firewall ACL management method and device |
| CN110011971B (en) * | 2019-03-03 | 2022-04-12 | 杭州立思辰安科科技有限公司 | Manual configuration method of network security policy |
| CN109862042A (en) * | 2019-03-27 | 2019-06-07 | 泰萍科技(杭州)有限公司 | A kind of isomeric network security reinforcement means and device |
| WO2021226781A1 (en) * | 2020-05-11 | 2021-11-18 | 深圳市欢太科技有限公司 | Firewall rule updating method and apparatus, server, and storage medium |
| CN113037752B (en) * | 2021-03-09 | 2022-09-27 | 北京计算机技术及应用研究所 | Lightweight heterogeneous firewall policy acquisition method and system |
| CN113709099B (en) * | 2021-07-12 | 2023-11-07 | 新华三大数据技术有限公司 | Mixed cloud firewall rule issuing method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1604541A (en) * | 2004-11-01 | 2005-04-06 | 沈明峰 | Security policy based network security management system and method |
| CN1988478A (en) * | 2006-12-14 | 2007-06-27 | 上海交通大学 | Integrated tactic managing system based on expandable label language |
-
2014
- 2014-12-29 CN CN201410848484.5A patent/CN105812326B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1604541A (en) * | 2004-11-01 | 2005-04-06 | 沈明峰 | Security policy based network security management system and method |
| CN1988478A (en) * | 2006-12-14 | 2007-06-27 | 上海交通大学 | Integrated tactic managing system based on expandable label language |
Non-Patent Citations (1)
| Title |
|---|
| "浅谈多重异构防火墙网络环境下的安全策略管理";乔辉;《科技研究》;20120519;第1页 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105812326A (en) | 2016-07-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105812326B (en) | A kind of centralized control method and system of isomery firewall policy | |
| US9749361B2 (en) | Security device controller | |
| CN108965289B (en) | A kind of network security collaboration means of defence and system | |
| US20200356678A1 (en) | Cybersecurity vulnerability mitigation framework | |
| CN108040055A (en) | A kind of fire wall combined strategy and safety of cloud service protection | |
| CN104734872B (en) | A kind of industrial backhaul network implementation method and system based on software defined network | |
| US20160127418A1 (en) | Policy-guided fulfillment of a cloud service | |
| US20070299953A1 (en) | Centralized work distribution management | |
| JP2011100443A (en) | Integrated unified threat management for process control system | |
| KR20170054449A (en) | Systems and methods for network analysis and reporting | |
| CN101399698A (en) | Safety management system, device and method | |
| US10164908B2 (en) | Filtration of network traffic using virtually-extended ternary content-addressable memory (TCAM) | |
| CN105474171A (en) | Model-based approach to intelligent automation in a computing domain | |
| CN109379217A (en) | A kind of different producer's arranging service device of Metropolitan Area Network (MAN) | |
| CN110324334A (en) | Secure group policy management method, device, equipment and computer readable storage medium | |
| US11157292B2 (en) | Instance mapping engine and tools | |
| CN103281202B (en) | The system and its front end rendering method of a kind of browser/server framework | |
| CN105282099A (en) | Firewall command generation method and device | |
| AU2018217230B2 (en) | Automated system for optimizing batch processing time | |
| CN103942474A (en) | Method for controlling permission three-dimensional model system in software project management process | |
| Daniel et al. | Seamless enablement of intelligent protection for enterprise cloud applications through service store | |
| CN104426695B (en) | A kind of heterogeneous types equipment account management method and system | |
| Li et al. | GolfEngine: Network management system for software defined networking | |
| Massonet et al. | Idea: Optimising multi-cloud deployments with security controls as constraints | |
| Karafili et al. | Automatic firewalls’ configuration using argumentation reasoning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |