DE60104876D1 - Prüfung der Konfiguration einer Firewall - Google Patents

Prüfung der Konfiguration einer Firewall

Info

Publication number
DE60104876D1
DE60104876D1 DE60104876T DE60104876T DE60104876D1 DE 60104876 D1 DE60104876 D1 DE 60104876D1 DE 60104876 T DE60104876 T DE 60104876T DE 60104876 T DE60104876 T DE 60104876T DE 60104876 D1 DE60104876 D1 DE 60104876D1
Authority
DE
Germany
Prior art keywords
configuration
rule base
network node
processing
firewall
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE60104876T
Other languages
English (en)
Other versions
DE60104876T2 (de
Inventor
Tuomo Syvaenne
Eino Lilius
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Stonesoft Corp
Original Assignee
Stonesoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Stonesoft Corp filed Critical Stonesoft Corp
Application granted granted Critical
Publication of DE60104876D1 publication Critical patent/DE60104876D1/de
Publication of DE60104876T2 publication Critical patent/DE60104876T2/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
DE60104876T 2001-12-18 2001-12-18 Prüfung der Konfiguration einer Firewall Expired - Lifetime DE60104876T2 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP01660236A EP1326393B1 (de) 2001-12-18 2001-12-18 Prüfung der Konfiguration einer Firewall

Publications (2)

Publication Number Publication Date
DE60104876D1 true DE60104876D1 (de) 2004-09-16
DE60104876T2 DE60104876T2 (de) 2004-12-23

Family

ID=8183640

Family Applications (1)

Application Number Title Priority Date Filing Date
DE60104876T Expired - Lifetime DE60104876T2 (de) 2001-12-18 2001-12-18 Prüfung der Konfiguration einer Firewall

Country Status (4)

Country Link
US (1) US7406534B2 (de)
EP (1) EP1326393B1 (de)
AT (1) ATE273591T1 (de)
DE (1) DE60104876T2 (de)

Families Citing this family (51)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1326393B1 (de) * 2001-12-18 2004-08-11 Stonesoft Corporation Prüfung der Konfiguration einer Firewall
US8209756B1 (en) 2002-02-08 2012-06-26 Juniper Networks, Inc. Compound attack detection in a computer network
US6985920B2 (en) * 2003-06-23 2006-01-10 Protego Networks Inc. Method and system for determining intra-session event correlation across network address translation devices
US7844731B1 (en) * 2003-11-14 2010-11-30 Symantec Corporation Systems and methods for address spacing in a firewall cluster
US7496955B2 (en) * 2003-11-24 2009-02-24 Cisco Technology, Inc. Dual mode firewall
US8661158B2 (en) 2003-12-10 2014-02-25 Aventail Llc Smart tunneling to resources in a network
US8590032B2 (en) * 2003-12-10 2013-11-19 Aventail Llc Rule-based routing to resources through a network
US7760730B2 (en) * 2004-06-15 2010-07-20 Oracle America, Inc. Rule set verification
US20060053478A1 (en) * 2004-09-08 2006-03-09 International Business Machines Corporation System, method and computer program product for control of a service request
WO2006044820A2 (en) 2004-10-14 2006-04-27 Aventail Corporation Rule-based routing to resources through a network
US20070266431A1 (en) * 2004-11-04 2007-11-15 Nec Corporation Firewall Inspecting System and Firewall Information Extraction System
US11477093B2 (en) * 2004-12-14 2022-10-18 Kyndryl, Inc. Coupling of a business component model to an information technology model
US8028334B2 (en) * 2004-12-14 2011-09-27 International Business Machines Corporation Automated generation of configuration elements of an information technology system
US8645513B2 (en) * 2004-12-14 2014-02-04 International Business Machines Corporation Automation of information technology system development
US7523092B2 (en) * 2004-12-14 2009-04-21 International Business Machines Corporation Optimization of aspects of information technology structures
US7937755B1 (en) * 2005-01-27 2011-05-03 Juniper Networks, Inc. Identification of network policy violations
US7797411B1 (en) 2005-02-02 2010-09-14 Juniper Networks, Inc. Detection and prevention of encapsulated network attacks using an intermediate device
US8200840B1 (en) * 2005-04-13 2012-06-12 Cisco Technology, Inc. Method and apparatus for a generic rule based engine to perform action when an event of interest transpires
US20070162968A1 (en) * 2005-12-30 2007-07-12 Andrew Ferreira Rule-based network address translation
US7685271B1 (en) * 2006-03-30 2010-03-23 Symantec Corporation Distributed platform for testing filtering rules
US8484733B2 (en) * 2006-11-28 2013-07-09 Cisco Technology, Inc. Messaging security device
US8140609B2 (en) * 2007-01-25 2012-03-20 International Business Machines Corporation Congruency and similarity of information technology (IT) structures and associated applications
US20080232359A1 (en) * 2007-03-23 2008-09-25 Taeho Kim Fast packet filtering algorithm
US8201234B2 (en) * 2007-05-09 2012-06-12 Microsoft Corporation Multi-profile interface specific network security policies
US8448220B2 (en) * 2008-04-29 2013-05-21 Mcafee, Inc. Merge rule wizard
US20090300748A1 (en) * 2008-06-02 2009-12-03 Secure Computing Corporation Rule combination in a firewall
US8489989B1 (en) * 2008-07-15 2013-07-16 Adobe Systems Incorporated Methods and systems for preflighting using multiple preflight profiles
US8819201B2 (en) * 2008-08-07 2014-08-26 At&T Intellectual Property I, L.P. Method and apparatus for providing routing and access control filters
US8228848B2 (en) * 2008-11-17 2012-07-24 Sierra Wireless, Inc. Method and apparatus for facilitating push communication across a network boundary
GB2478470B8 (en) 2008-11-17 2014-05-21 Sierra Wireless Inc Method and apparatus for network port and netword address translation
US8924486B2 (en) 2009-02-12 2014-12-30 Sierra Wireless, Inc. Method and system for aggregating communications
US9063806B2 (en) * 2009-01-29 2015-06-23 Oracle International Corporation Flex integration with a secure application
US9659335B2 (en) * 2009-01-29 2017-05-23 Oracle International Corporation Sample management for a sales call
US9684736B2 (en) 2009-01-29 2017-06-20 Oracle International Corporation Communication handler for flex integration with a secure application
US20100191560A1 (en) * 2009-01-29 2010-07-29 Oracle International Corporation Pharmaceutical Sample Management for a Sales Call
US8762448B2 (en) 2009-01-30 2014-06-24 Oracle International Corporation Implementing asynchronous processes on a mobile client
US20100195808A1 (en) * 2009-01-30 2010-08-05 Oracle International Corporation Adding Contacts During Personalized Content Delivery and Analytics
US9760381B2 (en) * 2009-01-30 2017-09-12 Oracle International Corporation Configurable toolbar
US8762883B2 (en) * 2009-01-30 2014-06-24 Oracle International Corporation Manipulation of window controls in a popup window
US8452640B2 (en) * 2009-01-30 2013-05-28 Oracle International Corporation Personalized content delivery and analytics
US8219854B2 (en) 2010-03-24 2012-07-10 Microsoft Corporation Validating configuration of distributed applications
US9037724B2 (en) 2011-02-08 2015-05-19 Sierra Wireless, Inc. Method and system for forwarding data between network devices
US20130019314A1 (en) * 2011-07-14 2013-01-17 International Business Machines Corporation Interactive virtual patching using a web application server firewall
US9288186B2 (en) * 2013-06-04 2016-03-15 Cisco Technology, Inc. Network security using encrypted subfields
WO2015088506A1 (en) * 2013-12-11 2015-06-18 Continental Teves Ag & Co. Ohg Method for operating a security gateway of a communication system for vehicles
CN105515803B (zh) * 2014-09-24 2019-01-25 国基电子(上海)有限公司 用户端设备及其配置方法
US9894103B2 (en) * 2015-08-28 2018-02-13 Nicira, Inc. Performing source network address translation based on remote device management attributes
US10021117B2 (en) * 2016-01-04 2018-07-10 Bank Of America Corporation Systems and apparatus for analyzing secure network electronic communication and endpoints
US9912783B2 (en) * 2016-01-29 2018-03-06 Veritas Technologies Llc Securing internal services in a distributed environment
US11249710B2 (en) * 2016-03-31 2022-02-15 Splunk Inc. Technology add-on control console
TWI607337B (zh) * 2016-11-11 2017-12-01 Chunghwa Telecom Co Ltd Firewall command rule optimization system and method

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2206713B (en) * 1987-03-23 1991-11-27 Case Group Plc Expert and database system and method for communications networks
US6009475A (en) * 1996-12-23 1999-12-28 International Business Machines Corporation Filter rule validation and administration for firewalls
US6173364B1 (en) * 1997-01-15 2001-01-09 At&T Corp. Session cache and rule caching method for a dynamic filter
US6233686B1 (en) * 1997-01-17 2001-05-15 At & T Corp. System and method for providing peer level access control on a network
US6182228B1 (en) * 1998-08-17 2001-01-30 International Business Machines Corporation System and method for very fast IP packet filtering
US6574666B1 (en) * 1998-10-22 2003-06-03 At&T Corp. System and method for dynamic retrieval loading and deletion of packet rules in a network firewall
US6158010A (en) * 1998-10-28 2000-12-05 Crosslogix, Inc. System and method for maintaining security in a distributed computer network
US6519636B2 (en) * 1998-10-28 2003-02-11 International Business Machines Corporation Efficient classification, manipulation, and control of network transmissions by associating network flows with rule based functions
US6226372B1 (en) * 1998-12-11 2001-05-01 Securelogix Corporation Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities
US6615357B1 (en) * 1999-01-29 2003-09-02 International Business Machines Corporation System and method for network address translation integration with IP security
US6839850B1 (en) * 1999-03-04 2005-01-04 Prc, Inc. Method and system for detecting intrusion into and misuse of a data processing system
US7240368B1 (en) * 1999-04-14 2007-07-03 Verizon Corporate Services Group Inc. Intrusion and misuse deterrence system employing a virtual network
WO2001004343A2 (en) 1999-07-09 2001-01-18 The Burnham Institute A method for determining the prognosis of cancer patients by measuring levels of bag expression
US6738909B1 (en) * 1999-09-02 2004-05-18 International Business Machines Corporation Method and apparatus for automatic configuration for internet protocol security tunnels in a distributed data processing system
US6684244B1 (en) * 2000-01-07 2004-01-27 Hewlett-Packard Development Company, Lp. Aggregated policy deployment and status propagation in network management systems
US6772223B1 (en) * 2000-04-10 2004-08-03 International Business Machines Corporation Configurable classification interface for networking devices supporting multiple action packet handling rules
US6772214B1 (en) * 2000-04-27 2004-08-03 Novell, Inc. System and method for filtering of web-based content stored on a proxy cache server
US7039053B1 (en) * 2001-02-28 2006-05-02 3Com Corporation Packet filter policy verification system
US20030074248A1 (en) * 2001-03-31 2003-04-17 Braud Kristopher P. Method and system for assimilating data from disparate, ancillary systems onto an enterprise system
US6816455B2 (en) * 2001-05-09 2004-11-09 Telecom Italia S.P.A. Dynamic packet filter utilizing session tracking
US6947983B2 (en) * 2001-06-22 2005-09-20 International Business Machines Corporation Method and system for exploiting likelihood in filter rule enforcement
US7027446B2 (en) * 2001-07-18 2006-04-11 P-Cube Ltd. Method and apparatus for set intersection rule matching
US7386525B2 (en) * 2001-09-21 2008-06-10 Stonesoft Corporation Data packet filtering
EP1326393B1 (de) * 2001-12-18 2004-08-11 Stonesoft Corporation Prüfung der Konfiguration einer Firewall

Also Published As

Publication number Publication date
DE60104876T2 (de) 2004-12-23
EP1326393A1 (de) 2003-07-09
US7406534B2 (en) 2008-07-29
ATE273591T1 (de) 2004-08-15
EP1326393B1 (de) 2004-08-11
US20030149766A1 (en) 2003-08-07

Similar Documents

Publication Publication Date Title
DE60104876D1 (de) Prüfung der Konfiguration einer Firewall
US7665128B2 (en) Method and apparatus for reducing firewall rules
ATE373367T1 (de) System und verfahren zur unnumerierten netzwerkverbindung-erkennung
WO2003084137A3 (en) Methods for identifying network traffic flows
KR100843537B1 (ko) 보안 정책 관리 시스템
DE602005021353D1 (de) Erweiterungen zur filterung von ipv6-kopfteilen
WO2007036786A3 (en) Application layer metrics monitoring
ATE519323T1 (de) Sicherung von ldap (lightweight directory access protocol) verkehr
ATE376731T1 (de) Automatische entdeckung und konfiguration von externen netzwerkeinrichtungen
DK1700421T3 (da) Fremgangsmåde til at administrere netværk ved analyse af konnektivitet
ATE477540T1 (de) Vorrichtung und verfahren zur paketweiterleitung
DE602005026808D1 (de) Identifizieren von rückwärtsweg-weiterleitungsinformationen
ATE488928T1 (de) Ethernet-dienstkonfigurationseinrichtung, - verfahren und system in einem passiven optischen netzwerk
US9894074B2 (en) Method and system for extracting access control list
EP2023567A1 (de) Verwaltung von Sicherheitsregelkonflikten
DE60235987D1 (de) Zuweisen von domain-namen (dns), wodurch zugang zu datenbanken gewährt wird
ATE463100T1 (de) Verfahren und netzwerkelement zur verbesserung der fehlerverwaltung in verwalteten netzen und computerprogram dafür
CN109391590A (zh) 一种面向网络访问控制的规则描述方法及构建方法、介质
CN109547281A (zh) 一种Tor网络的溯源方法
KR101359372B1 (ko) DHCPv6 패킷을 이용한 네트워크 내 호스트 동작 상태 확인 및 탐색 방법
KR20090044177A (ko) 블랙리스트 기반의 침입 관리 시스템 및 방법
ATE302531T1 (de) Verfahren und vorrichtung zur verbesserung der leistungsfähigkeit in mehrfachdienstnetzwerken
CN104253797A (zh) 蠕虫病毒的识别方法及装置
CN103986800A (zh) 一种基于arp的动态式ip资源管理方法及其系统
KR20040038168A (ko) 패킷 마킹을 이용한 인터넷 보안서비스 방법 및 시스템

Legal Events

Date Code Title Description
8328 Change in the person/name/address of the agent

Representative=s name: ZEITLER, VOLPERT, KANDLBINDER, 80539 MUENCHEN

8364 No opposition during term of opposition