WO2023075584A3 - Method for deploying a new firewall security policy in a computer network - Google Patents

Method for deploying a new firewall security policy in a computer network Download PDF

Info

Publication number
WO2023075584A3
WO2023075584A3 PCT/MA2022/050014 MA2022050014W WO2023075584A3 WO 2023075584 A3 WO2023075584 A3 WO 2023075584A3 MA 2022050014 W MA2022050014 W MA 2022050014W WO 2023075584 A3 WO2023075584 A3 WO 2023075584A3
Authority
WO
WIPO (PCT)
Prior art keywords
policy
deploying
new
security policy
security
Prior art date
Application number
PCT/MA2022/050014
Other languages
French (fr)
Other versions
WO2023075584A2 (en
Inventor
Ali KARTIT
Mohammed TAHIRI
Original Assignee
Université Internationale de RABAT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Université Internationale de RABAT filed Critical Université Internationale de RABAT
Publication of WO2023075584A2 publication Critical patent/WO2023075584A2/en
Publication of WO2023075584A3 publication Critical patent/WO2023075584A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a method for deploying a new firewall security for computer networks in order to attenuate the various risks of a current policy. The procedure involves updating an initial security policy (I) on the basis of an algorithm that automates this procedure and minimizes the inherent security risks at the time a new security policy (T) is deployed. This is achieved by creating an intermediate policy (R) that progressively receives the new rules (T) to be implemented and in a specific order. The deployment procedure according to the invention comes to an end when the policy (R) is equal to the target policy (T).
PCT/MA2022/050014 2021-10-29 2022-11-14 Method for deploying a new firewall security policy in a computer network WO2023075584A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MA54776A MA54776B1 (en) 2021-10-29 2021-10-29 Method for deploying a new firewall security policy in a computer network.
MA54776 2021-10-29

Publications (2)

Publication Number Publication Date
WO2023075584A2 WO2023075584A2 (en) 2023-05-04
WO2023075584A3 true WO2023075584A3 (en) 2023-07-27

Family

ID=86160130

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MA2022/050014 WO2023075584A2 (en) 2021-10-29 2022-11-14 Method for deploying a new firewall security policy in a computer network

Country Status (2)

Country Link
MA (1) MA54776B1 (en)
WO (1) WO2023075584A2 (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2872983A1 (en) 2004-07-09 2006-01-13 Thomson Licensing Sa FIREWALL PROTECTION SYSTEM FOR A COMMUNITY OF APPLIANCES, APPARATUS PARTICIPATING IN THE SYSTEM AND METHOD FOR UPDATING FIREWALL RULES WITHIN THE SYSTEM
US8099774B2 (en) 2006-10-30 2012-01-17 Microsoft Corporation Dynamic updating of firewall parameters
CN108650222B (en) 2018-03-29 2020-10-02 华付云技术(深圳)有限公司 Firewall rule updating method and system based on stretching filtering

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
AHMED ZEESHAN ET AL: "Safe and Efficient Strategies for Updating Firewall Policies", 30 August 2010, SAT 2015 18TH INTERNATIONAL CONFERENCE, AUSTIN, TX, USA, SEPTEMBER 24-27, 2015; [LECTURE NOTES IN COMPUTER SCIENCE; LECT.NOTES COMPUTER], SPRINGER, BERLIN, HEIDELBERG, PAGE(S) 45 - 57, ISBN: 978-3-540-74549-5, XP047440429 *
ALI KARTIT: "Performance Evaluation of Enhancedgreedy-Two-Phase Deployment Algorithm", INTERNATIONAL JOURNAL OF NETWORK SECURITY & ITS APPLICATIONS, vol. 5, no. 4, 31 July 2013 (2013-07-31), pages 155 - 162, XP093033933, ISSN: 0975-2307, Retrieved from the Internet <URL:https://airccse.org/journal/nsa/5413nsa12.pdf> DOI: 10.5121/ijnsa.2013.5412 *
ZHANG CHARLES C. ET AL: "On the Safety and Efficiency of Firewall Policy Deployment", 2007 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP '07), 1 May 2007 (2007-05-01), pages 33 - 50, XP093033983, Retrieved from the Internet <URL:http://www.cse.cuhk.edu.hk/~cslui/CSC7221/2008_PAPERS/safety_SSP_2007.pdf> DOI: 10.1109/SP.2007.32 *

Also Published As

Publication number Publication date
MA54776A1 (en) 2023-05-31
WO2023075584A2 (en) 2023-05-04
MA54776B1 (en) 2023-09-27

Similar Documents

Publication Publication Date Title
US20090007218A1 (en) Switched-Based Network Security
WO2007098052A3 (en) Peer based network access control
WO2017041656A1 (en) Traffic processing method, device and system
US20130316638A1 (en) Wideband intelligent jamming control apparatus and method
US11671405B2 (en) Dynamic filter generation and distribution within computer networks
US10681057B2 (en) Device and method for controlling a communication network
WO2023075584A3 (en) Method for deploying a new firewall security policy in a computer network
KR20160036201A (en) Abnormal communication interception apparatus and method
EP4236186A3 (en) Network coordination for crosslink interference mitigation
Smith et al. Multidefender security games on networks
CN112769850A (en) Network message filtering method, electronic equipment and storage medium
EP3687117B8 (en) Systems and methods for isolating network traffic of multiple users across networks of computing platforms
Afroz et al. Performance analysis of adaptive noise canceller employing NLMS Algorithm
Gold The SCADA challenge: securing critical infrastructure
Dolezilek et al. Cybersecurity based on IEC 62351 and IEC 62443 for IEC 61850 systems
CN111447203B (en) Security policy arranging method
Moore Targeting technology: Mapping military offensive network operations
EP4038839A4 (en) Methods and systems for management and control of communication network
Barchinezhad et al. Compensation of linear attacks to cyber physical systems through arx system identification
CN103841095A (en) Firewall rule updating method based on bigraph
Abdelaziz et al. Low-complexity digital predistortion for reducing power amplifier spurious emissions in spectrally-agile flexible radio
JP2014174349A (en) Active silencer and active silencing method
Argyris et al. Post-processing of long-haul and ethernet optical transmission signals using photonic reservoir computing
CN104883345A (en) Network security feature automatic deployment method and system
Zhou et al. Risk Assessment Method for Host Nodes in Software Defined Networking

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22830964

Country of ref document: EP

Kind code of ref document: A2