CN111147528A - Method for managing network security policy - Google Patents
Method for managing network security policy Download PDFInfo
- Publication number
- CN111147528A CN111147528A CN202010259752.5A CN202010259752A CN111147528A CN 111147528 A CN111147528 A CN 111147528A CN 202010259752 A CN202010259752 A CN 202010259752A CN 111147528 A CN111147528 A CN 111147528A
- Authority
- CN
- China
- Prior art keywords
- network security
- security policy
- management module
- host
- minimum function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method for managing network security policy, comprising: A. grouping all resources related to all host systems according to a minimum function module; B. setting a set of minimum function modules with the same network resource access authority as a role according to the calling relation among different host systems; C. the asset information is stored through an asset management module and is synchronized into corresponding firewall equipment when a new resource is added or a resource is changed; D. the network security policy management module generates a network security policy based on role control according to the calling relationship among different host systems, and then configures the network security policy into firewall equipment, and the network security policy management module updates the configuration state of the network security policy. The invention obviously reduces the number of items of the network security policy, manages the network security policy based on the actual function classification, and can ensure the network security to the maximum extent and facilitate the subsequent adjustment of the network security policy.
Description
Technical Field
The invention relates to the field of network security, in particular to a method for managing network security policies.
Background
The firewall is widely applied to the network environment of each enterprise as a basic network security device. The network security access control system is the only access of information among different networks or network security domains, can control (allow, reject and monitor) information flow entering and exiting the network according to the security policy of an enterprise, and has strong anti-attack capability. It is an infrastructure that provides information security services, implements networks, and information security. Logically, the firewall is a splitter, a limiter, and an analyzer, which effectively monitors any activity between the intranet and the Internet and ensures the security of the intranet.
With the increase of access to internal and external applications of an enterprise, a very large network security policy needs to be configured and managed. In the current configuration of network security policy, there are two main categories according to granularity, one is detail IP and the other is large IP segment. For the detailed IP, it can be guaranteed that the firewall only passes through a specific flow as much as possible, but there are many entries, once the applied IP is changed, the network security policy on the firewall concerned needs to be adjusted, and the management is inconvenient; large IP segments (e.g., based on a C segment), the number of entries is relatively reduced, and relatively little change is made, but from a security point of view, the security management cannot be well controlled due to the coarse granularity. In addition, another mode is to combine the two modes, part of the two modes is configured as detailed IP, and part of the two modes is configured as IP segments, so that although the advantages of the two modes can be combined to a certain extent, there still exists management complexity, and specifically, there is no scientific and reasonable distinguishing method for which parts should be configured with detailed IP and which parts should be configured with IP segments.
Disclosure of Invention
The invention provides a method for managing network security policy, which can conveniently manage and maintain the network security policy while ensuring the network security as much as possible.
The method for managing the network security policy comprises the following steps:
A. grouping all resources related to all host systems according to a minimum function module, wherein each minimum function module at least comprises a host, and each host corresponds to an IP address and an external port;
B. setting a set of minimum function modules with the same network resource access authority as a role according to the calling relation among different host systems; the network resource is a host (generally expressed as IP: port) which provides the same service function for all the minimum function modules externally, has the same external port and different IP addresses, and one role refers to a set of minimum function modules which can access the same network resource and have different IP addresses with the accessed network resource;
C. the asset information is stored through an asset management module, the asset information comprises resources related to all host systems and the grouping and role of the minimum function module, and when the resources are newly added or changed, the stored asset information is synchronously configured into corresponding firewall equipment;
D. the network security policy management module generates a network security policy based on role control according to the calling relationship among different host systems; and configuring the network security policy to corresponding firewall equipment, and updating the configuration state of the network security policy in a network security policy management module.
The minimum function module in the present invention refers to a group of hosts providing a single service, and each host in the same group usually has the same external port, and each host has a different IP address. The core of the invention is that the concept of roles is introduced in the management of network security policy, and one role is an IP (equipment, module and system) set with the same network resource access authority. Grouping all host resources according to a minimum function module, for example, a host resource providing a portal website can be divided into a system A front end (comprising a plurality of hosts), a system A cache and a system A database; an access resource for training and learning is divided into a system B front end (comprising a plurality of hosts) and a system B database; in addition, the application of a message queue service C system is provided, a plurality of hosts are contained in the C system, and the external ports of all the hosts are 5672. If the system a front end and the system B front end both use the system C application service, the system a front end and the system B front end are set to have the same role R, where the role R represents an IP set that can access 5672 port services of all hosts below the system C application service, and all host IP sets of the system a front end and the system B front end have the role R. And one host can also have multiple roles at the same time, that is, one host can use multiple different minimum function modules to provide external services.
And then storing all host resources and grouping information through an asset management module, and synchronously configuring the asset information into corresponding firewall equipment for network security management when new or changed. The network security policy management module is used for storing and managing the network security policy based on role control, and updating the configuration state of the network security policy in the network security policy management module according to the feedback of the firewall equipment.
In the invention, the asset management module synchronously configures the asset information into the corresponding firewall equipment, and the network security policy management module generates, manages and maintains the network security policy, and all the technicians in the field can realize the management and maintenance according to the conventional mode or the principle of the conventional mode, which is not the invention point of the invention.
Further, when a minimum function module is newly added, asset information related to the newly added minimum function module is added to the asset management module, a network object is newly built on the corresponding firewall equipment synchronously, a role corresponding to the newly added minimum function module and a network security policy corresponding to the role are newly built in the network security policy management module according to the access requirements of other systems on the newly added minimum function module, and then the configuration of the newly built network security policy in the firewall equipment is completed synchronously.
Further, when the host in the minimum function module is changed and the external port of the minimum function module is not changed, the changed host information is synchronously updated into the asset information in the asset management module, and the corresponding information of the changed host is synchronously configured into the corresponding firewall equipment through the step C. The host in the minimum functional module of change comprises the host with the corresponding IP address which is newly added, modified and deleted in the minimum functional module.
Further, when the external port of the host in the minimum function module is changed, the asset information of the minimum function module in the asset management module is updated, and the corresponding information of the changed host is synchronously configured into the corresponding firewall equipment through the step C; and changing the network security policy of the corresponding role of the minimum function module in the network security policy management module, and updating the changed network security policy into the corresponding firewall equipment. Although the external port of the minimum function module is changed, the function provided by the minimum function module to the outside is not changed, so that the corresponding role for accessing the minimum function module is not changed, and only the network access policy corresponding to the role is changed.
On the basis, in the step D, after the network security policy based on role control is generated, the network security policy is directly issued to the corresponding firewall equipment for configuration through the network security policy management module, after the configuration is completed, the firewall equipment returns confirmation information to the network security policy management module, and the configuration state of the network security policy is updated in the network security policy management module; or manually completing the configuration of the network security policy of the firewall equipment by a human, and then manually updating the configuration state of the network security policy in the network security policy management module.
The invention manages the network security policy through roles, remarkably reduces the number of items of the network security policy, manages the network security policy based on actual function classification, and can ensure the network security to the maximum extent and facilitate the subsequent adjustment of the network security policy.
The present invention will be described in further detail with reference to the following examples. This should not be understood as limiting the scope of the above-described subject matter of the present invention to the following examples. Various substitutions and alterations according to the general knowledge and conventional practice in the art are intended to be included within the scope of the present invention without departing from the technical spirit of the present invention as described above.
Drawings
FIG. 1 is a flow chart of a method for managing network security policies of the present invention.
Fig. 2 is a timing flowchart of embodiment 1.
Fig. 3 is a timing flowchart of embodiment 2.
Fig. 4 is a timing flowchart of embodiment 3.
Detailed Description
As shown in fig. 1, the method for managing network security policy of the present invention includes:
A. grouping all resources related to all host systems according to a minimum function module, wherein each minimum function module at least comprises a host, and each host corresponds to an IP address and an external port;
B. setting a set of minimum function modules with the same network resource access authority as a role according to the calling relation among different host systems; the network resource is a host which provides the same service function for all the minimum function modules externally, has the same external port and different IP addresses, and is generally expressed as IP (Internet protocol) port, wherein one role refers to a set of minimum function modules which can access the same network resource and have different IP addresses with the accessed network resource;
C. the asset information is stored through an asset management module, the asset information comprises resources related to all host systems and the grouping and role of the minimum function module, and when the resources are newly added or changed, the stored asset information is synchronously configured into corresponding firewall equipment;
when the minimum function module is newly added, adding asset information related to the newly added minimum function module in the asset management module, synchronously establishing a network object on the corresponding firewall equipment, establishing a role corresponding to the newly added minimum function module and a network security policy corresponding to the role in accessing the newly added minimum function module in the network security policy management module according to the access requirement of other systems on the newly added minimum function module, and then synchronously finishing the configuration of the newly established network security policy in the firewall equipment.
When a host in a minimum function module is changed (newly added, modified and deleted) and an external port of the minimum function module is not changed, the changed host information is synchronously updated into the asset information in the asset management module, and the corresponding information of the changed host is synchronously configured into the corresponding firewall equipment.
When an external port of a host in a minimum function module is changed, updating the asset information of the minimum function module in the asset management module, and synchronously configuring the corresponding information of the changed host to the corresponding firewall equipment; and changing the network security policy of the corresponding role of the minimum function module in the network security policy management module, and updating the changed network security policy into the corresponding firewall equipment. Although the external port of the minimum function module is changed, the corresponding function provided by the minimum function module for accessing the external port is not changed, so that the role corresponding to the minimum function module is not changed, and only the network access policy corresponding to the role is changed.
D. The network security policy management module generates a network security policy based on role control according to the calling relationship among different host systems, the network security policy management module directly issues the network security policy to corresponding firewall equipment for configuration, the firewall equipment returns confirmation information to the network security policy management module after the configuration is finished, and the configuration state of the network security policy is updated in the network security policy management module; or manually completing the configuration of the network security policy of the firewall equipment by a human, and then manually updating the configuration state of the network security policy in the network security policy management module.
The asset management module synchronously configures the asset information into the corresponding firewall equipment, and the network security policy management module generates, manages and maintains the network security policy, and those skilled in the art can implement the asset information according to the conventional mode or the principle of the conventional mode, which is not the invention point of the present invention.
The following example explains the new creation and change of the network security policy based on roles through the embodiments:
example 1:
the system A comprises a mysql database cluster, the host 1, the host 2 and the host 3 are respectively a master library, a slave library and a backup library in the mysql database cluster of the system A, and external ports are 3306. The host 1, the host 2 and the host 3 are taken as a minimum function module, and the minimum function module is named as: system a-mysql, which is external to the external port: 3306. the B system is used for providing web services and needs to query data of the mysql database cluster of the A system. The system A also comprises a minimum function module named as system A-nginx and system A-java, and comprises a plurality of hosts respectively, as shown in Table 1.
Table 1:
according to the steps B and C, the information of the role R1 generated and stored by the network security policy management module is shown in Table 2:
table 2:
here role R1 represents the set of all hosts accessing the A System-mysql: 3306 port services. If the external port of the system A-mysql is changed from 3306 to 3307, since the access service provided to the external is still the original mysql, the role R1 is not changed, and the port of the destination service is updated to TCP: 3307. However, if a database instance is added or changed on the host of the system a-mysql and the port 3307 is used to provide services to the outside, the role that can access the system a-mysql 3307 services at this time is no longer the role R1, but a new role R1' is needed.
At this time, the B system is newly online, the B system has two groups, i.e., a B system-mysql and a B system-nginx, and includes 5 hosts, and specific information stored in the asset management module is shown in table 3.
Table 3:
in this embodiment, the front-end application of the system B needs to access the front end of the system a, and the system a also needs to access the system B, so two roles need to be newly established in the network security management module: role R2 and role R3, as shown in table 4.
Table 4:
the steps for managing the network security policy are therefore shown in fig. 2:
step 1: before the system B is on line, asset registration information needs to be submitted to an asset management module, related information of the system B is added to the asset management module, and network objects, namely a system B-mysql and a system B-nginx, are newly built on corresponding firewall equipment F3;
step 2: according to the calling relationship between the systems, corresponding roles R2 and R3 are established in the network security management module;
and step 3: the network security management module automatically issues or manually configures corresponding network security policies in corresponding firewall equipment;
and 4, step 4: after the network security policy configuration on the firewall device takes effect, the configuration state of the network security policy recorded in the network security management module is fed back and updated to the network security management module.
Example 2: on the basis of embodiment 1, the host information of the original B system is changed, and a new host 3 is added to the B system-nginx packet, and the information in the asset management module is shown in table 5.
Table 5:
since the change does not involve a role change, the network security policy of the network security management module is not changed, and the steps of managing the network security policy are shown in fig. 3:
step 1: the system B-nginx is additionally provided with a host 3, the information updating of the system B-nginx is completed in the asset management module, and the network object on the corresponding firewall F3 is synchronously updated;
step 2: since the system call relationship is not changed, the policy on the network security policy management module does not need to be updated.
Example 3:
in addition to example 1, the external port of the a system-nginx was changed from 443, which is the original port, to 5443, as shown in table 6.
Table 6:
this results in a change in the policy of role R2 for system a-nginx, as shown in table 7.
Table 7:
the steps for managing the network security policy are therefore shown in fig. 4:
step 1: and changing the external port of the A system-nginx, and updating the asset registration information of the A system-nginx in the asset management module. Because the IP address of the host of the A system-nginx is not changed, the network object on the firewall equipment does not need to be updated;
step 2: because the external port of the a system-nginx is changed from the original 443 to 5443, the network security policy corresponding to the role R2 is also changed, and the network security policy record and the network security policy configuration record of the role R2 in the network security management module are updated;
and step 3: updating the network security policy on the corresponding firewall automatically or manually;
and 4, step 4: after the network security policy configuration of the firewall device takes effect, the configuration state of the network security policy recorded in the network security management module is fed back and updated to the network security management module.
Claims (5)
1. A method of managing network security policies, comprising:
A. grouping all resources related to all host systems according to a minimum function module, wherein each minimum function module at least comprises a host, and each host corresponds to an IP address and an external port;
B. setting a set of minimum function modules with the same network resource access authority as a role according to the calling relation among different host systems; the network resource is a host which provides the same service function for all the minimum function modules externally, has the same external port and different IP addresses, and one role refers to a set of minimum function modules which can access the same network resource and have different IP addresses with the accessed network resource;
C. the asset information is stored through an asset management module, the asset information comprises resources related to all host systems and the grouping and role of the minimum function module, and when the resources are newly added or changed, the stored asset information is synchronously configured into corresponding firewall equipment;
D. the network security policy management module generates a network security policy based on role control according to the calling relationship among different host systems; and configuring the network security policy to corresponding firewall equipment, and updating the configuration state of the network security policy in a network security policy management module.
2. A method of managing network security policies according to claim 1, characterized by: when a minimum function module is newly added, asset information related to the newly added minimum function module is added into an asset management module, a network object is newly built on corresponding firewall equipment synchronously, a role corresponding to the newly added minimum function module and a network security policy corresponding to the role are newly built in a network security policy management module according to the access requirements of other systems on the newly added minimum function module, and then the configuration of the newly built network security policy in the firewall equipment is completed synchronously.
3. A method of managing network security policies according to claim 1, characterized by: and C, when the host in one minimum function module is changed and the external port of the minimum function module is not changed, synchronously updating the changed host information into the asset information in the asset management module, and synchronously configuring the corresponding information of the changed host into the corresponding firewall equipment through the step C.
4. A method of managing network security policies according to claim 1, characterized by: when the external port of the host in the minimum functional module is changed, updating the asset information of the minimum functional module in the asset management module, and synchronously configuring the corresponding information of the changed host to the corresponding firewall equipment through the step C; and changing the network security policy of the corresponding role of the minimum function module in the network security policy management module, and updating the changed network security policy into the corresponding firewall equipment.
5. Method of managing network security policies according to one of claims 1 to 4, characterized in that: step D, after generating the network security policy based on role control, directly issuing the network security policy to corresponding firewall equipment for configuration through a network security policy management module, returning confirmation information to the network security policy management module by the firewall equipment after configuration is completed, and updating the configuration state of the network security policy in the network security policy management module; or manually completing the configuration of the network security policy of the firewall equipment by a human, and then manually updating the configuration state of the network security policy in the network security policy management module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010259752.5A CN111147528B (en) | 2020-04-03 | 2020-04-03 | Method for managing network security policy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010259752.5A CN111147528B (en) | 2020-04-03 | 2020-04-03 | Method for managing network security policy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111147528A true CN111147528A (en) | 2020-05-12 |
| CN111147528B CN111147528B (en) | 2020-08-21 |
Family
ID=70528783
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010259752.5A Active CN111147528B (en) | 2020-04-03 | 2020-04-03 | Method for managing network security policy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111147528B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111600912A (en) * | 2020-07-22 | 2020-08-28 | 四川新网银行股份有限公司 | Network security policy management system |
| CN111800392A (en) * | 2020-06-15 | 2020-10-20 | 广州海颐信息安全技术有限公司 | Dynamic minimized privilege access control method and device |
| CN112738114A (en) * | 2020-12-31 | 2021-04-30 | 四川新网银行股份有限公司 | Configuration method of network security policy |
| CN112787867A (en) * | 2021-01-25 | 2021-05-11 | 上海瀚银信息技术有限公司 | Automatic processing system and method for firewall policy tasks |
| CN112817994A (en) * | 2021-02-02 | 2021-05-18 | 中国工商银行股份有限公司 | Incidence relation asset management device, system and method |
| CN112887324A (en) * | 2021-02-20 | 2021-06-01 | 广西电网有限责任公司 | Policy configuration management system for network security device of power monitoring system |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1416055A (en) * | 2001-10-31 | 2003-05-07 | 索尼株式会社 | Data processor, data processing method and program thereof |
| CA2296989C (en) * | 1999-01-29 | 2005-10-25 | Lucent Technologies Inc. | A method and apparatus for managing a firewall |
| US7657926B1 (en) * | 2004-03-19 | 2010-02-02 | 3Com Corporation | Enabling network communication from role based authentication |
| CN101714997A (en) * | 2010-01-15 | 2010-05-26 | 中国工商银行股份有限公司 | Firewall strategy-generating method, device and system |
| CN102394885A (en) * | 2011-11-09 | 2012-03-28 | 中国人民解放军信息工程大学 | Information classification protection automatic verification method based on data stream |
| CN103281333A (en) * | 2013-06-17 | 2013-09-04 | 苏州山石网络有限公司 | Forwarding method and device of data flow |
| CN105959331A (en) * | 2016-07-19 | 2016-09-21 | 上海携程商务有限公司 | Firewall policy optimization method and device |
| CN106254379A (en) * | 2016-09-09 | 2016-12-21 | 上海携程商务有限公司 | The processing system of network security policy and processing method |
| CN106850259A (en) * | 2016-12-22 | 2017-06-13 | 北京元心科技有限公司 | Method and device for managing and controlling policy execution and electronic equipment |
| US20190014085A1 (en) * | 2017-07-04 | 2019-01-10 | iS5 Communications Inc. | Critical infrastructure security framework |
| US10341298B1 (en) * | 2016-03-29 | 2019-07-02 | Amazon Technologies, Inc. | Security rules for application firewalls |
| US20190340091A1 (en) * | 2018-04-10 | 2019-11-07 | Nutanix, Inc. | Efficient data restoration |
| CN110784400A (en) * | 2018-07-31 | 2020-02-11 | 丛林网络公司 | N: 1 stateful application gateway redundancy model |
-
2020
- 2020-04-03 CN CN202010259752.5A patent/CN111147528B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2296989C (en) * | 1999-01-29 | 2005-10-25 | Lucent Technologies Inc. | A method and apparatus for managing a firewall |
| CN1416055A (en) * | 2001-10-31 | 2003-05-07 | 索尼株式会社 | Data processor, data processing method and program thereof |
| US7657926B1 (en) * | 2004-03-19 | 2010-02-02 | 3Com Corporation | Enabling network communication from role based authentication |
| CN101714997A (en) * | 2010-01-15 | 2010-05-26 | 中国工商银行股份有限公司 | Firewall strategy-generating method, device and system |
| CN102394885A (en) * | 2011-11-09 | 2012-03-28 | 中国人民解放军信息工程大学 | Information classification protection automatic verification method based on data stream |
| CN103281333A (en) * | 2013-06-17 | 2013-09-04 | 苏州山石网络有限公司 | Forwarding method and device of data flow |
| US10341298B1 (en) * | 2016-03-29 | 2019-07-02 | Amazon Technologies, Inc. | Security rules for application firewalls |
| CN105959331A (en) * | 2016-07-19 | 2016-09-21 | 上海携程商务有限公司 | Firewall policy optimization method and device |
| CN106254379A (en) * | 2016-09-09 | 2016-12-21 | 上海携程商务有限公司 | The processing system of network security policy and processing method |
| CN106850259A (en) * | 2016-12-22 | 2017-06-13 | 北京元心科技有限公司 | Method and device for managing and controlling policy execution and electronic equipment |
| US20190014085A1 (en) * | 2017-07-04 | 2019-01-10 | iS5 Communications Inc. | Critical infrastructure security framework |
| US20190340091A1 (en) * | 2018-04-10 | 2019-11-07 | Nutanix, Inc. | Efficient data restoration |
| CN110784400A (en) * | 2018-07-31 | 2020-02-11 | 丛林网络公司 | N: 1 stateful application gateway redundancy model |
Non-Patent Citations (2)
| Title |
|---|
| 刘萌: "基于下一代防火墙技术的网络应用识别控制系统设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 唐怡: "基于角色访问控制策略的防火墙技术研究与实现", 《中国优秀博硕士学位论文全文数据库 (硕士)》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111800392A (en) * | 2020-06-15 | 2020-10-20 | 广州海颐信息安全技术有限公司 | Dynamic minimized privilege access control method and device |
| CN111800392B (en) * | 2020-06-15 | 2023-08-25 | 广州海颐信息安全技术有限公司 | Dynamic minimized privilege access control method and device |
| CN111600912A (en) * | 2020-07-22 | 2020-08-28 | 四川新网银行股份有限公司 | Network security policy management system |
| CN112738114A (en) * | 2020-12-31 | 2021-04-30 | 四川新网银行股份有限公司 | Configuration method of network security policy |
| CN112787867A (en) * | 2021-01-25 | 2021-05-11 | 上海瀚银信息技术有限公司 | Automatic processing system and method for firewall policy tasks |
| CN112787867B (en) * | 2021-01-25 | 2023-02-10 | 上海瀚银信息技术有限公司 | Automatic processing system and method for firewall policy tasks |
| CN112817994A (en) * | 2021-02-02 | 2021-05-18 | 中国工商银行股份有限公司 | Incidence relation asset management device, system and method |
| CN112817994B (en) * | 2021-02-02 | 2024-01-30 | 中国工商银行股份有限公司 | Association relationship asset management device, system and method |
| CN112887324A (en) * | 2021-02-20 | 2021-06-01 | 广西电网有限责任公司 | Policy configuration management system for network security device of power monitoring system |
| CN112887324B (en) * | 2021-02-20 | 2022-07-08 | 广西电网有限责任公司 | Policy configuration management system for network security device of power monitoring system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111147528B (en) | 2020-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111147528B (en) | Method for managing network security policy | |
| US11394689B2 (en) | Application based network traffic management | |
| EP3695568B1 (en) | Systems and methods for controlling switches to record network packets using a traffice monitoring network | |
| DE69829383T2 (en) | METHOD AND DEVICE FOR PRESENTING AND USING NETWORK OPOLOGY DATA | |
| US11646940B2 (en) | Intent driven network policy platform | |
| RU2595517C2 (en) | Objects of virtual network interface | |
| CN103403707B (en) | The system and method exchanged for database proxy request | |
| US7103712B2 (en) | iSCSI storage management method and management system | |
| US10057341B2 (en) | Peer-to-peer architecture for web traffic management | |
| Tsuzaki et al. | Reactive configuration updating for intent-based networking | |
| EP2932693A1 (en) | Exchange of server status and client information through headers for request management and load balancing | |
| CN106933891A (en) | Access the method for distributed data base and the device of Distributed database service | |
| CN101197675B (en) | Accesses control list configuration method and device | |
| US20050160276A1 (en) | System and method for a directory secured user account | |
| US10341172B1 (en) | System and method for configuring networks | |
| US20060253658A1 (en) | Provisioning or de-provisioning shared or reusable storage volumes | |
| CN108259605B (en) | Data calling system and method based on multiple data centers | |
| CN114244768A (en) | Forwarding method, device, equipment and storage medium for two-layer unknown multicast | |
| US11588739B2 (en) | Enhanced management of communication rules over multiple computing networks | |
| CN112073212B (en) | Parameter configuration method, device, terminal equipment and storage medium | |
| CN116170409B (en) | SD-WAN network address planning system based on virtual domain name | |
| Schmidt et al. | Addressing the challenges of mission-critical information management in next-generation net-centric pub/sub systems with opensplice dds | |
| CN114884955B (en) | Transparent proxy deployment system and method | |
| US20200220845A1 (en) | Optimizing rules for configuring a firewall in a segmented computer network | |
| CN100459519C (en) | Method for controlling power of data management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |