WO2000069120B1 - Managing multiple network security devices from a manager device - Google Patents

Managing multiple network security devices from a manager device

Info

Publication number
WO2000069120B1
WO2000069120B1 PCT/US2000/009942 US0009942W WO0069120B1 WO 2000069120 B1 WO2000069120 B1 WO 2000069120B1 US 0009942 W US0009942 W US 0009942W WO 0069120 B1 WO0069120 B1 WO 0069120B1
Authority
WO
WIPO (PCT)
Prior art keywords
security
information
devices
supervisor
generated
Prior art date
Application number
PCT/US2000/009942
Other languages
French (fr)
Other versions
WO2000069120A9 (en
WO2000069120A1 (en
Inventor
Peter M Rothermel
David Wayne Bonn
Nick T Marvais
Original Assignee
Watchguard Technologies Inc
Peter M Rothermel
David Wayne Bonn
Nick T Marvais
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Watchguard Technologies Inc, Peter M Rothermel, David Wayne Bonn, Nick T Marvais filed Critical Watchguard Technologies Inc
Priority to EP00923320A priority Critical patent/EP1175752A1/en
Priority to AU43466/00A priority patent/AU4346600A/en
Priority to JP2000617601A priority patent/JP2002544607A/en
Publication of WO2000069120A1 publication Critical patent/WO2000069120A1/en
Publication of WO2000069120B1 publication Critical patent/WO2000069120B1/en
Publication of WO2000069120A9 publication Critical patent/WO2000069120A9/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/22Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/084Configuration by using pre-existing information, e.g. using templates or copying from other elements
    • H04L41/0843Configuration by using pre-existing information, e.g. using templates or copying from other elements based on generic templates

Abstract

The present invention is directed to a facility for using a security policy manager device to remotely manage multiple network security devices (NSDs). The manager device can also use one or more intermediate supervisor devices to assit in the management. Security for the communication of information between various devices can be provided in a variety of ways. The system allows the manager device to create a consistent security policy for the multiple NSDs by distributing a copy of a security policy template to each of the NSDs and by then configuring each copy of the template with NSD-specific information. For example, the manager device can distribute the template to multiple NSDs by sending a single copy of the template to a supervisor device associated with the NSDs and by then having the supervisor device update each of the NSDs with a copy of the template. Other information useful for implementing security policies can also be distributed to the NSDs in a similar manner. The system also allows a manager device to retrieve, analyze and display all of the network security information gathered by the various NSDs while implementing security policies. Each NSD can forward its network security information to a supervisor device currently associated with the NSD, and the manager device can retrieve network security information of interest from the one or more supervisor devices which store portions of the information and then aggregate the retrieved information in an appropriate manner.

Claims

AMENDED CLAIMS[received by the International Bureau on 01 November 2000 (01.1 1.00); original claims 1-105 replaced by amended claims 1- 105 (22 pages)]
1. A method for managing multiple security devices by distributing a security policy template to each of the security devices and by collecting generated security information, the distributed security policy template for use by the security devices in generating security information, the method comprising: for each of the security devices, determining a supervisor device currently associated with the security device; distributing the security policy template to each of the determined supervisor devices; indicating to each of the determined supervisor devices to distribute the security policy template to each of the security devices with which the supervisor device is associated; and receiving security information generated by at least one security device to which the security policy template was distributed.
2. The method of claim 1 wherein the received generated security information is generated by a first security device based on network information passing between network devices other than the first security device, wherein the generated security information is stored on at least one host device distinct from the first security device, and wherein the receiving of the generated security information includes: determining the host devices on which at least portions of the generated security information are stored; and when there are multiple determined host devices, for each of the multiple determined host devices, retrieving the portions of the generated security information that are stored on the host device; and aggregating the retrieved portions of the generated security information.
3. The method of claim 2 including determining a host device that is a primary host device for the first security device, and wherein the portions of the generated security information from each of the multiple determined host devices are retrieved from the primary host device after the primary host device collects the portions from the multiple determined host devices.
4. The method of claim 2 wherein the determined supervisor device for the first security device is one of the determined host devices.
5. The method of claim 2 wherein the aggregating of the retrieved portions of the generated security information includes sorting the aggregated security information chronologically.
6. The method of claim 2 wherein the aggregating of the retrieved portions of the generated security information includes sorting the aggregated security information by type of security information.
7. The method of claim 2 wherein the receiving of the generated security information is prompted by a received request for the generated security information from a user, and including displaying the aggregated security information to the user.
8. The method of claim 2 including determining based on the aggregated security information that a change is needed in the network information allowed to pass between the other network devices.
9. The method of claim 2 including displaying to a user a view including the first security device and the host devices, and wherein a received request for the generated security information is based on a visual indication by the user of the first security device.
10. The method of claim 1 wherein the method is performed by a security manager device, and wherein each of the security devices is associated with a group of network devices and uses the distributed security policy template to generate security information that is related to the associated network devices.
11. The method of claim 10 including distributing to each of the security devices software whose execution controls the generation of the security information by that security device.
12. The method of claim 10 wherein each security device has a primary supervisor device, and including, under control of each security device, generating security information by: monitoring network information passing between any network device in the associated group for the security device and any network device not in the associated group; and when the monitored network information is of an indicated type, determining whether the primary supervisor device for the security device is available to receive information; when the primary supervisor device is available, sending security information about the monitored network information to the primary supervisor device for storage; and when the primary supervisor device is not available, sending security information about the monitored network information to an alternate supervisor device for storage.
13. The method of claim 12 wherein for each security device, the security policy template specifies the indicated types of monitored network information for which to generate security information and specifies data related to the monitored network information to be included in the generated security information.
14. The method of claim 10 wherein information is sent between the manager device and the supervisor devices and between the supervisor devices and the security devices in a secure form so that others do not have access to contents of the information.
15. The method of claim 10 wherein a single copy of the security policy template is distributed to each of the determined supervisor devices, wherein the distributed security policy template defines the security information to be generated, and including: after a copy of the security policy template has been sent to each of the multiple security devices by the determined supervisor devices, configuring each copy of the security policy template with information specific to the security device to which the security policy template was sent.
16. The method of claim 10 wherein the received security information is generated by a first of the security devices, wherein the first security device has a primary supervisor device, and wherein the receiving of the generated security information includes aggregating the security information by: determining at least one alternate supervisor device that stores at least a portion of the security information generated by the first security device; notifying the primary supervisor device for the first security device of a desire for the generated security information, the notifying including an indication of the determined alternate supervisor devices; and in response, receiving the generated security information.
17. The method of claim 16 wherein the primary supervisor device stores a portion of the security information generated by the first security device, and including, after the notifying of the primary supervisor device and under control of each of the primary supervisor device, sending the generated security information to the manager device by: retrieving from each of the determined alternate supervisor devices the security information generated by the first security device; retrieving the portion of the generated security information that is stored by the primary supervisor device; and sending the retrieved security information to the manager device.
18. The method of claim 16 wherein the receiving of the generated security information includes receiving separate portions of the generated security information stored by multiple determined alternate supervisor devices, and wherein the aggregating of the security information includes aggregating the received portions.
19. The method of claim 16 including displaying to a user a plurality of supervisor devices and a plurality of security devices in such a manner that the primary supervisor device for the first security device is visually indicated, and wherein the distributing of the security policy template to the multiple security devices is in response to selection by the user of the displayed multiple security devices.
20. The method of claim 1 wherein portions of the generated security information is stored on each of multiple supervisor devices distinct from the security device, wherein the distributing of the security policy template and the collecting of the generated security information is performed under control of a manager device, and including: sending a request from the manager device to a supervisor device for the generated security information; and ,Λ
69
under control of the supervisor device, receiving the sent request from the manager device; retrieving the stored portions of the generated security information from the multiple supervisor devices; and sending to the manager device the retrieved generated security information portions.
21. The method of claim 20 including: before sending to the manager device the retrieved generated security information portions, determining that the manager device is predefined as being authorized to receive the generated security information.
22. The method of claim 20 including: receiving from the manager device access information; and before sending to the manager device the retrieved generated security information portions, determining that the access information authorizes a sender of the access information to receive the generated security information.
23. The method of claim 20 including: before sending to the manager device the retrieved generated security information portions, formatting the information to be sent in a manner accessible only to the manager device.
24. The method of claim 20 wherein the sent request includes an indication of the multiple supervisor devices.
25. The method of claim 20 including contacting the security device to determine the multiple supervisor devices. 70
26 The method of claim 1 wherein the received security information is generated by a first of the security devices, and including, under control of the first security device and before the receiving of the generated security information, storing the generated security information in a distributed manner so as to ensure that the generated security information is available by identifying whether a primary supervisor device for the first security device is available to store received security information, when the primary supervisor device is available, storing the security information on the primary supervisor device, and when the primary supervisor device is not available, storing the security information on an alternate supervisor device
27 The method of claim 26 including generating the security information by retrieving a security policy which indicates types of network information, monitoring network information passing between network devices, and when the monitored network information is of a type indicated by the security policy, generating security information about the monitored network information
28 The method of claim 27 wherein the security policy for the first security device additionally indicates types of information to be included in the generated security information
29 The method of claim 26 including before storing the security information on a supervisor device, determining that the supervisor device is predefined as being authorized to receive the security information
30. The method of claim 26 including: before storing the security information on a supervisor device, formatting the security information in a manner accessible only to the supervisor device.
31. The method of claim 26 wherein the storing of the security information on a supervisor device including sending the security information to the supervisor device for storage in a manner accessible only to the supervisor device.
32. The method of claim 1 including distributing to each of the multiple security devices software whose execution controls generation of security information by that security device.
33. The method of claim 1 including, after the security policy template has been distributed to each of the security devices, configuring a distinct security policy on each security device based on the security policy template.
34. The method of claim 33 wherein the security policy template indicates a type of security information to be generated by each security device and wherein the configuring indicates specific network devices for which to generate the indicated types of security information.
35. The method of claim 1 including distributing to each of the multiple security devices an instruction related to employing the security policy template.
36. The method of claim 1 wherein the security policy template is information common to the multiple security devices, and including configuring each of the multiple security devices with additional security policy information that is not common to the multiple security devices
37 The method of claim 1 wherein before the security policy template is distributed to each of the multiple security devices, at least some of the multiple security devices have existing security policy templates of a similar type, and wherein for those security devices the security policy template to be distributed will replace the existing security policy templates
38 The method of claim 1 wherein before the security policy template is distributed to each of the multiple security devices, at least some of the multiple security devices have existing security policy templates of a similar type, and wherein for those security devices the security policy template to be distributed will supplement the existing security policy template
39 The method of claim 1 wherein the distributing of the security policy template to each of the determined supervisor devices is performed in a manner such that the security policy template is not accessible to other devices
40 The method of claim 1 including displaying to a user a view of the multiple security devices and of the supervisor devices currently associated with the security devices, and wherein the distributing of the security policy template is in response to a visual selection by the user
41 The method of claim 1 wherein each determined supervisor device distributes the security policy template to multiple security devices by receiving a single copy of the security policy template to be distributed to multiple security devices, and for each of the multiple security devices, if the supervisor device is associated with the security device, distributing the security policy template to the security device
42 The method of claim 41 wherein the supervisor device distributes the security policy template to a security device only when the supervisor device is associated with the security device as a primary supervisor device for the security device
43 The method of claim 41 including when the supervisor device is not associated with one of the multiple security devices, distributing the security policy template to another supervisor device to be distributed to the one security device
44 The method of claim 41 including after the security policy template has been distributed to each of the security devices, configuring the security policy template distinctly on each security device
45 The method of claim 41 including before the security policy template has been distributed to each of the security devices, configuring a copy of the security policy template distinctly for each security device that is to be distributed to that device
46 The method of claim 1 including distributing control information to multiple security devices for use in controlling operation of the multiple security devices by distributing the control information to each of the determined supervisor devices, and indicating to each of the determined supervisor devices to distribute the control information to the security devices with which the supervisor device is associated
47. The method of claim 46 wherein after the control information is distributed to the security devices, the security devices operate in accordance with the control information.
48. The method of claim 1 wherein each security device operates in accordance with the distributed security policy template by: receiving the distributed security policy template; and using the received security policy template to implement a security policy specified by the security policy template.
49. The method of claim 48 wherein the security policy template is distributed to multiple security devices via a supervisor device associated with the multiple security devices.
50. The method of claim 48 wherein the security policy template indicates a type of security information to be generated.
51. The method of claim 48 including: after the security policy template has been received, receiving configuration information specific to the security device to customize the specified security policy.
52. The method of claim 48 wherein the security policy template is distributed from a manager device, and including: before using the security policy template to implement the specified security policy, determining that the manager device is authorized to distribute the security policy template.
53. The method of claim 48 wherein the security policy template is distributed from a manager device, and including: receiving access information from the manager device; and before using the security policy template to implement the specified security policy, determining that the access information authorizes a sender of the access information to distribute the security policy template.
54. The method of claim 1 wherein the received security information is generated by a first of the security devices, and including determining to collect the security information generated by the first security device by displaying to a user a view including the first security device and at least one supervisor device and by receiving a visual indication from the user of the displayed first security device .
55. The method of claim 54 including displaying to the user the received generated security information.
56. The method of claim 54 wherein the view of the first security device and of the supervisor devices includes a visual indication of a supervisor device that is a primary supervisor device for the first security device.
57. The method of claim 54 wherein the view of the first security device and of the supervisor devices includes visual indications of the determined supervisor devices.
58. The method of claim 54 wherein a displayed visual indication of a device performing the method is modified to indicate that the generated security information has been received.
59. The method of claim 1 including determining the multiple security devices to which the security policy template will be distributed by: displaying to a user a view of a plurality of security devices and of at least one supervisor device, the plurality of security devices including the multiple security devices; and receiving from the user visual indications of the displayed multiple security devices.
60. The method of claim 59 including: displaying to the user multiple security policy templates; and determining the security policy template to be distributed based on a visual indication by the user.
61. The method of claim 59 wherein the view of the security devices and of the supervisor devices includes a visual indication of a supervisor device that is a primary host device for the security device.
62. The method of claim 59 wherein a visual indication for each of the multiple security devices is modified to indicate receipt by the security device of the distributed security policy template.
63. The method of claim 1 wherein the received security information is generated by a first of the security devices and is stored on multiple supervisor devices, and including : displaying to the user a view including the first security device and a plurality of supervisor devices, the plurality of supervisor devices including the multiple supervisor devices; receiving from the user an indication of the displayed first security device; and displaying to the user an aggregation of the generated security information that is retrieved from the multiple supervisor devices.
64. The method of claim 63 wherein the view of the security device and of the supervisor devices includes visual indications of the multiple supervisor devices.
65. The method of claim 63 wherein a displayed visual indication of a device performing the method is modified to indicate that the generated security information has been retrieved.
66. The method of claim 1 including distributing security policy implementation information to multiple security devices for use in implementing a security policy.
67. The method of claim 66 wherein the distributing of the security policy implementation information includes: displaying to a user a view of a manager device, the multiple security devices and of multiple supervisor devices; receiving from the user indications of multiple security devices to which the security policy implementation information is to be distributed; and displaying to the user an indication that the security policy implementation information is distributed to the multiple security devices, the distribution accomplished by the manager device sending the security policy implementation information to a supervisor device associated with each of the security devices and indicating to the associated supervisor device to distribute the security policy implementation information to each of the security devices.
68. The method of claim 67 including: displaying to the user multiple types of security policy implementation information; and determining the security policy implementation information to be distributed based on a visual indication by the user.
69. The method of claim 67 wherein the view of the security devices and of the supervisor devices includes a visual indication that the associated supervisor device distributes the security policy implementation information to each of the security devices.
70. The method of claim 67 wherein a visual indication for each of the multiple security devices is modified to indicate receipt by the security device of the security policy implementation information.
71. The method of claim 67 wherein the multiple security devices to which the security policy implementation information is to be distributed are indicated based on a selection by the user of the associated supervisor device.
72. The method of claim 66 wherein the security policy implementation information is software to be executed by the multiple security devices to control the implementing of the security policy.
73. The method of claim 66 wherein the security policy implementation information is an instruction to be performed by the multiple security devices related to the implementing of the security policy.
74. The method of claim 66 including, after the security policy implementation information has been distributed to the multiple security devices, configuring the security policy implementation information distinctly on each of the security devices.
75. The method of claim 66 wherein the security policy implementation information is information common to the multiple security devices, and wherein for each of the multiple security devices the common information is used in conjunction with information specific to the security device.
76. The method of claim 66 including, for each of the multiple security devices, sending to the security device a control instruction indicating an action to be taken by the security device with the security policy implementation information.
77. A computer-readable medium whose contents cause a manager device to manage security devices by distributing security policy implementation information to multiple security devices for use in implementing a security policy, by: for each of the security devices, determining a supervisor device currently associated with the security device; distributing the security policy implementation information to each of the determined supervisor devices; and indicating to each of the determined supervisor devices to distribute the security policy implementation information to the security devices with which the supervisor device is associated.
78. The computer-readable medium of claim 77 wherein the security policy implementation information is software to be executed by the security devices to control the implementing of the security policy.
79 The computer-readable medium of claim 77 wherein the security policy implementation information is a security policy template that indicates the security information to be generated
80 The computer-readable medium of claim 79 wherein the contents further cause the manager device to, after the security policy implementation information has been distributed to each of the security devices, configure the security policy implementation information distinctly on each security device
81 The computer-readable medium of claim 77 wherein the security policy implementation information is an instruction to be executed by the multiple security devices related to the implementing of the security policy
82 The computer-readable medium of claim 77 wherein the contents further cause the manager device to display to a user a view of the multiple security devices and the supervisor devices currently associated with the security devices, and wherein the distributing of the security policy implementation information is in response to a visual selection by the user
83 The computer-readable medium of claim 77 wherein the contents further cause the manager device to collect security information generated by a security device, the generated security information based on network information passing between other network devices, the generated security information stored on at least one host device distinct from the security device, by receiving a request for the generated security information, determining the host devices on which at least portions of the generated security information are stored, and when there are multiple determined host devices, for each of the multiple determined host devices, retrieving the portions of the generated security information that are stored on the host device; and aggregating the retrieved portions of the generated security information.
84. The computer-readable medium of claim 83 wherein the contents further cause the manager device to determine a host device that is a primary host device for the security device, and wherein the portions of the generated security information for each of the multiple determined host devices are retrieved from the primary host device.
85. The computer-readable medium of claim 83 wherein the aggregating of the retrieved portions of the generated security information includes sorting the aggregated security information chronologically.
86. The computer-readable medium of claim 83 wherein the received request for the generated security information is from a user, and wherein the contents further cause the manager device to display the aggregated security information to the user.
87. The computer-readable medium of claim 83 wherein the contents further cause the manager device to display to a user a view including the security device and the host devices, and wherein the request for the generated security information involves a visual indication by the user of the security device.
88. A computer system for distributing security policy implementation information to multiple security devices for use in implementing a security policy, the security policy implementation information including a security policy template, comprising: a security device associator capable of determining for each of the security devices a supervisor device currently associated with the security device; and an information distributor capable of distributing the security policy implementation information to each of the determined supervisor devices, and of indicating to each of the determined supervisor devices to distribute the security policy implementation information to the security devices with which the supervisor device is associated.
89. The computer system of claim 88 wherein the security policy implementation information is software to be executed by the security devices to control the implementing of the security policy.
90. The computer system of claim 88 wherein the security policy template is information common to the multiple security devices, and further comprising a component capable of configuring each of the multiple security devices with additional security policy information that is not common to the multiple security devices.
91. The computer system of claim 88 including a user interface component capable of displaying to a user a view of the multiple security devices and the supervisor devices currently associated with the security devices, and of receiving a visual selection by the user that controls the distributing of the security policy implementation information.
92. The computer system of claim 88 for further managing a security device by collecting security information generated by the security device, the generated security information based on network information passing between other network devices, the generated security information stored on at least one host device distinct from the security device, the computer system further comprising: a user interface component capable of receiving from a user a request for the generated security information; and a security information retriever capable of determining the host devices on which at least portions of the generated security information are stored, and of, when there are multiple 83
determined host devices, for each of the multiple determined host devices, retrieving the portions of the generated security information that are stored on the host device and aggregating the retrieved portions of the generated security information
93 The computer system of claim 92 wherein the user interface component is capable of generating a graphical display of the aggregated security information
94 The computer system of claim 92 wherein the user interface component is capable of generating a graphical display including a hierarchical view of the security device and the host devices, and wherein the user interface component is further for receiving a visual indication of the security device indicating the request for the generated security information of the indicated security device
95 The computer system of claim 92 for further storing the generated security information in a distributed manner so as to ensure the security information is available, the computer system further comprising a storage identifier capable of identifying whether a primary supervisor device for the security device is available to store received security information, and an information storer capable of storing the security information on the primary supervisor device if the primary supervisor device is available, and of storing the security information on an alternate supervisor device when the primary supervisor device is not available
96 The computer system of claim 95 further comprising a security information generator capable of retrieving a policy which indicates types of network information, of monitoring the network information passing between the network devices, and of generating security information about the monitored network information when the monitored network information is of a type indicated by the policy
97. The computer system of claim 95 further comprising: a security component capable of determining that a supervisor device is predefined as being authorized to receive the security information before storing the security information on the supervisor device.
98. The computer system of claim 88 for further implementing a security policy in accordance with security policy implementation information distributed from a manager device, the computer system further comprising: a security policy information receiver capable of receiving security policy implementation information to be used in implementing a security policy; and a security policy implementer capable of using the security policy implementation information to implement the security policy.
99. The computer system of claim 98 wherein the security policy implementation information is software to be executed by the security device to control the implementing of the security policy.
100. The computer system of claim 98 wherein the security policy implementation information is a security policy template that indicates security information to be generated.
101. The computer system of claim 98 further comprising: a security component capable of determining that the manager device is predefined as being authorized to distribute the security policy implementation information before using the security policy implementation information to implement the security policy.
102. A generated data signal transmitted via a data transmission medium from a manager device to a supervisor device, the data signal including a single copy of security policy implementation information to be distributed by the supervisor device to multiple security devices, the security policy implementation information for use by the supervisor devices in implementing a security policy, so that the manager device can efficiently distribute information to multiple security devices via a supervisor device.
103. The data signal of claim 102 wherein the security policy implementation information is software to be executed by the security devices to control the implementing of the security policy.
104. The data signal of claim 102 wherein the security policy implementation information is a security policy template that indicates the security information to be generated.
105. The data signal of claim 102 including configuration information to be distributed by the supervisor device to at least one security device, the configuration information specific to the at least one security device, the configuration information for configuring distinctly for the at least one security device a copy of the security policy implementation information that is to be distributed to that device.
PCT/US2000/009942 1999-05-06 2000-04-13 Managing multiple network security devices from a manager device WO2000069120A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP00923320A EP1175752A1 (en) 1999-05-06 2000-04-13 Managing multiple network security devices from a manager device
AU43466/00A AU4346600A (en) 1999-05-06 2000-04-13 Managing multiple network security devices from a manager device
JP2000617601A JP2002544607A (en) 1999-05-06 2000-04-13 How to manage multiple network security devices from a manager device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/307,332 US6678827B1 (en) 1999-05-06 1999-05-06 Managing multiple network security devices from a manager device
US09/307,332 1999-05-06

Publications (3)

Publication Number Publication Date
WO2000069120A1 WO2000069120A1 (en) 2000-11-16
WO2000069120B1 true WO2000069120B1 (en) 2001-05-17
WO2000069120A9 WO2000069120A9 (en) 2002-04-04

Family

ID=23189269

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/009942 WO2000069120A1 (en) 1999-05-06 2000-04-13 Managing multiple network security devices from a manager device

Country Status (5)

Country Link
US (2) US6678827B1 (en)
EP (1) EP1175752A1 (en)
JP (1) JP2002544607A (en)
AU (1) AU4346600A (en)
WO (1) WO2000069120A1 (en)

Families Citing this family (291)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6008805A (en) 1996-07-19 1999-12-28 Cisco Technology, Inc. Method and apparatus for providing multiple management interfaces to a network device
US7254781B1 (en) * 1996-07-19 2007-08-07 Cisco Technology, Inc. Method and apparatus for providing multiple management interfaces to a network device
US6408336B1 (en) 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US7821926B2 (en) * 1997-03-10 2010-10-26 Sonicwall, Inc. Generalized policy server
US8914410B2 (en) 1999-02-16 2014-12-16 Sonicwall, Inc. Query interface to policy server
US20010048738A1 (en) 1997-04-03 2001-12-06 Sbc Technology Resourses, Inc. Profile management system including user interface for accessing and maintaining profile data of user subscribed telephony services
US6778651B1 (en) * 1997-04-03 2004-08-17 Southwestern Bell Telephone Company Apparatus and method for facilitating service management of communications services in a communications network
US7673323B1 (en) * 1998-10-28 2010-03-02 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
US6158010A (en) 1998-10-28 2000-12-05 Crosslogix, Inc. System and method for maintaining security in a distributed computer network
US6169059B1 (en) * 1998-11-19 2001-01-02 Superior Graphite Co. High-temperature, water-based lubricant and process for making the same
US7305562B1 (en) 1999-03-09 2007-12-04 Citibank, N.A. System, method and computer program product for an authentication management infrastructure
EP1056010A1 (en) 1999-05-28 2000-11-29 Hewlett-Packard Company Data integrity monitoring in trusted computing entity
US7213068B1 (en) * 1999-11-12 2007-05-01 Lucent Technologies Inc. Policy management system
JP2001273388A (en) * 2000-01-20 2001-10-05 Hitachi Ltd System and method for security management
FR2804564B1 (en) * 2000-01-27 2002-03-22 Bull Sa MULTI-APPLICATION SAFETY RELAY
US7096495B1 (en) * 2000-03-31 2006-08-22 Intel Corporation Network session management
FI111681B (en) 2000-04-10 2003-08-29 Sonera Oyj Blocking against use of a service in telecommunication systems
US7200863B2 (en) * 2000-05-16 2007-04-03 Hoshiko Llc System and method for serving content over a wide area network
US7266595B1 (en) * 2000-05-20 2007-09-04 Ciena Corporation Accessing network device data through user profiles
ATE403323T1 (en) * 2000-05-24 2008-08-15 Voltaire Ltd FILTERED COMMUNICATION FROM APPLICATION TO APPLICATION
US7152240B1 (en) * 2000-07-25 2006-12-19 Green Stuart D Method for communication security and apparatus therefor
US7702806B2 (en) * 2000-09-07 2010-04-20 Riverbed Technology, Inc. Statistics collection for network traffic
US7124440B2 (en) * 2000-09-07 2006-10-17 Mazu Networks, Inc. Monitoring network traffic denial of service attacks
US7278159B2 (en) * 2000-09-07 2007-10-02 Mazu Networks, Inc. Coordinated thwarting of denial of service attacks
US7743134B2 (en) * 2000-09-07 2010-06-22 Riverbed Technology, Inc. Thwarting source address spoofing-based denial of service attacks
US7398317B2 (en) * 2000-09-07 2008-07-08 Mazu Networks, Inc. Thwarting connection-based denial of service attacks
US7043759B2 (en) * 2000-09-07 2006-05-09 Mazu Networks, Inc. Architecture to thwart denial of service attacks
US6986061B1 (en) * 2000-11-20 2006-01-10 International Business Machines Corporation Integrated system for network layer security and fine-grained identity-based access control
US7317787B2 (en) * 2000-11-21 2008-01-08 At&T Knowledge Ventures, L.P. Voice enhancing for advance intelligent network services
US7155001B2 (en) * 2001-10-24 2006-12-26 Sbc Properties, L.P. System and method for restricting and monitoring telephone calls
US20020078382A1 (en) * 2000-11-29 2002-06-20 Ali Sheikh Scalable system for monitoring network system and components and methodology therefore
US7054946B2 (en) * 2000-12-06 2006-05-30 Intelliden Dynamic configuration of network devices to enable data transfers
US8219662B2 (en) * 2000-12-06 2012-07-10 International Business Machines Corporation Redirecting data generated by network devices
US7249170B2 (en) * 2000-12-06 2007-07-24 Intelliden System and method for configuration, management and monitoring of network resources
US6978301B2 (en) * 2000-12-06 2005-12-20 Intelliden System and method for configuring a network device
US7174453B2 (en) * 2000-12-29 2007-02-06 America Online, Inc. Message screening system
US6931529B2 (en) * 2001-01-05 2005-08-16 International Business Machines Corporation Establishing consistent, end-to-end protection for a user datagram
US7168093B2 (en) * 2001-01-25 2007-01-23 Solutionary, Inc. Method and apparatus for verifying the integrity and security of computer networks and implementation of counter measures
US7272848B1 (en) * 2001-02-13 2007-09-18 Network Appliance, Inc. Method for device security in a heterogeneous storage network environment
DE60121133T2 (en) * 2001-02-14 2007-02-01 Mitsubishi Denki K.K. Method and device for handling unauthorized access data
GB2372592B (en) * 2001-02-23 2005-03-30 Hewlett Packard Co Information system
GB2372595A (en) * 2001-02-23 2002-08-28 Hewlett Packard Co Method of and apparatus for ascertaining the status of a data processing environment.
GB2372594B (en) * 2001-02-23 2004-10-06 Hewlett Packard Co Trusted computing environment
US7150037B2 (en) * 2001-03-21 2006-12-12 Intelliden, Inc. Network configuration manager
US8141144B2 (en) * 2001-05-10 2012-03-20 Hewlett-Packard Development Company, L.P. Security policy management for network devices
US20020178365A1 (en) * 2001-05-24 2002-11-28 Shingo Yamaguchi Method and system for controlling access to network resources based on connection security
GB0117429D0 (en) * 2001-07-17 2001-09-12 Trustis Ltd Trust management
US7222359B2 (en) * 2001-07-27 2007-05-22 Check Point Software Technologies, Inc. System methodology for automatic local network discovery and firewall reconfiguration for mobile computing devices
GB2378013A (en) * 2001-07-27 2003-01-29 Hewlett Packard Co Trusted computer platform audit system
GB2378272A (en) * 2001-07-31 2003-02-05 Hewlett Packard Co Method and apparatus for locking an application within a trusted environment
US7200548B2 (en) * 2001-08-29 2007-04-03 Intelliden System and method for modeling a network device's configuration
US8296400B2 (en) * 2001-08-29 2012-10-23 International Business Machines Corporation System and method for generating a configuration schema
US20030046583A1 (en) * 2001-08-30 2003-03-06 Honeywell International Inc. Automated configuration of security software suites
US7207061B2 (en) * 2001-08-31 2007-04-17 International Business Machines Corporation State machine for accessing a stealth firewall
US7177869B2 (en) * 2001-09-19 2007-02-13 Fuji Xerox Co., Ltd. Service retrieving apparatus and service retrieving method
JP2003099341A (en) * 2001-09-20 2003-04-04 Canon Inc Network device-managing device, managing system, managing method and network device
US8776230B1 (en) * 2001-10-02 2014-07-08 Mcafee, Inc. Master security policy server
JP3864743B2 (en) * 2001-10-04 2007-01-10 株式会社日立製作所 Firewall device, information device, and information device communication method
US20030069949A1 (en) * 2001-10-04 2003-04-10 Chan Michele W. Managing distributed network infrastructure services
US6999998B2 (en) * 2001-10-04 2006-02-14 Hewlett-Packard Development Company, L.P. Shared memory coupling of network infrastructure devices
US7392537B2 (en) * 2001-10-08 2008-06-24 Stonesoft Oy Managing a network security application
US7536712B2 (en) * 2001-10-16 2009-05-19 Microsoft Corporation Flexible electronic message security mechanism
US7676540B2 (en) 2001-10-16 2010-03-09 Microsoft Corporation Scoped referral statements
EP1303097A3 (en) * 2001-10-16 2005-11-30 Microsoft Corporation Virtual distributed security system
US8015204B2 (en) * 2001-10-16 2011-09-06 Microsoft Corporation Scoped access control metadata element
US20030074579A1 (en) * 2001-10-16 2003-04-17 Microsoft Corporation Virtual distributed security system
US7194553B2 (en) 2001-10-16 2007-03-20 Microsoft Corporation Resolving virtual network names
US20030079053A1 (en) * 2001-10-23 2003-04-24 Kevin Burns System and method for evaluating effectiveness of network configuration management tools
US7337220B2 (en) * 2001-10-24 2008-02-26 At&T Labs, Inc. Unified interface for managing DSL services
US7065562B2 (en) * 2001-11-26 2006-06-20 Intelliden, Inc. System and method for generating a representation of a configuration schema
US7899047B2 (en) 2001-11-27 2011-03-01 Microsoft Corporation Virtual network with adaptive dispatcher
EP1317111B8 (en) * 2001-11-29 2009-11-25 Stonesoft Corporation A personalized firewall
US7487233B2 (en) * 2001-12-05 2009-02-03 Canon Kabushiki Kaisha Device access based on centralized authentication
US7213264B2 (en) 2002-01-31 2007-05-01 Mazu Networks, Inc. Architecture to thwart denial of service attacks
US7743415B2 (en) * 2002-01-31 2010-06-22 Riverbed Technology, Inc. Denial of service attacks characterization
US8209756B1 (en) 2002-02-08 2012-06-26 Juniper Networks, Inc. Compound attack detection in a computer network
US8966081B1 (en) * 2002-02-13 2015-02-24 Netapp, Inc. Method for device security in a heterogeneous storage network environment
US7093283B1 (en) * 2002-02-15 2006-08-15 Cisco Technology, Inc. Method and apparatus for deploying configuration instructions to security devices in order to implement a security policy on a network
US7502457B2 (en) * 2002-02-28 2009-03-10 At&T Intellectual Property I, L.P. Outbound call rules routing
US7136916B2 (en) * 2002-03-08 2006-11-14 Siemens Aktiengesellschaft Method for event management
US7430667B2 (en) 2002-04-04 2008-09-30 Activcard Ireland Limited Media router
US7484097B2 (en) * 2002-04-04 2009-01-27 Symantec Corporation Method and system for communicating data to and from network security devices
US7957509B2 (en) * 2002-04-30 2011-06-07 At&T Intellectual Property I, L.P. Voice enhancing for advance intelligent network services
US7662094B2 (en) * 2002-05-14 2010-02-16 Given Imaging Ltd. Optical head assembly with dome, and device for use thereof
US6959329B2 (en) * 2002-05-15 2005-10-25 Intelliden System and method for transforming configuration commands
US7490167B2 (en) * 2002-05-22 2009-02-10 Sony Corporation System and method for platform and language-independent development and delivery of page-based content
US7325140B2 (en) * 2003-06-13 2008-01-29 Engedi Technologies, Inc. Secure management access control for computers, embedded and card embodiment
US7171467B2 (en) 2002-06-13 2007-01-30 Engedi Technologies, Inc. Out-of-band remote management station
US20040003067A1 (en) * 2002-06-27 2004-01-01 Daniel Ferrin System and method for enabling a user interface with GUI meta data
US7853983B2 (en) * 2002-07-29 2010-12-14 Bea Systems, Inc. Communicating data from a data producer to a data receiver
US7287269B2 (en) 2002-07-29 2007-10-23 International Buiness Machines Corporation System and method for authenticating and configuring computing devices
US7143283B1 (en) * 2002-07-31 2006-11-28 Cisco Technology, Inc. Simplifying the selection of network paths for implementing and managing security policies on a network
US7461158B2 (en) * 2002-08-07 2008-12-02 Intelliden, Inc. System and method for controlling access rights to network resources
US7366893B2 (en) * 2002-08-07 2008-04-29 Intelliden, Inc. Method and apparatus for protecting a network from attack
AU2003260071A1 (en) 2002-08-27 2004-03-19 Td Security, Inc., Dba Trust Digital, Llc Enterprise-wide security system for computer devices
JP4786116B2 (en) * 2002-09-06 2011-10-05 ソニー株式会社 Information processing apparatus and method, and program
JP4159328B2 (en) * 2002-09-11 2008-10-01 Necインフロンティア株式会社 Network, IPsec setting server device, IPsec processing device, and IPsec setting method used therefor
US7558847B2 (en) * 2002-09-13 2009-07-07 Intelliden, Inc. System and method for mapping between and controlling different device abstractions
US20040078457A1 (en) * 2002-10-21 2004-04-22 Tindal Glen D. System and method for managing network-device configurations
US7363656B2 (en) * 2002-11-04 2008-04-22 Mazu Networks, Inc. Event detection/anomaly correlation heuristics
US8504879B2 (en) * 2002-11-04 2013-08-06 Riverbed Technology, Inc. Connection based anomaly detection
US8479057B2 (en) * 2002-11-04 2013-07-02 Riverbed Technology, Inc. Aggregator for connection based anomaly detection
US7107445B2 (en) * 2002-11-20 2006-09-12 International Business Machines Corporation Method and apparatus for secure processing of sensitive data
US20040107274A1 (en) * 2002-12-03 2004-06-03 Mastrianni Steven J. Policy-based connectivity
US20040230681A1 (en) * 2002-12-06 2004-11-18 John Strassner Apparatus and method for implementing network resources to provision a service using an information model
US20040117437A1 (en) * 2002-12-16 2004-06-17 Exanet, Co. Method for efficient storing of sparse files in a distributed cache
US7640336B1 (en) 2002-12-30 2009-12-29 Aol Llc Supervising user interaction with online services
US7735129B2 (en) 2003-02-05 2010-06-08 Nippon Telegraph And Telephone Corporation Firewall device
US7181546B2 (en) * 2003-03-21 2007-02-20 Cameo Communications Inc. Network communication display device
WO2004097584A2 (en) * 2003-04-28 2004-11-11 P.G.I. Solutions Llc Method and system for remote network security management
TWI227612B (en) * 2003-06-25 2005-02-01 Hon Hai Prec Ind Co Ltd System and method for IP logging
US7373660B1 (en) 2003-08-26 2008-05-13 Cisco Technology, Inc. Methods and apparatus to distribute policy information
US7530112B2 (en) * 2003-09-10 2009-05-05 Cisco Technology, Inc. Method and apparatus for providing network security using role-based access control
US7764778B2 (en) 2003-09-12 2010-07-27 At&T Intellectual Property I, L.P. International origin dependent customized routing of calls to toll-free numbers
US8473729B2 (en) * 2003-09-15 2013-06-25 Intel Corporation Method and apparatus for managing the privacy and disclosure of location information
KR100432675B1 (en) * 2003-09-19 2004-05-27 주식회사 아이앤아이맥스 Method of controlling communication between equipments on a network and apparatus for the same
US7523484B2 (en) 2003-09-24 2009-04-21 Infoexpress, Inc. Systems and methods of controlling network access
US7519826B2 (en) * 2003-10-01 2009-04-14 Engedi Technologies, Inc. Near real-time multi-party task authorization access control
US20050257245A1 (en) * 2003-10-10 2005-11-17 Bea Systems, Inc. Distributed security system with dynamic roles
WO2005043304A2 (en) * 2003-10-21 2005-05-12 Engedi Technologies, Inc. Secure management access control for computers, embedded and card embodiment
US7836490B2 (en) 2003-10-29 2010-11-16 Cisco Technology, Inc. Method and apparatus for providing network security using security labeling
JP3758661B2 (en) * 2003-11-17 2006-03-22 株式会社インテリジェントウェイブ Fraud monitoring program, fraud monitoring method and fraud monitoring system
US8656039B2 (en) 2003-12-10 2014-02-18 Mcafee, Inc. Rule parser
US7814327B2 (en) 2003-12-10 2010-10-12 Mcafee, Inc. Document registration
US7984175B2 (en) * 2003-12-10 2011-07-19 Mcafee, Inc. Method and apparatus for data capture and analysis system
US7774604B2 (en) 2003-12-10 2010-08-10 Mcafee, Inc. Verifying captured objects before presentation
US8548170B2 (en) 2003-12-10 2013-10-01 Mcafee, Inc. Document de-registration
US7899828B2 (en) 2003-12-10 2011-03-01 Mcafee, Inc. Tag data structure for maintaining relational data over captured objects
EP2733656A1 (en) 2003-12-23 2014-05-21 Trust Digital, LLC System and method for enforcing a security policy on mobile devices using dynamically generated security profiles
US7305706B2 (en) * 2004-01-15 2007-12-04 Cisco Technology, Inc. Establishing a virtual private network for a road warrior
US7930540B2 (en) 2004-01-22 2011-04-19 Mcafee, Inc. Cryptographic policy enforcement
US20050193429A1 (en) * 2004-01-23 2005-09-01 The Barrier Group Integrated data traffic monitoring system
GB0404444D0 (en) * 2004-02-27 2004-09-01 Bae Sys Defence Sys Ltd Secure computer communication
US7734740B2 (en) * 2004-04-16 2010-06-08 The Boeing Company Configuration management apparatus and related methods
US7725921B2 (en) * 2004-04-22 2010-05-25 Microsoft Corporation Systems and methods for managing networks
US8010989B2 (en) 2004-04-30 2011-08-30 Research In Motion Limited System and method for configuring devices for secure operations
US8161520B1 (en) * 2004-04-30 2012-04-17 Oracle America, Inc. Methods and systems for securing a system in an adaptive computer environment
US7422152B2 (en) 2004-05-13 2008-09-09 Cisco Technology, Inc. Methods and devices for providing scalable RFID networks
US7962591B2 (en) 2004-06-23 2011-06-14 Mcafee, Inc. Object classification in a capture system
US10284571B2 (en) * 2004-06-28 2019-05-07 Riverbed Technology, Inc. Rule based alerting in anomaly detection
US7929534B2 (en) * 2004-06-28 2011-04-19 Riverbed Technology, Inc. Flow logging for connection-based anomaly detection
US7920577B2 (en) * 2004-07-08 2011-04-05 Avaya Communication Israel Ltd. Power saving in wireless packet based networks
JP4185895B2 (en) * 2004-07-28 2008-11-26 キヤノン株式会社 Image processing apparatus, image processing apparatus control method, and image processing apparatus control program
US8560534B2 (en) 2004-08-23 2013-10-15 Mcafee, Inc. Database for a capture system
US7949849B2 (en) 2004-08-24 2011-05-24 Mcafee, Inc. File system for a capture system
US7549158B2 (en) * 2004-08-31 2009-06-16 Microsoft Corporation Method and system for customizing a security policy
US8146142B2 (en) * 2004-09-03 2012-03-27 Intel Corporation Device introduction and access control framework
US20060075503A1 (en) * 2004-09-13 2006-04-06 Achilles Guard, Inc. Dba Critical Watch Method and system for applying security vulnerability management process to an organization
US7421739B2 (en) * 2004-10-04 2008-09-02 American Express Travel Related Services Company, Inc. System and method for monitoring and ensuring data integrity in an enterprise security system
EP1805710A4 (en) 2004-10-04 2009-07-22 Standard Chartered Ct Plc Financial institution portal system and method
US7669244B2 (en) 2004-10-21 2010-02-23 Cisco Technology, Inc. Method and system for generating user group permission lists
US7760653B2 (en) * 2004-10-26 2010-07-20 Riverbed Technology, Inc. Stackable aggregation for connection based anomaly detection
US7877796B2 (en) 2004-11-16 2011-01-25 Cisco Technology, Inc. Method and apparatus for best effort propagation of security group information
US7509431B2 (en) * 2004-11-17 2009-03-24 Cisco Technology, Inc. Performing message and transformation adapter functions in a network element on behalf of an application
US7509493B2 (en) * 2004-11-19 2009-03-24 Microsoft Corporation Method and system for distributing security policies
US7664879B2 (en) * 2004-11-23 2010-02-16 Cisco Technology, Inc. Caching content and state data at a network element
US7721323B2 (en) * 2004-11-23 2010-05-18 Cisco Technology, Inc. Method and system for including network security information in a frame
US7886145B2 (en) 2004-11-23 2011-02-08 Cisco Technology, Inc. Method and system for including security information with a packet
US7827402B2 (en) * 2004-12-01 2010-11-02 Cisco Technology, Inc. Method and apparatus for ingress filtering using security group information
US7987272B2 (en) 2004-12-06 2011-07-26 Cisco Technology, Inc. Performing message payload processing functions in a network element on behalf of an application
US7496750B2 (en) * 2004-12-07 2009-02-24 Cisco Technology, Inc. Performing security functions on a message payload in a network element
US7725934B2 (en) * 2004-12-07 2010-05-25 Cisco Technology, Inc. Network and application attack protection based on application layer message inspection
US8082304B2 (en) * 2004-12-10 2011-12-20 Cisco Technology, Inc. Guaranteed delivery of application layer messages by a network element
US7606267B2 (en) * 2004-12-10 2009-10-20 Cisco Technology, Inc. Reducing the sizes of application layer messages in a network element
US8051296B2 (en) * 2004-12-30 2011-11-01 Honeywell International Inc. System and method for initializing secure communications with lightweight devices
US7551567B2 (en) * 2005-01-05 2009-06-23 Cisco Technology, Inc. Interpreting an application message at a network element using sampling and heuristics
US20060155862A1 (en) * 2005-01-06 2006-07-13 Hari Kathi Data traffic load balancing based on application layer messages
US7591010B2 (en) * 2005-01-19 2009-09-15 Microsoft Corporation Method and system for separating rules of a security policy from detection criteria
US7698416B2 (en) * 2005-01-25 2010-04-13 Cisco Technology, Inc. Application layer message-based server failover management by a network element
US7809826B1 (en) 2005-01-27 2010-10-05 Juniper Networks, Inc. Remote aggregation of network traffic profiling data
US7769851B1 (en) 2005-01-27 2010-08-03 Juniper Networks, Inc. Application-layer monitoring and profiling network traffic
US7937755B1 (en) * 2005-01-27 2011-05-03 Juniper Networks, Inc. Identification of network policy violations
US7707619B2 (en) * 2005-01-28 2010-04-27 Microsoft Corporation Method and system for troubleshooting when a program is adversely impacted by a security policy
US7797411B1 (en) 2005-02-02 2010-09-14 Juniper Networks, Inc. Detection and prevention of encapsulated network attacks using an intermediate device
US7627123B2 (en) * 2005-02-07 2009-12-01 Juniper Networks, Inc. Wireless network having multiple security interfaces
WO2006085313A2 (en) * 2005-02-09 2006-08-17 Enure Networks Ltd. Device, method, and system for module level network supervision
US8590011B1 (en) * 2005-02-24 2013-11-19 Versata Development Group, Inc. Variable domain resource data security for data processing systems
US8572676B2 (en) * 2008-11-06 2013-10-29 Mcafee, Inc. System, method, and device for mediating connections between policy source servers, corporate repositories, and mobile devices
EP1866789B8 (en) * 2005-02-28 2020-04-15 McAfee, LLC Mobile data security system and methods
EP1855520A2 (en) * 2005-03-08 2007-11-21 Hercules Incorporated Clumping, non-dusting calcium carbonate-based animal litter
US9137251B2 (en) 2005-03-16 2015-09-15 Fortinet, Inc. Inheritance based network management
US8539587B2 (en) 2005-03-22 2013-09-17 Hewlett-Packard Development Company, L.P. Methods, devices and data structures for trusted data
US8904486B2 (en) * 2005-05-19 2014-12-02 International Business Machines Corporation Method and system for autonomic security configuration
US8667106B2 (en) * 2005-05-20 2014-03-04 At&T Intellectual Property Ii, L.P. Apparatus for blocking malware originating inside and outside an operating system
US7603696B2 (en) * 2005-06-10 2009-10-13 Intel Corporation Hybrid distributed firewall apparatus, systems, and methods
US20060288411A1 (en) * 2005-06-21 2006-12-21 Avaya, Inc. System and method for mitigating denial of service attacks on communication appliances
US7345585B2 (en) * 2005-08-01 2008-03-18 Cisco Technology, Inc. Network based device for providing RFID middleware functionality
US7907608B2 (en) 2005-08-12 2011-03-15 Mcafee, Inc. High speed packet capture
US7818326B2 (en) 2005-08-31 2010-10-19 Mcafee, Inc. System and method for word indexing in a capture system and querying thereof
US7590733B2 (en) * 2005-09-14 2009-09-15 Infoexpress, Inc. Dynamic address assignment for access control on DHCP networks
US7730011B1 (en) 2005-10-19 2010-06-01 Mcafee, Inc. Attributes of captured objects in a capture system
US7657104B2 (en) 2005-11-21 2010-02-02 Mcafee, Inc. Identifying image type in a capture system
CN1996901A (en) * 2006-01-06 2007-07-11 鸿富锦精密工业(深圳)有限公司 Communication monitoring system and method of the network data
US7926102B2 (en) * 2006-01-20 2011-04-12 International Business Machines Corporation Confidential content search engine method
US20070192858A1 (en) * 2006-02-16 2007-08-16 Infoexpress, Inc. Peer based network access control
US20070192500A1 (en) * 2006-02-16 2007-08-16 Infoexpress, Inc. Network access control including dynamic policy enforcement point
FR2897736B1 (en) * 2006-02-22 2008-04-11 Viaccess Sa METHOD FOR ESTABLISHING A CRYPTOGRAPHIC KEY, NET HEAD AND RECEIVER FOR THIS METHOD, AND METHOD FOR TRANSMITTING SIGNALS
US20070204323A1 (en) * 2006-02-24 2007-08-30 Rockwell Automation Technologies, Inc. Auto-detection capabilities for out of the box experience
US8504537B2 (en) 2006-03-24 2013-08-06 Mcafee, Inc. Signature distribution in a document registration system
US7966659B1 (en) 2006-04-18 2011-06-21 Rockwell Automation Technologies, Inc. Distributed learn mode for configuring a firewall, security authority, intrusion detection/prevention devices, and the like
US20070261099A1 (en) * 2006-05-02 2007-11-08 Broussard Scott J Confidential content reporting system and method with electronic mail verification functionality
US7958227B2 (en) 2006-05-22 2011-06-07 Mcafee, Inc. Attributes of captured objects in a capture system
US8010689B2 (en) 2006-05-22 2011-08-30 Mcafee, Inc. Locational tagging in a capture system
US7689614B2 (en) 2006-05-22 2010-03-30 Mcafee, Inc. Query generation for a capture system
US7592906B1 (en) * 2006-06-05 2009-09-22 Juniper Networks, Inc. Network policy evaluation
JP4916227B2 (en) * 2006-06-14 2012-04-11 キヤノン株式会社 Device management apparatus and control method of the management apparatus
US8522304B2 (en) * 2006-09-08 2013-08-27 Ibahn General Holdings Corporation Monitoring and reporting policy compliance of home networks
US7752255B2 (en) * 2006-09-19 2010-07-06 The Invention Science Fund I, Inc Configuring software agent security remotely
US8627402B2 (en) 2006-09-19 2014-01-07 The Invention Science Fund I, Llc Evaluation systems and methods for coordinating software agents
US20080072032A1 (en) * 2006-09-19 2008-03-20 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Configuring software agent security remotely
US9178909B2 (en) * 2006-10-13 2015-11-03 Hewlett-Packard Development Company, L.P. Graphical representation of a port security state
JP5072314B2 (en) * 2006-10-20 2012-11-14 キヤノン株式会社 Document management system, document management method, document management program, storage medium
US8259568B2 (en) 2006-10-23 2012-09-04 Mcafee, Inc. System and method for controlling mobile device access to a network
US20080103529A1 (en) * 2006-10-26 2008-05-01 Old Dominion University Apparatus and methods for performing cellular electro-manipulations
US8302179B2 (en) * 2006-12-13 2012-10-30 Avaya Inc. Embedded firewall at a telecommunications endpoint
US8218570B2 (en) * 2006-12-22 2012-07-10 Verizon Patent And Licensing Inc. Network element abstraction within a network management system
CA2714549A1 (en) * 2007-02-09 2008-08-14 Smobile Systems, Inc. Off-line mms malware scanning system and method
US7711000B2 (en) * 2007-08-06 2010-05-04 At&T Intellectual Property I, L.P. System for configuring network elements
US7840708B2 (en) * 2007-08-13 2010-11-23 Cisco Technology, Inc. Method and system for the assignment of security group information using a proxy
US7913529B2 (en) 2007-08-28 2011-03-29 Cisco Technology, Inc. Centralized TCP termination with multi-service chaining
US20090063650A1 (en) * 2007-09-05 2009-03-05 International Business Machines Corporation Managing Collections of Appliances
US8260985B2 (en) * 2007-10-05 2012-09-04 Pano Logic, Inc. Universal serial bus assistance engine
DE202007019129U1 (en) 2007-10-31 2010-09-30 Concept04 Gmbh Mobile radio terminal with filter device and network element for configuring the filter device
US8036106B1 (en) 2007-10-31 2011-10-11 World Wide Packets, Inc. Distributed control packet transmission
US8144574B1 (en) * 2007-10-31 2012-03-27 World Wide Packets, Inc. Distributed control packet processing
US20090150513A1 (en) * 2007-12-10 2009-06-11 At&T Knowledge Ventures, Lp Method and System for Gathering Network Data
US8346953B1 (en) 2007-12-18 2013-01-01 AOL, Inc. Methods and systems for restricting electronic content access based on guardian control decisions
US8446494B2 (en) * 2008-02-01 2013-05-21 Hewlett-Packard Development Company, L.P. Automatic redeye detection based on redeye and facial metric values
US8667556B2 (en) * 2008-05-19 2014-03-04 Cisco Technology, Inc. Method and apparatus for building and managing policies
EP2294757A1 (en) * 2008-06-25 2011-03-16 Thomson Licensing Targeted user notification of messages in a monitoring system
US8856926B2 (en) * 2008-06-27 2014-10-07 Juniper Networks, Inc. Dynamic policy provisioning within network security devices
US20100017843A1 (en) * 2008-06-27 2010-01-21 Microsoft Corporation Scenario Based Security
US8205242B2 (en) 2008-07-10 2012-06-19 Mcafee, Inc. System and method for data mining and security policy management
US8819201B2 (en) * 2008-08-07 2014-08-26 At&T Intellectual Property I, L.P. Method and apparatus for providing routing and access control filters
US9253154B2 (en) * 2008-08-12 2016-02-02 Mcafee, Inc. Configuration management for a capture/registration system
US8316113B2 (en) * 2008-12-19 2012-11-20 Watchguard Technologies, Inc. Cluster architecture and configuration for network security devices
US8850591B2 (en) 2009-01-13 2014-09-30 Mcafee, Inc. System and method for concept building
US8682985B2 (en) * 2009-01-15 2014-03-25 Microsoft Corporation Message tracking between organizations
US8706709B2 (en) 2009-01-15 2014-04-22 Mcafee, Inc. System and method for intelligent term grouping
US8473442B1 (en) 2009-02-25 2013-06-25 Mcafee, Inc. System and method for intelligent state management
US8558888B2 (en) * 2009-02-27 2013-10-15 Third Iris Corp. Bandwidth shaping client to capture, transform, cache, and upload images from a remote point of recordation to a network service
US8667121B2 (en) 2009-03-25 2014-03-04 Mcafee, Inc. System and method for managing data and policies
US8447722B1 (en) 2009-03-25 2013-05-21 Mcafee, Inc. System and method for data mining and security policy management
KR20100107801A (en) * 2009-03-26 2010-10-06 삼성전자주식회사 Apparatus and method for antenna selection in wireless communication system
CN101854340B (en) 2009-04-03 2015-04-01 瞻博网络公司 Behavior based communication analysis carried out based on access control information
US8284699B1 (en) 2009-04-30 2012-10-09 Palo Alto Networks, Inc. Managing network devices
US8108495B1 (en) 2009-04-30 2012-01-31 Palo Alto Networks, Inc. Managing network devices
US20110153788A1 (en) * 2009-12-23 2011-06-23 Jacobus Van Der Merwe Method and System for Automated Network Operations
KR20110089650A (en) * 2010-02-01 2011-08-09 삼성전자주식회사 Host device, image forming apparatus and method for managing of secure setting
US8935384B2 (en) 2010-05-06 2015-01-13 Mcafee Inc. Distributed data revocation using data commands
US9183560B2 (en) 2010-05-28 2015-11-10 Daniel H. Abelow Reality alternate
US8806615B2 (en) 2010-11-04 2014-08-12 Mcafee, Inc. System and method for protecting specified data combinations
US9071611B2 (en) * 2011-02-23 2015-06-30 Cisco Technology, Inc. Integration of network admission control functions in network access devices
JP2012215994A (en) * 2011-03-31 2012-11-08 Hitachi Ltd Security-level visualization device
US9298574B2 (en) * 2011-04-14 2016-03-29 Ricoh Company, Ltd. Device management system including reporter server
US20120265865A1 (en) * 2011-04-14 2012-10-18 Ricoh Company, Ltd. Device management system
US9294544B1 (en) 2011-08-04 2016-03-22 Wyse Technology L.L.C. System and method for facilitating client-server communication
US20130160129A1 (en) * 2011-12-19 2013-06-20 Verizon Patent And Licensing Inc. System security evaluation
US20130246431A1 (en) 2011-12-27 2013-09-19 Mcafee, Inc. System and method for providing data protection workflows in a network environment
US9027077B1 (en) * 2012-04-30 2015-05-05 Palo Alto Networks, Inc. Deploying policy configuration across multiple security devices through hierarchical configuration templates
US9317696B2 (en) * 2012-07-10 2016-04-19 Microsoft Technology Licensing, Llc Data detection and protection policies for e-mail
US9189636B2 (en) * 2012-07-30 2015-11-17 Hewlett-Packard Development Company, L.P. Office machine security policy
US9565213B2 (en) 2012-10-22 2017-02-07 Centripetal Networks, Inc. Methods and systems for protecting a secured network
US9137205B2 (en) 2012-10-22 2015-09-15 Centripetal Networks, Inc. Methods and systems for protecting a secured network
US9203806B2 (en) 2013-01-11 2015-12-01 Centripetal Networks, Inc. Rule swapping in a packet network
US9124552B2 (en) 2013-03-12 2015-09-01 Centripetal Networks, Inc. Filtering network data transfers
US9094445B2 (en) 2013-03-15 2015-07-28 Centripetal Networks, Inc. Protecting networks from cyber attacks and overloading
US8977746B2 (en) * 2013-03-20 2015-03-10 Watchguard Technologies, Inc. Systems and methods for scalable network monitoring
US9088543B2 (en) 2013-06-03 2015-07-21 International Business Machines Corporation Coordinated network security management
WO2015006978A1 (en) 2013-07-19 2015-01-22 Intel Corporation Area-based location privacy management
US9361432B2 (en) 2014-01-15 2016-06-07 Hewlett-Packard Development Company, L.P. Configuring a security setting for a set of devices using a security policy
US9832219B2 (en) * 2014-09-05 2017-11-28 International Business Machines Corporation System for tracking data security threats and method for same
US10367828B2 (en) 2014-10-30 2019-07-30 International Business Machines Corporation Action response framework for data security incidents
US9531757B2 (en) 2015-01-20 2016-12-27 Cisco Technology, Inc. Management of security policies across multiple security products
US9571524B2 (en) * 2015-01-20 2017-02-14 Cisco Technology, Inc. Creation of security policy templates and security policies based on the templates
US9680875B2 (en) 2015-01-20 2017-06-13 Cisco Technology, Inc. Security policy unification across different security products
US9401933B1 (en) 2015-01-20 2016-07-26 Cisco Technology, Inc. Classification of security policies across multiple security products
US9264370B1 (en) 2015-02-10 2016-02-16 Centripetal Networks, Inc. Correlating packets in communications networks
US9866576B2 (en) 2015-04-17 2018-01-09 Centripetal Networks, Inc. Rule-based network-threat detection
US9641540B2 (en) 2015-05-19 2017-05-02 Cisco Technology, Inc. User interface driven translation, comparison, unification, and deployment of device neutral network security policies
US10425447B2 (en) 2015-08-28 2019-09-24 International Business Machines Corporation Incident response bus for data security incidents
US9917856B2 (en) 2015-12-23 2018-03-13 Centripetal Networks, Inc. Rule-based network-threat detection for encrypted communications
US10348754B2 (en) 2015-12-28 2019-07-09 International Business Machines Corporation Data security incident correlation and dissemination system and method
US9516473B1 (en) * 2016-04-04 2016-12-06 Ricoh Company, Ltd. Device management based on tracking path taken by user
US10700894B2 (en) 2016-06-01 2020-06-30 At&T Intellectual Property I, L.P. Network caching of outbound content from endpoint device to prevent unauthorized extraction
US11785052B2 (en) 2016-06-21 2023-10-10 International Business Machines Corporation Incident response plan based on indicators of compromise
US10503899B2 (en) 2017-07-10 2019-12-10 Centripetal Networks, Inc. Cyberanalysis workflow acceleration
US11233777B2 (en) 2017-07-24 2022-01-25 Centripetal Networks, Inc. Efficient SSL/TLS proxy
US10594725B2 (en) * 2017-07-27 2020-03-17 Cypress Semiconductor Corporation Generating and analyzing network profile data
US11244058B2 (en) 2019-09-18 2022-02-08 Bank Of America Corporation Security tool
US11245703B2 (en) 2019-09-27 2022-02-08 Bank Of America Corporation Security tool for considering multiple security contexts

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5577209A (en) * 1991-07-11 1996-11-19 Itt Corporation Apparatus and method for providing multi-level security for communication among computers and terminals on a network
JP3497338B2 (en) 1997-01-08 2004-02-16 株式会社日立製作所 Network system with distributed log batch management function
US5991877A (en) * 1997-04-03 1999-11-23 Lockheed Martin Corporation Object-oriented trusted application framework
US6243815B1 (en) * 1997-04-25 2001-06-05 Anand K. Antur Method and apparatus for reconfiguring and managing firewalls and security devices
US5968176A (en) 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
CA2228687A1 (en) * 1998-02-04 1999-08-04 Brett Howard Secured virtual private networks
US6502140B1 (en) * 1999-01-29 2002-12-31 International Business Machines Corporation Multicast support for small groups

Also Published As

Publication number Publication date
AU4346600A (en) 2000-11-21
JP2002544607A (en) 2002-12-24
WO2000069120A9 (en) 2002-04-04
WO2000069120A1 (en) 2000-11-16
EP1175752A1 (en) 2002-01-30
US20040181690A1 (en) 2004-09-16
US6678827B1 (en) 2004-01-13

Similar Documents

Publication Publication Date Title
WO2000069120B1 (en) Managing multiple network security devices from a manager device
CN104616402B (en) Mobile client is rented and controls the system of locker
CN104717094B (en) The control method of management server and management server
US7849408B1 (en) Network traffic visualization
US20030220899A1 (en) Storage device management method, system and program
EP0811944A2 (en) Groupware system having agent function
US20130254406A1 (en) Use tag clouds to visualize components related to an event
US7739614B1 (en) System and method for consolidated reporting of characteristics for a group of directories
JP2002157357A5 (en)
CN107704904B (en) Gas equipment management system and method and mobile terminal
CN102859495B (en) The management method of management system and computer system
CN111190794A (en) Operation and maintenance monitoring and management system
CN110868322B (en) Network management method, system, device and storage medium for distributed message service
CN109558301A (en) A kind of distributed system data monitoring method, device and relevant device
CN113010374B (en) Quantum device monitoring method and system based on monitoring platform
CN106357442A (en) Server cluster monitoring method and system
CN112150122A (en) Agile network resource positioning and decision-making system
JP4555479B2 (en) Virtual lockout / tagout panel display method
US8850321B2 (en) Cross-domain business service management
US20070156880A1 (en) System and method to manage set history for simple network management protocol
CN112306407A (en) Monitoring data storage method
JP2006018529A (en) Workflow system, method for controlling it, program, and recording medium
CN110210191A (en) A kind of data processing method and relevant apparatus
US9542250B2 (en) Distributed maintenance mode control
CN109284836A (en) Shared vehicle maintenance management method and device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: B1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: B1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

B Later publication of amended claims
ENP Entry into the national phase

Ref country code: JP

Ref document number: 2000 617601

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 2000923320

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000923320

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

AK Designated states

Kind code of ref document: C2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: C2

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

COP Corrected version of pamphlet

Free format text: PAGES 1/28-28/28, DRAWINGS, REPLACED BY NEW PAGES 1/29-29/29; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

WWW Wipo information: withdrawn in national office

Ref document number: 2000923320

Country of ref document: EP