DE60111089T2 - Verfahren und Vorrichtung zum Analysieren von einer oder mehrerer Firewalls - Google Patents

Verfahren und Vorrichtung zum Analysieren von einer oder mehrerer Firewalls Download PDF

Info

Publication number
DE60111089T2
DE60111089T2 DE60111089T DE60111089T DE60111089T2 DE 60111089 T2 DE60111089 T2 DE 60111089T2 DE 60111089 T DE60111089 T DE 60111089T DE 60111089 T DE60111089 T DE 60111089T DE 60111089 T2 DE60111089 T2 DE 60111089T2
Authority
DE
Germany
Prior art keywords
gateway
request
zone
network
firewall
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE60111089T
Other languages
German (de)
English (en)
Other versions
DE60111089D1 (de
Inventor
Alain Mayer
Avishai Wool
Elisha Ziskind
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia of America Corp
Original Assignee
Lucent Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lucent Technologies Inc filed Critical Lucent Technologies Inc
Application granted granted Critical
Publication of DE60111089D1 publication Critical patent/DE60111089D1/de
Publication of DE60111089T2 publication Critical patent/DE60111089T2/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
DE60111089T 2000-01-18 2001-01-08 Verfahren und Vorrichtung zum Analysieren von einer oder mehrerer Firewalls Expired - Lifetime DE60111089T2 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US483876 1990-02-23
US09/483,876 US7016980B1 (en) 2000-01-18 2000-01-18 Method and apparatus for analyzing one or more firewalls

Publications (2)

Publication Number Publication Date
DE60111089D1 DE60111089D1 (de) 2005-07-07
DE60111089T2 true DE60111089T2 (de) 2006-05-04

Family

ID=23921853

Family Applications (1)

Application Number Title Priority Date Filing Date
DE60111089T Expired - Lifetime DE60111089T2 (de) 2000-01-18 2001-01-08 Verfahren und Vorrichtung zum Analysieren von einer oder mehrerer Firewalls

Country Status (5)

Country Link
US (1) US7016980B1 (https=)
EP (1) EP1119151B1 (https=)
JP (1) JP4658340B2 (https=)
CA (1) CA2328012C (https=)
DE (1) DE60111089T2 (https=)

Families Citing this family (74)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8079086B1 (en) 1997-11-06 2011-12-13 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US7058822B2 (en) 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US9219755B2 (en) 1996-11-08 2015-12-22 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
CA2296989C (en) 1999-01-29 2005-10-25 Lucent Technologies Inc. A method and apparatus for managing a firewall
JP4236364B2 (ja) * 2000-04-04 2009-03-11 富士通株式会社 通信データ中継装置
US7284267B1 (en) * 2001-03-08 2007-10-16 Mcafee, Inc. Automatically configuring a computer firewall based on network connection
US7150037B2 (en) * 2001-03-21 2006-12-12 Intelliden, Inc. Network configuration manager
US8135815B2 (en) * 2001-03-27 2012-03-13 Redseal Systems, Inc. Method and apparatus for network wide policy-based analysis of configurations of devices
JP2003150748A (ja) * 2001-11-09 2003-05-23 Asgent Inc リスク評価方法
US20030110379A1 (en) 2001-12-07 2003-06-12 Tatu Ylonen Application gateway system, and method for maintaining security in a packet-switched information network
US7953087B1 (en) * 2001-12-28 2011-05-31 The Directv Group, Inc. Content filtering using static source routes
US7237258B1 (en) 2002-02-08 2007-06-26 Mcafee, Inc. System, method and computer program product for a firewall summary interface
US8209756B1 (en) 2002-02-08 2012-06-26 Juniper Networks, Inc. Compound attack detection in a computer network
AUPS214802A0 (en) * 2002-05-01 2002-06-06 Firebridge Systems Pty Ltd Firewall with stateful inspection
US7036119B1 (en) * 2002-07-15 2006-04-25 Cisco Technology, Inc. Method and apparatus for creating a network topograph that includes all select objects that are in a network
FI20021407A7 (fi) * 2002-07-24 2004-01-25 Tycho Tech Oy Tietoliikenteen suodattaminen
US7472421B2 (en) * 2002-09-30 2008-12-30 Electronic Data Systems Corporation Computer model of security risks
US8407798B1 (en) 2002-10-01 2013-03-26 Skybox Secutiry Inc. Method for simulation aided security event management
US8359650B2 (en) * 2002-10-01 2013-01-22 Skybox Secutiry Inc. System, method and computer readable medium for evaluating potential attacks of worms
US6952779B1 (en) * 2002-10-01 2005-10-04 Gideon Cohen System and method for risk detection and analysis in a computer network
US20050125697A1 (en) * 2002-12-27 2005-06-09 Fujitsu Limited Device for checking firewall policy
US7188164B1 (en) * 2003-02-11 2007-03-06 Cyber Operations, Llc Secure network access control
US7447622B2 (en) * 2003-04-01 2008-11-04 Microsoft Corporation Flexible network simulation tools and related methods
JP3802004B2 (ja) * 2003-04-18 2006-07-26 日本電信電話株式会社 ファイアウォール検査システム、ファイアウォール検査方法、ファイアウォール検査用プログラム、及びファイアウォール検査用記録媒体
US20040223486A1 (en) * 2003-05-07 2004-11-11 Jan Pachl Communication path analysis
CA2467603A1 (en) * 2004-05-18 2005-11-18 Ibm Canada Limited - Ibm Canada Limitee Visualization firewall rules in an auto provisioning environment
US8677496B2 (en) * 2004-07-15 2014-03-18 AlgoSec Systems Ltd. Method and apparatus for automatic risk assessment of a firewall configuration
US20060041936A1 (en) 2004-08-19 2006-02-23 International Business Machines Corporation Method and apparatus for graphical presentation of firewall security policy
EP1811397A4 (en) * 2004-10-12 2011-08-17 Fujitsu Ltd PROGRAM, METHOD AND INSTALLATION FOR OPERATIONAL MANAGEMENT
US20070266431A1 (en) * 2004-11-04 2007-11-15 Nec Corporation Firewall Inspecting System and Firewall Information Extraction System
US7937755B1 (en) * 2005-01-27 2011-05-03 Juniper Networks, Inc. Identification of network policy violations
US7797411B1 (en) 2005-02-02 2010-09-14 Juniper Networks, Inc. Detection and prevention of encapsulated network attacks using an intermediate device
DE102006014793A1 (de) * 2006-03-29 2007-10-04 Siemens Ag Sicherheitsanalysator eines Kommunikationsnetzes
US8122492B2 (en) 2006-04-21 2012-02-21 Microsoft Corporation Integration of social network information and network firewalls
US8079073B2 (en) 2006-05-05 2011-12-13 Microsoft Corporation Distributed firewall implementation and control
US8176157B2 (en) 2006-05-18 2012-05-08 Microsoft Corporation Exceptions grouping
EP1933519A1 (en) * 2006-12-12 2008-06-18 Koninklijke KPN N.V. Streaming media service for mobile telephones
US8584227B2 (en) * 2007-05-09 2013-11-12 Microsoft Corporation Firewall with policy hints
US8839345B2 (en) * 2008-03-17 2014-09-16 International Business Machines Corporation Method for discovering a security policy
US8060707B2 (en) * 2008-05-22 2011-11-15 International Business Machines Corporation Minimization of read response time
WO2010017157A2 (en) * 2008-08-08 2010-02-11 Hewlett-Packard Development Company, L.P. End-to-end network access analysis
JP5258676B2 (ja) * 2009-06-12 2013-08-07 Kddi株式会社 ファイアウォールにおけるルール情報変更方法、管理装置及びプログラム
US8018943B1 (en) 2009-07-31 2011-09-13 Anue Systems, Inc. Automatic filter overlap processing and related systems and methods
US8098677B1 (en) 2009-07-31 2012-01-17 Anue Systems, Inc. Superset packet forwarding for overlapping filters and related systems and methods
US8934495B1 (en) * 2009-07-31 2015-01-13 Anue Systems, Inc. Filtering path view graphical user interfaces and related systems and methods
US8955128B1 (en) 2011-07-27 2015-02-10 Francesco Trama Systems and methods for selectively regulating network traffic
US9537891B1 (en) 2011-09-27 2017-01-03 Palo Alto Networks, Inc. Policy enforcement based on dynamically attribute-based matched network objects
US8930529B1 (en) 2011-09-27 2015-01-06 Palo Alto Networks, Inc. Policy enforcement with dynamic address object
US9047109B1 (en) 2012-06-20 2015-06-02 Palo Alto Networks, Inc. Policy enforcement in virtualized environment
EP2717516A1 (en) * 2012-10-04 2014-04-09 Thomson Licensing Method of protection of data shared between local area network devices and apparatus implementing the method
EP2782311A1 (en) * 2013-03-18 2014-09-24 British Telecommunications public limited company Methods of testing a firewall, and apparatus therefor
US9443075B2 (en) * 2013-06-27 2016-09-13 The Mitre Corporation Interception and policy application for malicious communications
WO2015066208A1 (en) 2013-11-04 2015-05-07 Illumio, Inc. Pairing in a distributed network management system that uses a logical multi-dimensional label-based policy model
US9467385B2 (en) 2014-05-29 2016-10-11 Anue Systems, Inc. Cloud-based network tool optimizers for server cloud networks
US9781044B2 (en) 2014-07-16 2017-10-03 Anue Systems, Inc. Automated discovery and forwarding of relevant network traffic with respect to newly connected network tools for network tool optimizers
US10050847B2 (en) 2014-09-30 2018-08-14 Keysight Technologies Singapore (Holdings) Pte Ltd Selective scanning of network packet traffic using cloud-based virtual machine tool platforms
US10419295B1 (en) * 2014-10-03 2019-09-17 Amdocs Development Limited System, method, and computer program for automatically generating communication device metadata definitions
US11032138B2 (en) * 2014-10-22 2021-06-08 Level 3 Communications, Llc Managing traffic control in a network mitigating DDOS
US9692727B2 (en) * 2014-12-02 2017-06-27 Nicira, Inc. Context-aware distributed firewall
JP6476853B2 (ja) * 2014-12-26 2019-03-06 富士通株式会社 ネットワーク監視システム及び方法
US9992134B2 (en) 2015-05-27 2018-06-05 Keysight Technologies Singapore (Holdings) Pte Ltd Systems and methods to forward packets not passed by criteria-based filters in packet forwarding systems
US10116528B2 (en) 2015-10-02 2018-10-30 Keysight Technologies Singapore (Holdings) Ptd Ltd Direct network traffic monitoring within VM platforms in virtual processing environments
US10652112B2 (en) 2015-10-02 2020-05-12 Keysight Technologies Singapore (Sales) Pte. Ltd. Network traffic pre-classification within VM platforms in virtual processing environments
US10142212B2 (en) 2015-10-26 2018-11-27 Keysight Technologies Singapore (Holdings) Pte Ltd On demand packet traffic monitoring for network packet communications within virtual processing environments
US10594656B2 (en) * 2015-11-17 2020-03-17 Zscaler, Inc. Multi-tenant cloud-based firewall systems and methods
JP2018019207A (ja) * 2016-07-27 2018-02-01 富士ゼロックス株式会社 連携管理装置及び通信システム
US10778722B2 (en) * 2016-11-08 2020-09-15 Massachusetts Institute Of Technology Dynamic flow system
US11258763B2 (en) 2016-11-25 2022-02-22 Cybernetiq, Inc. Computer network security configuration visualization and control system
US10911403B1 (en) * 2017-09-25 2021-02-02 Rockwell Collins, Inc. Systems and methods for secured maintenance gateway
US11102072B2 (en) * 2019-04-19 2021-08-24 Bmc Software, Inc. Synthetic objects in service models
CN111193744B (zh) * 2019-12-31 2022-03-15 中信百信银行股份有限公司 防火墙策略查询、弹性伸缩方法及系统、设备、存储介质
CN112738032B (zh) * 2020-12-17 2022-10-11 公安部第三研究所 一种用于防ip欺骗的通讯系统
CN118400193B (zh) * 2024-06-27 2024-09-20 武汉思普崚技术有限公司 一种网络边界设备的配置检测方法及装置
CN118764268B (zh) * 2024-07-12 2026-04-03 国网江西省电力有限公司 安全需求分析的防火墙自动化分配和配置方法及存储介质

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5146560A (en) * 1988-05-31 1992-09-08 Digital Equipment Corporation Apparatus for processing bit streams
US5490252A (en) * 1992-09-30 1996-02-06 Bay Networks Group, Inc. System having central processor for transmitting generic packets to another processor to be altered and transmitting altered packets back to central processor for routing
US5898830A (en) * 1996-10-17 1999-04-27 Network Engineering Software Firewall providing enhanced network security and user transparency
US5726979A (en) 1996-02-22 1998-03-10 Mci Corporation Network management system
US5845081A (en) 1996-09-03 1998-12-01 Sun Microsystems, Inc. Using objects to discover network information about a remote network having a different network protocol
US5968176A (en) 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
US7143438B1 (en) * 1997-09-12 2006-11-28 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with multiple domain support
US6182226B1 (en) * 1998-03-18 2001-01-30 Secure Computing Corporation System and method for controlling interactions between networks
US6453419B1 (en) * 1998-03-18 2002-09-17 Secure Computing Corporation System and method for implementing a security policy
US6298445B1 (en) * 1998-04-30 2001-10-02 Netect, Ltd. Computer security
CA2296989C (en) * 1999-01-29 2005-10-25 Lucent Technologies Inc. A method and apparatus for managing a firewall
US6678835B1 (en) * 1999-06-10 2004-01-13 Alcatel State transition protocol for high availability units

Also Published As

Publication number Publication date
CA2328012C (en) 2007-05-15
CA2328012A1 (en) 2001-07-18
US7016980B1 (en) 2006-03-21
EP1119151A3 (en) 2004-01-21
DE60111089D1 (de) 2005-07-07
EP1119151B1 (en) 2005-06-01
EP1119151A2 (en) 2001-07-25
JP2001237895A (ja) 2001-08-31
JP4658340B2 (ja) 2011-03-23

Similar Documents

Publication Publication Date Title
DE60111089T2 (de) Verfahren und Vorrichtung zum Analysieren von einer oder mehrerer Firewalls
DE69929268T2 (de) Verfahren und System zur Überwachung und Steuerung der Netzzugriffe
DE69836271T2 (de) Mehrstufiges firewall-system
DE10249428B4 (de) Verfahren zum Definieren der Sicherheitsanfälligkeiten eines Computersystems
DE60104876T2 (de) Prüfung der Konfiguration einer Firewall
DE60213391T2 (de) Persönlicher Firewall mit Positionsdetektion
DE60121917T2 (de) System zur sicherheitsbeurteilung von einem netzwerk
DE60310347T2 (de) Verfahren und System zur Regelassoziation in Kommunikationsnetzen
DE602004008055T2 (de) Intelligente integrierte netzwerksicherheitseinrichtung
DE112013001446B4 (de) Erkennen von transparenten Einheiten zum Abfangen von Datenübertragungen in Netzwerken
DE19741239C2 (de) Verallgemeinertes Sicherheitspolitik-Management-System und Verfahren
DE10249427A1 (de) System und Verfahren zum Definieren des Sicherheitszustands eines Computersystems
DE60121755T2 (de) Ipsec-verarbeitung
DE102019203773B4 (de) Dynamische Firewall-Konfiguration und -Steuerung zum Zugreifen auf Dienste, die in virtuellen Netzwerken gehostet werden
DE10393571T5 (de) Verfahren und System zum Validieren logischer End-to-End-Zugriffspfade in Storage Area Netzwerken
DE112011103082T5 (de) Mehrere virtuelle Maschinen mit gemeinsamer Nutzung einer einzigen IP-Adresse
DE202016009026U1 (de) Regelbasierte Netzwerkbedrohungsdetektion
DE102015004127A1 (de) Verfahren und System zum Vergleichen von verschienenen Versionen einer cloud-basierten Anwendung in einer Produktionsumgebung unter Verwendung von getrennten Back-End-Systemen
DE102006037499A1 (de) Verfahren und System zum Entdecken und Bereitstellen von Beinahe-Echtzeit-Aktualisierungen von VPN-Topologien
DE102015003363A1 (de) Verfahren und system zum testen cloud-basierter anwendungen in einer produktionsumgebung unter verwendung hergestellter benutzer-daten
DE102015102434A1 (de) Verfahren und System zum Bereitstellen eines robusten und effizienten Verwaltungs- und Verifikationsdienstes für Verwundbarkeiten von virtuellen Betriebsmitteln
WO2003025758A2 (de) Vorrichtung und verfahren zur etablierung einer sicherheitspolitik in einem verteilten system
WO2004028107A2 (de) Überwachung von datenübertragungen
DE60031004T2 (de) Elektronisches sicherheitssystem und verfahren für ein kommunikationsnetz
DE602005003938T2 (de) Inter-domain-router mit modul zur bestimmung der routenaggregation

Legal Events

Date Code Title Description
8364 No opposition during term of opposition