Search Images Maps Play YouTube News Gmail Drive More »
Advanced Patent Search | Web History | Sign in

Patents

A method of creating a structured access list template, which includes dividing an access list template into a plurality of sections, creating an inbound local rule group for the bubble, creating an outbound local rule group for the bubble, creating an inbound remote rule group for the bubble, and creating an outbound remote rule group for the bubble. A method of creating an access list for each of the plurality of bubble boundary devices, which includes creating an address table that includes a plurality of addresses corresponding to devices in a bubble partition, creating a protocol table that includes a list of network services and whether each of the network services are granted or denied access to the bubble partition, creating an access list template using the address table and the protocol table, generating an access list from the access list template, and providing the access list to one of the plurality of bubble boundary devices.

InventorsBrian Jemes, John Melvin Brawn, Leif Buch-Pedersen
Original AssigneeHewlett-Packard Development Company, L.P.
Primary Examiner: Kim Vu
Secondary Examiner: Ponnoreay Pich
Current U.S. Classification726/3; 709/220; 709/221; 709/222; 709/223; 709/224; 709/225

View patent at USPTO
Search USPTO Assignment Database

Citations

Cited PatentFiling dateIssue dateOriginal AssigneeTitle
US5692124Aug 30, 1996Nov 25, 1997ITT Industries, Inc.Support of limited write downs through trustworthy predictions in multilevel security of computer network communications
US6076168Oct 3, 1997Jun 13, 2000International Business Machines CorporationSimplified method of configuring internet protocol security tunnels
US6085084Sep 24, 1997Jul 4, 2000Automated creation of a list of disallowed network points for use in connection blocking
US6219786Sep 9, 1998Apr 17, 2001SurfControl, Inc.Method and system for monitoring and controlling network access
US6308205Oct 22, 1998Oct 23, 2001Canon Kabushiki KaishaBrowser-based network management allowing administrators to use web browser on user's workstation to view and update configuration of network devices
US6738908May 6, 1999May 18, 2004WatchGuard Technologies, Inc.Generalized network security policy templates for implementing similar network security policies across multiple networks

Referenced by

Citing PatentFiling dateIssue dateOriginal AssigneeTitle
US7832007Jan 10, 2006Nov 9, 2010International Business Machines CorporationMethod of managing and mitigating security risks through planning
US8099781Jul 23, 2009Jan 17, 2012International Business Machines CorporationMethod of managing and mitigating security risks through planning

Claims

1. In a network security system having a plurality of bubbles, where each bubble has a plurality of bubble partitions, a method of creating a structured access list template, the method comprising:

dividing a first access list template into a plurality of sections, where each section includes rules that implement a function;

assigning a first plurality of network devices to a first bubble;

assigning a second plurality of network devices to a second bubble;

creating an inbound local rule group for the first bubble;
creating an outbound local rule group for the first bubble;
creating an inbound remote rule group for the first bubble for use by the second bubble for allowing access from the first plurality of network devices of the first bubble;
creating an outbound remote rule group for the first bubble for use by the second bubble for allowing access to the plurality of network devices of the first bubble;
arranging the inbound local rule group and the outbound local rule group in one of the plurality of sections of the first access list template; and
arranging the inbound remote rule group and the outbound remote rule group in one of the plurality of sections of the first access list template.

2. A method as defined in claim 1, further comprising arranging the inbound remote rule group and the outbound remote rule group from another bubble access list template in the first access list template.

3. A method as defined in claim 1, further comprising dividing a second access list template into a plurality of sections, where each section includes rules that implement a function.

4. A method as defined in claim 3, further comprising arranging the inbound local rule group and the outbound local rule group in the second access list template.

5. A method as defined in claim 3, further comprising arranging the inbound remote rule group and the outbound remote rule group from another bubble access list template in the second access list template.

6. A method of creating a structured network for providing security comprising:

assigning a first plurality of network devices to a first bubble;

assigning a second plurality of network devices to a second bubble;

providing a first access list template having a plurality of sections, where each section includes rules that implement a function;

providing an inbound local rule group for the first bubble;
providing an outbound local rule group for the first bubble;
providing an inbound remote rule group for the first bubble for use by the second bubble for allowing access from the first plurality of network devices of the first bubble;
providing an outbound remote rule group for the first bubble for use by the second bubble for allowing access to the first plurality of network devices of the first bubble;
arranging the inbound local rule group and the outbound local rule group in one of the plurality of sections of the first access list template;
arranging the inbound remote rule group and the outbound remote rule group in one of the plurality of sections of the first access list template; and
utilizing the first access list template to ensure consistency in implementation of network security policies between the first bubble and the second bubble.

7. A method as defined in claim 6, further comprising arranging the inbound remote rule group and the outbound remote rule group from another bubble access list template in the first access list template.

8. A method as defined in claim 6, further comprising providing a second access list template having a plurality of sections, where each section includes rules that implement a function.

9. A method as defined in claim 8, further comprising arranging the inbound local rule group and the outbound local rule group in the second access list template.

10. A method as defined in claim 8, further comprising arranging the inbound remote rule group and the outbound remote rule group from another bubble access list template in the second access list template.

Drawings