DE60104876D1 - Prüfung der Konfiguration einer Firewall - Google Patents
Prüfung der Konfiguration einer FirewallInfo
- Publication number
- DE60104876D1 DE60104876D1 DE60104876T DE60104876T DE60104876D1 DE 60104876 D1 DE60104876 D1 DE 60104876D1 DE 60104876 T DE60104876 T DE 60104876T DE 60104876 T DE60104876 T DE 60104876T DE 60104876 D1 DE60104876 D1 DE 60104876D1
- Authority
- DE
- Germany
- Prior art keywords
- configuration
- rule base
- network node
- processing
- firewall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP01660236A EP1326393B1 (de) | 2001-12-18 | 2001-12-18 | Prüfung der Konfiguration einer Firewall |
Publications (2)
Publication Number | Publication Date |
---|---|
DE60104876D1 true DE60104876D1 (de) | 2004-09-16 |
DE60104876T2 DE60104876T2 (de) | 2004-12-23 |
Family
ID=8183640
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DE60104876T Expired - Lifetime DE60104876T2 (de) | 2001-12-18 | 2001-12-18 | Prüfung der Konfiguration einer Firewall |
Country Status (4)
Country | Link |
---|---|
US (1) | US7406534B2 (de) |
EP (1) | EP1326393B1 (de) |
AT (1) | ATE273591T1 (de) |
DE (1) | DE60104876T2 (de) |
Families Citing this family (51)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1326393B1 (de) * | 2001-12-18 | 2004-08-11 | Stonesoft Corporation | Prüfung der Konfiguration einer Firewall |
US8209756B1 (en) | 2002-02-08 | 2012-06-26 | Juniper Networks, Inc. | Compound attack detection in a computer network |
US6985920B2 (en) * | 2003-06-23 | 2006-01-10 | Protego Networks Inc. | Method and system for determining intra-session event correlation across network address translation devices |
US7844731B1 (en) * | 2003-11-14 | 2010-11-30 | Symantec Corporation | Systems and methods for address spacing in a firewall cluster |
US7496955B2 (en) * | 2003-11-24 | 2009-02-24 | Cisco Technology, Inc. | Dual mode firewall |
US8661158B2 (en) | 2003-12-10 | 2014-02-25 | Aventail Llc | Smart tunneling to resources in a network |
US8590032B2 (en) * | 2003-12-10 | 2013-11-19 | Aventail Llc | Rule-based routing to resources through a network |
US7760730B2 (en) * | 2004-06-15 | 2010-07-20 | Oracle America, Inc. | Rule set verification |
US20060053478A1 (en) * | 2004-09-08 | 2006-03-09 | International Business Machines Corporation | System, method and computer program product for control of a service request |
WO2006044820A2 (en) | 2004-10-14 | 2006-04-27 | Aventail Corporation | Rule-based routing to resources through a network |
US20070266431A1 (en) * | 2004-11-04 | 2007-11-15 | Nec Corporation | Firewall Inspecting System and Firewall Information Extraction System |
US11477093B2 (en) * | 2004-12-14 | 2022-10-18 | Kyndryl, Inc. | Coupling of a business component model to an information technology model |
US8028334B2 (en) * | 2004-12-14 | 2011-09-27 | International Business Machines Corporation | Automated generation of configuration elements of an information technology system |
US8645513B2 (en) * | 2004-12-14 | 2014-02-04 | International Business Machines Corporation | Automation of information technology system development |
US7523092B2 (en) * | 2004-12-14 | 2009-04-21 | International Business Machines Corporation | Optimization of aspects of information technology structures |
US7937755B1 (en) * | 2005-01-27 | 2011-05-03 | Juniper Networks, Inc. | Identification of network policy violations |
US7797411B1 (en) | 2005-02-02 | 2010-09-14 | Juniper Networks, Inc. | Detection and prevention of encapsulated network attacks using an intermediate device |
US8200840B1 (en) * | 2005-04-13 | 2012-06-12 | Cisco Technology, Inc. | Method and apparatus for a generic rule based engine to perform action when an event of interest transpires |
US20070162968A1 (en) * | 2005-12-30 | 2007-07-12 | Andrew Ferreira | Rule-based network address translation |
US7685271B1 (en) * | 2006-03-30 | 2010-03-23 | Symantec Corporation | Distributed platform for testing filtering rules |
US8484733B2 (en) * | 2006-11-28 | 2013-07-09 | Cisco Technology, Inc. | Messaging security device |
US8140609B2 (en) * | 2007-01-25 | 2012-03-20 | International Business Machines Corporation | Congruency and similarity of information technology (IT) structures and associated applications |
US20080232359A1 (en) * | 2007-03-23 | 2008-09-25 | Taeho Kim | Fast packet filtering algorithm |
US8201234B2 (en) * | 2007-05-09 | 2012-06-12 | Microsoft Corporation | Multi-profile interface specific network security policies |
US8448220B2 (en) * | 2008-04-29 | 2013-05-21 | Mcafee, Inc. | Merge rule wizard |
US20090300748A1 (en) * | 2008-06-02 | 2009-12-03 | Secure Computing Corporation | Rule combination in a firewall |
US8489989B1 (en) * | 2008-07-15 | 2013-07-16 | Adobe Systems Incorporated | Methods and systems for preflighting using multiple preflight profiles |
US8819201B2 (en) * | 2008-08-07 | 2014-08-26 | At&T Intellectual Property I, L.P. | Method and apparatus for providing routing and access control filters |
US8228848B2 (en) * | 2008-11-17 | 2012-07-24 | Sierra Wireless, Inc. | Method and apparatus for facilitating push communication across a network boundary |
GB2478470B8 (en) | 2008-11-17 | 2014-05-21 | Sierra Wireless Inc | Method and apparatus for network port and netword address translation |
US8924486B2 (en) | 2009-02-12 | 2014-12-30 | Sierra Wireless, Inc. | Method and system for aggregating communications |
US9063806B2 (en) * | 2009-01-29 | 2015-06-23 | Oracle International Corporation | Flex integration with a secure application |
US9659335B2 (en) * | 2009-01-29 | 2017-05-23 | Oracle International Corporation | Sample management for a sales call |
US9684736B2 (en) | 2009-01-29 | 2017-06-20 | Oracle International Corporation | Communication handler for flex integration with a secure application |
US20100191560A1 (en) * | 2009-01-29 | 2010-07-29 | Oracle International Corporation | Pharmaceutical Sample Management for a Sales Call |
US8762448B2 (en) | 2009-01-30 | 2014-06-24 | Oracle International Corporation | Implementing asynchronous processes on a mobile client |
US20100195808A1 (en) * | 2009-01-30 | 2010-08-05 | Oracle International Corporation | Adding Contacts During Personalized Content Delivery and Analytics |
US9760381B2 (en) * | 2009-01-30 | 2017-09-12 | Oracle International Corporation | Configurable toolbar |
US8762883B2 (en) * | 2009-01-30 | 2014-06-24 | Oracle International Corporation | Manipulation of window controls in a popup window |
US8452640B2 (en) * | 2009-01-30 | 2013-05-28 | Oracle International Corporation | Personalized content delivery and analytics |
US8219854B2 (en) | 2010-03-24 | 2012-07-10 | Microsoft Corporation | Validating configuration of distributed applications |
US9037724B2 (en) | 2011-02-08 | 2015-05-19 | Sierra Wireless, Inc. | Method and system for forwarding data between network devices |
US20130019314A1 (en) * | 2011-07-14 | 2013-01-17 | International Business Machines Corporation | Interactive virtual patching using a web application server firewall |
US9288186B2 (en) * | 2013-06-04 | 2016-03-15 | Cisco Technology, Inc. | Network security using encrypted subfields |
WO2015088506A1 (en) * | 2013-12-11 | 2015-06-18 | Continental Teves Ag & Co. Ohg | Method for operating a security gateway of a communication system for vehicles |
CN105515803B (zh) * | 2014-09-24 | 2019-01-25 | 国基电子(上海)有限公司 | 用户端设备及其配置方法 |
US9894103B2 (en) * | 2015-08-28 | 2018-02-13 | Nicira, Inc. | Performing source network address translation based on remote device management attributes |
US10021117B2 (en) * | 2016-01-04 | 2018-07-10 | Bank Of America Corporation | Systems and apparatus for analyzing secure network electronic communication and endpoints |
US9912783B2 (en) * | 2016-01-29 | 2018-03-06 | Veritas Technologies Llc | Securing internal services in a distributed environment |
US11249710B2 (en) * | 2016-03-31 | 2022-02-15 | Splunk Inc. | Technology add-on control console |
TWI607337B (zh) * | 2016-11-11 | 2017-12-01 | Chunghwa Telecom Co Ltd | Firewall command rule optimization system and method |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2206713B (en) * | 1987-03-23 | 1991-11-27 | Case Group Plc | Expert and database system and method for communications networks |
US6009475A (en) * | 1996-12-23 | 1999-12-28 | International Business Machines Corporation | Filter rule validation and administration for firewalls |
US6173364B1 (en) * | 1997-01-15 | 2001-01-09 | At&T Corp. | Session cache and rule caching method for a dynamic filter |
US6233686B1 (en) * | 1997-01-17 | 2001-05-15 | At & T Corp. | System and method for providing peer level access control on a network |
US6182228B1 (en) * | 1998-08-17 | 2001-01-30 | International Business Machines Corporation | System and method for very fast IP packet filtering |
US6574666B1 (en) * | 1998-10-22 | 2003-06-03 | At&T Corp. | System and method for dynamic retrieval loading and deletion of packet rules in a network firewall |
US6158010A (en) * | 1998-10-28 | 2000-12-05 | Crosslogix, Inc. | System and method for maintaining security in a distributed computer network |
US6519636B2 (en) * | 1998-10-28 | 2003-02-11 | International Business Machines Corporation | Efficient classification, manipulation, and control of network transmissions by associating network flows with rule based functions |
US6226372B1 (en) * | 1998-12-11 | 2001-05-01 | Securelogix Corporation | Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities |
US6615357B1 (en) * | 1999-01-29 | 2003-09-02 | International Business Machines Corporation | System and method for network address translation integration with IP security |
US6839850B1 (en) * | 1999-03-04 | 2005-01-04 | Prc, Inc. | Method and system for detecting intrusion into and misuse of a data processing system |
US7240368B1 (en) * | 1999-04-14 | 2007-07-03 | Verizon Corporate Services Group Inc. | Intrusion and misuse deterrence system employing a virtual network |
WO2001004343A2 (en) | 1999-07-09 | 2001-01-18 | The Burnham Institute | A method for determining the prognosis of cancer patients by measuring levels of bag expression |
US6738909B1 (en) * | 1999-09-02 | 2004-05-18 | International Business Machines Corporation | Method and apparatus for automatic configuration for internet protocol security tunnels in a distributed data processing system |
US6684244B1 (en) * | 2000-01-07 | 2004-01-27 | Hewlett-Packard Development Company, Lp. | Aggregated policy deployment and status propagation in network management systems |
US6772223B1 (en) * | 2000-04-10 | 2004-08-03 | International Business Machines Corporation | Configurable classification interface for networking devices supporting multiple action packet handling rules |
US6772214B1 (en) * | 2000-04-27 | 2004-08-03 | Novell, Inc. | System and method for filtering of web-based content stored on a proxy cache server |
US7039053B1 (en) * | 2001-02-28 | 2006-05-02 | 3Com Corporation | Packet filter policy verification system |
US20030074248A1 (en) * | 2001-03-31 | 2003-04-17 | Braud Kristopher P. | Method and system for assimilating data from disparate, ancillary systems onto an enterprise system |
US6816455B2 (en) * | 2001-05-09 | 2004-11-09 | Telecom Italia S.P.A. | Dynamic packet filter utilizing session tracking |
US6947983B2 (en) * | 2001-06-22 | 2005-09-20 | International Business Machines Corporation | Method and system for exploiting likelihood in filter rule enforcement |
US7027446B2 (en) * | 2001-07-18 | 2006-04-11 | P-Cube Ltd. | Method and apparatus for set intersection rule matching |
US7386525B2 (en) * | 2001-09-21 | 2008-06-10 | Stonesoft Corporation | Data packet filtering |
EP1326393B1 (de) * | 2001-12-18 | 2004-08-11 | Stonesoft Corporation | Prüfung der Konfiguration einer Firewall |
-
2001
- 2001-12-18 EP EP01660236A patent/EP1326393B1/de not_active Expired - Lifetime
- 2001-12-18 DE DE60104876T patent/DE60104876T2/de not_active Expired - Lifetime
- 2001-12-18 AT AT01660236T patent/ATE273591T1/de not_active IP Right Cessation
-
2002
- 2002-12-18 US US10/321,851 patent/US7406534B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
DE60104876T2 (de) | 2004-12-23 |
EP1326393A1 (de) | 2003-07-09 |
US7406534B2 (en) | 2008-07-29 |
ATE273591T1 (de) | 2004-08-15 |
EP1326393B1 (de) | 2004-08-11 |
US20030149766A1 (en) | 2003-08-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE60104876D1 (de) | Prüfung der Konfiguration einer Firewall | |
US7665128B2 (en) | Method and apparatus for reducing firewall rules | |
ATE373367T1 (de) | System und verfahren zur unnumerierten netzwerkverbindung-erkennung | |
WO2003084137A3 (en) | Methods for identifying network traffic flows | |
KR100843537B1 (ko) | 보안 정책 관리 시스템 | |
DE602005021353D1 (de) | Erweiterungen zur filterung von ipv6-kopfteilen | |
WO2007036786A3 (en) | Application layer metrics monitoring | |
ATE519323T1 (de) | Sicherung von ldap (lightweight directory access protocol) verkehr | |
ATE376731T1 (de) | Automatische entdeckung und konfiguration von externen netzwerkeinrichtungen | |
DK1700421T3 (da) | Fremgangsmåde til at administrere netværk ved analyse af konnektivitet | |
ATE477540T1 (de) | Vorrichtung und verfahren zur paketweiterleitung | |
DE602005026808D1 (de) | Identifizieren von rückwärtsweg-weiterleitungsinformationen | |
ATE488928T1 (de) | Ethernet-dienstkonfigurationseinrichtung, - verfahren und system in einem passiven optischen netzwerk | |
US9894074B2 (en) | Method and system for extracting access control list | |
EP2023567A1 (de) | Verwaltung von Sicherheitsregelkonflikten | |
DE60235987D1 (de) | Zuweisen von domain-namen (dns), wodurch zugang zu datenbanken gewährt wird | |
ATE463100T1 (de) | Verfahren und netzwerkelement zur verbesserung der fehlerverwaltung in verwalteten netzen und computerprogram dafür | |
CN109391590A (zh) | 一种面向网络访问控制的规则描述方法及构建方法、介质 | |
CN109547281A (zh) | 一种Tor网络的溯源方法 | |
KR101359372B1 (ko) | DHCPv6 패킷을 이용한 네트워크 내 호스트 동작 상태 확인 및 탐색 방법 | |
KR20090044177A (ko) | 블랙리스트 기반의 침입 관리 시스템 및 방법 | |
ATE302531T1 (de) | Verfahren und vorrichtung zur verbesserung der leistungsfähigkeit in mehrfachdienstnetzwerken | |
CN104253797A (zh) | 蠕虫病毒的识别方法及装置 | |
CN103986800A (zh) | 一种基于arp的动态式ip资源管理方法及其系统 | |
KR20040038168A (ko) | 패킷 마킹을 이용한 인터넷 보안서비스 방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
8328 | Change in the person/name/address of the agent |
Representative=s name: ZEITLER, VOLPERT, KANDLBINDER, 80539 MUENCHEN |
|
8364 | No opposition during term of opposition |