CN115987561A - Firewall security policy optimization method and related equipment - Google Patents

Firewall security policy optimization method and related equipment Download PDF

Info

Publication number
CN115987561A
CN115987561A CN202211528282.3A CN202211528282A CN115987561A CN 115987561 A CN115987561 A CN 115987561A CN 202211528282 A CN202211528282 A CN 202211528282A CN 115987561 A CN115987561 A CN 115987561A
Authority
CN
China
Prior art keywords
security
information
security policy
policy
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211528282.3A
Other languages
Chinese (zh)
Inventor
董晓宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Sipuling Technology Co Ltd
Original Assignee
Wuhan Sipuling Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Sipuling Technology Co Ltd filed Critical Wuhan Sipuling Technology Co Ltd
Priority to CN202211528282.3A priority Critical patent/CN115987561A/en
Publication of CN115987561A publication Critical patent/CN115987561A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a firewall security policy optimization method and related equipment. The method comprises the following steps: acquiring quintuple information corresponding to a security updating strategy; determining a historical security policy corresponding to the security updating policy according to the quintuple information and the network architecture relationship, wherein the historical security policy is a security policy corresponding to the security updating policy under the condition that at least one element information of the quintuple information is the same as that of the security updating policy; deleting the historical security strategy to acquire network session monitoring information; and determining an optimization scheme of the firewall security policy according to the network session monitoring information. The firewall security policy optimization method provided by the embodiment of the application can automatically judge whether the historical security policy of the firewall can influence the access of actual services in the existing network after being cleaned, so that the firewall can be slimmed, and meanwhile, the network security risk generated when the firewall security policy is cleaned and optimized can be avoided in advance.

Description

Firewall security policy optimization method and related equipment
Technical Field
The present disclosure relates to the field of network security, and more particularly, to a firewall security policy optimization method and related device.
Background
The existing security policy cleaning and optimizing technology is mainly used for comparing a target firewall policy with other firewall policies contained in a target firewall, judging whether a parameter information set of the target firewall policy is contained in a parameter information set of the other firewall policies contained in the target firewall, and if so, judging that the target firewall policy is a useless garbage policy.
Although the method can effectively solve the problem that the existing optimization checking method consumes a lot of time and energy of an administrator, the method cannot ensure that the administrator does not influence the access of the actual service flow in the network after the garbage strategy cleaning optimization of the firewall is completed.
Disclosure of Invention
In this summary, concepts in a simplified form are introduced that are further described in the detailed description. This summary of the application is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
In a first aspect, the present application provides a firewall security policy optimization method, where the method includes:
acquiring quintuple information corresponding to a security updating strategy;
determining a historical security policy corresponding to the security updating policy according to the quintuple information and the network architecture relationship, wherein the historical security policy is a security policy corresponding to the security updating policy under the condition that at least one element information of the quintuple information is the same as that of the security updating policy;
deleting the historical security policy to acquire network session monitoring information;
and determining an optimization scheme of the firewall security policy according to the network session monitoring information.
Optionally, the method further includes:
acquiring configuration information of a target firewall and target interactive network equipment;
acquiring service flow information of a target interactive network;
and constructing the network architecture relationship according to the configuration information and the service flow information.
Optionally, the network session monitoring information includes network session number information;
the above-mentioned optimization scheme for determining the firewall security policy according to the network session monitoring information includes:
and after the historical security policy is deleted, under the condition that the network session number information is not changed, deleting the historical security policy to optimize the firewall security policy.
Optionally, the network session monitoring information includes network session traffic information;
the above-mentioned optimization scheme for determining the firewall security policy according to the network session monitoring information includes:
and after the historical security strategy is deleted, under the condition that the change value corresponding to the network session flow information is smaller than a preset threshold value, deleting the historical security strategy to optimize the firewall security strategy.
Optionally, the method further includes:
acquiring a first association degree of each historical security policy and the security update policy under the condition that the number of the historical security policies is at least two, wherein the first association degree is determined based on the coincidence degree of the historical security policies and the five-tuple information of the security update policy;
acquiring first network session monitoring information after a historical security policy is deleted independently;
determining the network influence degree after each historical security policy is deleted according to the first association degree and the first network session monitoring information;
and determining an optimization scheme of the firewall security policy according to the network influence degree.
Optionally, the method further includes:
under the condition that the historical security policies are at least three, acquiring second association degrees among the multiple historical security policies;
deleting the historical security policies corresponding to each second association degree respectively to obtain second network session monitoring information;
and determining the network influence degree after each group of historical security policies is deleted according to the first association degree, the second association degree and the second network session monitoring information.
Optionally, the method further includes:
the second network session monitoring information includes second network session quantity information and second network session traffic information, the second network session quantity information corresponds to a first weight, the second network session traffic information corresponds to a second weight, and the first weight is greater than the second weight;
the determining, according to the first association degree, the second association degree, and the second network session monitoring information, the network influence degree after deletion of each group of historical security policies includes:
and determining the network influence degree after each group of historical security policies are deleted according to the first association degree, the second network session number information, the second network session flow information, the first weight and the second weight.
In a second aspect, the present application further provides a firewall security policy optimization apparatus, including:
the first acquisition unit is used for acquiring quintuple information corresponding to the security updating strategy;
a first determining unit, configured to determine a historical security policy corresponding to the security update policy according to the quintuple information and a network architecture relationship, where the historical security policy is a security policy corresponding to the security update policy when at least one element information of the quintuple information is the same as that of the security update policy;
the second acquisition unit is used for deleting the historical security policy to acquire network session monitoring information;
and the second determining unit is used for determining the optimization scheme of the firewall security policy according to the network session monitoring information.
In a third aspect, an electronic device includes: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor is configured to implement the steps of the firewall security policy optimization method according to any one of the first aspect described above when executing the computer program stored in the memory.
In a fourth aspect, the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the firewall security policy optimization method of any one of the above aspects.
To sum up, the firewall security policy optimization method of the embodiment of the present application includes: acquiring quintuple information corresponding to a security updating strategy; determining a historical security policy corresponding to the security updating policy according to the quintuple information and the network architecture relationship, wherein the historical security policy is a security policy corresponding to the security updating policy under the condition that at least one element information of the quintuple information is the same as that of the security updating policy; deleting the historical security policy to acquire network session monitoring information; and determining an optimization scheme of the firewall security policy according to the network session monitoring information. According to the firewall security policy optimization method provided by the embodiment of the application, the historical security policy associated with the security updating policy is determined through quintuple information, the historical security policy is deleted, the access flow and/or the conversation quantity of the actual service after deletion are/is obtained, whether the historical security policy of the firewall influences the access of the actual service in the existing network after cleaning is automatically judged, and the network security risk generated when the firewall security policy is cleaned and optimized can be avoided in advance while the firewall is slimmed.
Additional advantages, objects, and features of the firewall security policy optimization methodology presented herein will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the present application.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the specification. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flowchart of a firewall security policy optimization method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a firewall security policy optimization apparatus according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device for optimizing a firewall security policy according to an embodiment of the present application.
Detailed Description
According to the firewall security policy optimization method provided by the embodiment of the application, the historical security policy associated with the security updating policy is determined through quintuple information, the historical security policy is deleted, the access flow and/or the conversation quantity of the actual service after deletion are/is obtained, whether the historical security policy of the firewall influences the access of the actual service in the existing network after cleaning is automatically judged, and the network security risk generated when the firewall security policy is cleaned and optimized can be avoided in advance while the firewall is slimmed.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments.
Referring to fig. 1, a schematic flow chart of a firewall security policy optimization method provided in an embodiment of the present application may specifically include:
s110, acquiring quintuple information corresponding to a security updating strategy;
for example, the security update policy is a security policy newly generated when a current firewall has a risk of security holes and the like, and is used for compensating the holes existing in the current fire wall, but after the fire wall is updated by using the security update policy, there may be overlapping possibility of protection functions corresponding to part of protection policies, and if the overlapping historical security policies are not cleared, the data size of the firewall becomes abnormally large after the security policies are updated for many times, so that the redundant security policies in the firewall need to be cleared after the security policies are updated.
The method provided by the embodiment of the application includes the steps that firstly, quintuple information corresponding to a security updating strategy is obtained, and the quintuple information comprises a source IP address, a source port, a destination IP address, a destination port and a transport layer protocol. A set of five quantities, source IP address, source port, destination IP address, destination port, and transport layer protocol. For example, 192.168.1.1 10000TCP 121.14.88.76 constitutes a quintuple. The meaning is that a terminal with 192.168.1.1 IP address is connected with a terminal with 121.14.88.76 IP address and 80 port through 10000 port by TCP protocol
S120, determining a historical security policy corresponding to the security updating policy according to the quintuple information and the network architecture relationship, wherein the historical security policy is a security policy corresponding to the security updating policy under the condition that at least one element information of the quintuple information is the same as that of the security updating policy;
illustratively, the network architecture relationship refers to a hardware connection relationship between routes corresponding to firewalls and an internal logic relationship between the firewalls. The historical security policy refers to a security policy corresponding to the condition that at least one element information of five-tuple information of the security update policy is the same when the firewall does not update the security update policy, in other words, at least one of a source IP address, a source port, a destination IP address, a destination port and a transport layer protocol of the historical security policy is the same as the security update policy.
S130, deleting the historical security strategy to acquire network session monitoring information;
illustratively, the security policy is deleted, and the network session monitoring information after deletion is obtained. It should be noted that, when the historical security policies include a plurality of policies, the network session monitoring information may be acquired after the historical security policies are deleted individually, or the network session monitoring information may be acquired after a plurality of historical security policies are deleted simultaneously. The network session monitoring information may include the number of network sessions and traffic change information of the network sessions, where the traffic change information includes total traffic change information and traffic flow rate change information, that is, whether a network session is affected after deleting a corresponding historical security policy or multiple historical security policies is determined by monitoring the network session.
And S140, determining an optimization scheme of the firewall security policy according to the network session monitoring information.
Illustratively, the optimization scheme of the firewall policy is determined according to the network session monitoring information, and if the network session monitoring information does not change after deleting some historical security policies, the historical security policies may be deleted after loading the security update policy. If the number of network sessions and/or the traffic information of the network sessions changes, the historical security policy cannot be deleted, otherwise the normal network sessions are affected.
To sum up, the firewall security policy optimization method provided in the embodiment of the present application determines, through quintuple information, a historical security policy associated with a security update policy, deletes the historical security policy, obtains an access flow and/or a session number of an actual service after deletion, and automatically determines whether the historical security policy of the firewall will affect access to the actual service in an existing network after being cleaned, so that the firewall can be slimmed, and network security risks generated when the firewall security policy is cleaned and optimized can be avoided in advance.
In some examples, the method further comprises:
acquiring configuration information of a target firewall and target interactive network equipment;
acquiring service flow information of a target interactive network;
and constructing the network architecture relationship according to the configuration information and the service flow information.
Illustratively, the firewall is composed of a firewall software system and network interaction equipment supporting the firewall software system, and by acquiring configuration information of the software system and the interaction network equipment and flow information in the network, the logical relationship between each network equipment and between the firewall software systems can be determined, so as to establish a network architecture relationship.
In some examples, the network session monitoring information includes network session number information;
the above-mentioned optimization scheme for determining the firewall security policy according to the network session monitoring information includes:
and after the historical security policy is deleted, under the condition that the network session number information is not changed, deleting the historical security policy to optimize the firewall security policy.
Illustratively, the network session monitoring information includes network session number information, a white list of a certain network service may be included in a configuration policy of the firewall, only the clients in the white list can correspondingly complete the network session, and if the historical security policy in which the white list is stored is deleted and the updated security policy does not include the corresponding white list, the clients corresponding to the white list cannot complete the corresponding network session service, and the network session number is reduced. The firewall configuration policy may further include a blacklist, and when the blacklist in the historical security policy is deleted and the updated security policy does not include the blacklist, the illegal network session access amount is greatly increased. The deleted historical security policy is the security policy that needs to be cleared when the firewall security policy is optimized only if the network session number information is changed.
In summary, the firewall security policy optimization method provided in the embodiment of the present application can determine whether historical security policy pruning is reasonable by monitoring the number of network sessions, so as to determine a reasonable firewall security policy.
In some examples, the network session monitoring information includes network session traffic information;
the above-mentioned optimization scheme for determining the firewall security policy according to the network session monitoring information includes:
and after the historical security policy is deleted, deleting the historical security policy to optimize the firewall security policy under the condition that the variation value corresponding to the network session flow information is smaller than a preset threshold value.
Illustratively, the network session monitoring information further includes network session traffic information, and after a historical security policy is deleted, if the change value of the network session traffic is not large, that is, smaller than a preset threshold value, it is indicated that the deletion of the historical security policy does not affect the current network exchange state, and the deleted historical security policy is reasonable.
In some examples, the method further comprises:
acquiring a first association degree of each historical security policy and the security update policy under the condition that the number of the historical security policies is at least two, wherein the first association degree is determined based on the coincidence degree of the historical security policies and the five-tuple information of the security update policy;
acquiring first network session monitoring information after a historical security policy is deleted independently;
determining the network influence degree after each historical security policy is deleted according to the first association degree and the first network session monitoring information;
and determining an optimization scheme of the firewall security policy according to the network influence degree.
Illustratively, the historical security policy determined in the above embodiment is at least one same security policy as the security update policy five tuple information. The historical security policies may have a plurality of same quintuple information with the security updating policy, so that a first association degree is determined according to the coincidence degree of the historical security policies and the quintuple information of the security updating policy, the higher the association degree is, the lower the risk of network fluctuation after deletion is possible, the corresponding historical security policies are deleted one by one according to the first association degree from low to high, the deleted first network session monitoring information is obtained, the work of deleting the historical security policies is stopped until the change of the first network session monitoring information exceeds a preset range, the historical security policies of which the change does not exceed the preset range are deleted, and the current optimization scheme is determined, at this time, normal operation of the network session is not influenced, and the security policies of the firewall are simplified.
In some examples, the method further comprises:
under the condition that the historical security policies are at least three, acquiring second association degrees among the multiple historical security policies;
deleting the historical security policies corresponding to each second association degree respectively to obtain second network session monitoring information;
and determining the network influence degree after each group of historical security policies is deleted according to the first association degree, the second association degree and the second network session monitoring information.
For example, when there are a plurality of historical security policies, there may be a second degree of association between the plurality of historical security policies, that is, the association between the plurality of historical security policy quintuple information, and the greater the second degree of association, the greater the influence degree of deletion of the plurality of historical security policies together on the network may be. Therefore, when the historical security policies are deleted, the plurality of historical security policies are deleted from low to high according to the first association degree and from high to low according to the second association degree so as to obtain second network session monitoring information, the deleted second network session monitoring information is obtained, the work of deleting the historical security policies is stopped until the change of the second network session monitoring information exceeds the preset range, and the historical security policies of which the change of the second network session monitoring information does not exceed the preset range are deleted to be determined as the current optimization scheme.
In some examples, the method further comprises:
the second network session monitoring information includes second network session quantity information and second network session traffic information, the second network session quantity information corresponds to a first weight, the second network session traffic information corresponds to a second weight, and the first weight is greater than the second weight;
the determining the network influence degree after each group of historical security policies is deleted according to the first association degree, the second association degree and the second network session monitoring information includes:
and determining the network influence degree after each group of historical security policies are deleted according to the first association degree, the second network session number information, the second network session flow information, the first weight and the second weight.
Illustratively, the second network session monitoring information includes second network session number information and second network 5 session traffic information, and the importance degree of the session number is guaranteed to be higher than the traffic requirement. In the embodiment, in the process of obtaining the second network session monitoring information by deleting the plurality of historical security policies from low to high according to the first association degree and from high to low according to the second association degree, the first weight corresponding to the second network session quantity information and the second weight corresponding to the second network session traffic information are considered to perform weighted scoring on the second network session monitoring information,
therefore, the comprehensive influence on the number of the network sessions and the network session flow 0 when a plurality of historical security policies are deleted simultaneously can be obtained, and the obtained network influence degree after each group of historical security policies are deleted is more objective and accurate.
Referring to fig. 2, an embodiment of a firewall security policy optimization apparatus in the embodiment of the present application may include:
a first obtaining unit 21, configured to obtain quintuple information corresponding to a security update policy;
a first determining unit 22, configured to determine a historical security policy corresponding to the security 5 update policy according to the quintuple information and a network architecture relationship, where the historical security policy is a security policy corresponding to a situation that at least one element information of the quintuple information of the security update policy is the same;
a second obtaining unit 23, configured to delete the historical security policy to obtain network session monitoring information;
and a second determining unit 24, configured to determine an optimization scheme of the firewall security policy according to the network session monitoring information.
As shown in fig. 3, an electronic device 300 is further provided in the embodiments of the present application, which includes a memory 310, a processor 320, and a computer program 311 stored in the memory 320 and executable on the processor, and when the computer program 311 is executed by the processor 320, the steps of any one of the methods for implementing the firewall security policy optimization described above are implemented.
Since the electronic device described in this embodiment is a device used for implementing the firewall security policy optimization apparatus in this embodiment, based on the method described in this embodiment, the technology in this field is not limited to the method described in this embodiment
The specific implementation of the electronic device of the present embodiment and various modifications thereof can be understood by those skilled in the art, so that 5 does not describe in detail how to implement the method in the embodiment of the present application in the electronic device here, and as long as the apparatus used by those skilled in the art to implement the method in the embodiment of the present application falls within the intended scope of the present application.
In a specific implementation, the computer program 311 may implement any of the embodiments corresponding to fig. 1 when executed by a processor.
It should be noted that, in the foregoing embodiments, the description of each embodiment has an emphasis, and reference may be made to the related description of other embodiments for a part that is not described in detail in a certain embodiment.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects
Pieces and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
An embodiment of the present application further provides a computer program product, where the computer program product includes a computer software instruction, and when the computer software instruction runs on a processing device, the processing device executes a flow of firewall security policy optimization in a corresponding embodiment, where the flow includes:
acquiring quintuple information corresponding to a security updating strategy;
determining a historical security policy corresponding to the security updating policy according to the quintuple information and the network architecture relationship, wherein the historical security policy is a security policy corresponding to the security updating policy under the condition that at least one element information of the quintuple information is the same as that of the security updating policy;
deleting the historical security policy to acquire network session monitoring information;
and determining an optimization scheme of the firewall security policy according to the network session monitoring information.
In some embodiments, the above method further comprises:
acquiring configuration information of a target firewall and target interactive network equipment;
acquiring service flow information of a target interactive network;
and constructing the network architecture relationship according to the configuration information and the service flow information.
In some embodiments, the network session monitoring information includes network session number information;
the above-mentioned optimization scheme for determining the firewall security policy according to the network session monitoring information includes:
and after the historical security policy is deleted, under the condition that the network session number information is not changed, deleting the historical security policy to optimize the firewall security policy.
In some embodiments, the network session monitoring information includes network session traffic information;
the above-mentioned optimization scheme for determining the firewall security policy according to the network session monitoring information includes:
and after the historical security strategy is deleted, under the condition that the change value corresponding to the network session flow information is smaller than a preset threshold value, deleting the historical security strategy to optimize the firewall security strategy.
In some embodiments, the above method further comprises:
under the condition that the number of the historical security policies is at least two, acquiring a first association degree of each historical security policy and the security updating policy, wherein the first association degree is determined based on the coincidence degree of the historical security policies and the five-tuple information of the security updating policy;
acquiring first network session monitoring information after a historical security policy is deleted independently;
determining the network influence degree after each historical security policy is deleted according to the first association degree and the first network session monitoring information;
and determining an optimization scheme of the firewall security policy according to the network influence degree.
In some embodiments, the above method further comprises:
under the condition that the historical security policies are at least three, acquiring second association degrees among the multiple historical security policies;
deleting the historical security policies corresponding to each second association degree respectively to obtain second network session monitoring information;
and determining the network influence degree after each group of historical security policies is deleted according to the first association degree, the second association degree and the second network session monitoring information.
In some embodiments, the above method further comprises:
the second network session monitoring information includes second network session quantity information and second network session traffic information, the second network session quantity information corresponds to a first weight, the second network session traffic information corresponds to a second weight, and the first weight is greater than the second weight;
the determining the network influence degree after each group of historical security policies is deleted according to the first association degree, the second association degree and the second network session monitoring information includes:
and determining the network influence degree after each group of historical security policies are deleted according to the first association degree, the second network session number information, the second network session flow information, the first weight and the second weight.
The computer program product includes one or more computer instructions. The procedures or functions according to the embodiments of the present application are all or partially generated when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. A computer-readable storage medium may be any available medium that a computer can store or a data storage device, such as a server, a data center, etc., that is integrated with one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application, which are essential or part of the technical solutions contributing to the prior art, or all or part of the technical solutions, may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. A firewall security policy optimization method is characterized by comprising the following steps:
acquiring quintuple information corresponding to a security updating strategy;
determining a historical security policy corresponding to the security updating policy according to the quintuple information and a network architecture relationship, wherein the historical security policy is a security policy corresponding to the security updating policy under the condition that at least one element information of the quintuple information is the same as that of the security updating policy;
deleting the historical security policy to obtain network session monitoring information;
and determining an optimization scheme of a firewall security policy according to the network session monitoring information.
2. The method of claim 1, further comprising:
acquiring configuration information of a target firewall and target interactive network equipment;
acquiring service flow information of a target interactive network;
and constructing the network architecture relationship according to the configuration information and the service flow information.
3. The method of claim 1, wherein the network session monitoring information includes network session number information;
the optimization scheme for determining the firewall security policy according to the network session monitoring information comprises the following steps:
and after the historical security policy is deleted, under the condition that the network session number information is not changed, deleting the historical security policy to optimize the firewall security policy.
4. The method of claim 3, wherein the network session monitoring information includes network session traffic information;
the optimization scheme for determining the firewall security policy according to the network session monitoring information comprises the following steps:
and after the historical security policy is deleted, deleting the historical security policy to optimize a firewall security policy under the condition that the variation value corresponding to the network session flow information is smaller than a preset threshold value.
5. The method of claim 1, further comprising:
under the condition that the number of the historical security policies is at least two, acquiring a first association degree of each historical security policy and the security updating policy, wherein the first association degree is determined based on the coincidence degree of the historical security policies and the five-tuple information of the security updating policy;
acquiring first network session monitoring information after a historical security policy is deleted independently;
determining the network influence degree after each historical security policy is deleted according to the first association degree and the first network session monitoring information;
and determining an optimization scheme of the firewall security policy according to the network influence degree.
6. The method of claim 5, further comprising:
under the condition that the number of the historical security policies is at least three, acquiring a second association degree among the plurality of historical security policies;
deleting the historical security policies corresponding to each second association degree respectively to obtain second network session monitoring information;
and determining the network influence degree after each group of historical security policies is deleted according to the first association degree, the second association degree and the second network session monitoring information.
7. The method of claim 6, further comprising:
the second network session monitoring information comprises second network session quantity information and second network session flow information, the second network session quantity information corresponds to a first weight, the second network session flow information corresponds to a second weight, and the first weight is greater than the second weight;
the determining the network influence degree after each group of historical security policies is deleted according to the first association degree, the second association degree and the second network session monitoring information includes:
and determining the network influence degree after each group of historical security policies are deleted according to the first association degree, the second network session quantity information, the second network session flow information, the first weight and the second weight.
8. A firewall security policy optimization apparatus, comprising:
the first acquisition unit is used for acquiring quintuple information corresponding to a security updating strategy;
a first determining unit, configured to determine a historical security policy corresponding to the security update policy according to the quintuple information and a network architecture relationship, where the historical security policy is a security policy corresponding to the security update policy when at least one element information of the quintuple information is the same as that of the security update policy;
the second acquisition unit is used for deleting the historical security policy to acquire network session monitoring information;
and the second determining unit is used for determining the optimization scheme of the firewall security policy according to the network session monitoring information.
9. An electronic device, comprising: memory and processor, characterized in that the processor is configured to implement the steps of the firewall security policy optimization method according to any of claims 1-7 when executing a computer program stored in the memory.
10. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program, when executed by a processor, implements the firewall security policy optimization method of any one of claims 1-7.
CN202211528282.3A 2022-11-30 2022-11-30 Firewall security policy optimization method and related equipment Pending CN115987561A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211528282.3A CN115987561A (en) 2022-11-30 2022-11-30 Firewall security policy optimization method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211528282.3A CN115987561A (en) 2022-11-30 2022-11-30 Firewall security policy optimization method and related equipment

Publications (1)

Publication Number Publication Date
CN115987561A true CN115987561A (en) 2023-04-18

Family

ID=85972844

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211528282.3A Pending CN115987561A (en) 2022-11-30 2022-11-30 Firewall security policy optimization method and related equipment

Country Status (1)

Country Link
CN (1) CN115987561A (en)

Similar Documents

Publication Publication Date Title
US10798209B1 (en) Smart proxy rotator
US7752671B2 (en) Method and device for questioning a plurality of computerized devices
JP6408395B2 (en) Blacklist management method
US10305749B2 (en) Low latency flow cleanup of openflow configuration changes
US20070047466A1 (en) Network management system
KR101823421B1 (en) Apparatus and method for securiting network based on whithlist
CN111092900A (en) Method and device for monitoring abnormal connection and scanning behavior of server
CN106302638B (en) Data management method, forwarding equipment and system
Osman et al. Sandnet: Towards high quality of deception in container-based microservice architectures
CN112073376A (en) Attack detection method and device based on data plane
CN110012076B (en) Connection establishing method and device
CN105245336B (en) A kind of file encryption management system
CN112887105B (en) Conference security monitoring method and device, electronic equipment and storage medium
CN110569987A (en) Automatic operation and maintenance method, operation and maintenance equipment, storage medium and device
CN115987561A (en) Firewall security policy optimization method and related equipment
CN106254375B (en) A kind of recognition methods of hotspot equipment and device
CN113301003B (en) Information and data link detection method, device and storage medium
US8924547B1 (en) Systems and methods for managing network devices based on server capacity
CN110311868B (en) Service processing method, device, member equipment and machine-readable storage medium
CN107846480B (en) NXDOMAIN response packet processing method and device
CN114520766B (en) Networking control method of router and related equipment
CN114500116B (en) Self-healing security scanning method, system and device for video Internet of things equipment
CN108874918A (en) A kind of data processing equipment, database all-in-one machine and its data processing method
CN117376282B (en) Switch view display method, device and computer readable storage medium
CN112688985B (en) Communication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination