DE69941081D1 - Anpassbare Wiederordnung von Datenpaketenfilterregeln - Google Patents

Anpassbare Wiederordnung von Datenpaketenfilterregeln

Info

Publication number
DE69941081D1
DE69941081D1 DE69941081T DE69941081T DE69941081D1 DE 69941081 D1 DE69941081 D1 DE 69941081D1 DE 69941081 T DE69941081 T DE 69941081T DE 69941081 T DE69941081 T DE 69941081T DE 69941081 D1 DE69941081 D1 DE 69941081D1
Authority
DE
Germany
Prior art keywords
reordering
customizable
data packet
packet filter
filter rules
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE69941081T
Other languages
English (en)
Inventor
P Krishnan
Danny Raz
Binay Sugla
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia of America Corp
Original Assignee
Lucent Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lucent Technologies Inc filed Critical Lucent Technologies Inc
Application granted granted Critical
Publication of DE69941081D1 publication Critical patent/DE69941081D1/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
DE69941081T 1998-12-03 1999-11-30 Anpassbare Wiederordnung von Datenpaketenfilterregeln Expired - Lifetime DE69941081D1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US20446498A 1998-12-03 1998-12-03

Publications (1)

Publication Number Publication Date
DE69941081D1 true DE69941081D1 (de) 2009-08-20

Family

ID=22757997

Family Applications (1)

Application Number Title Priority Date Filing Date
DE69941081T Expired - Lifetime DE69941081D1 (de) 1998-12-03 1999-11-30 Anpassbare Wiederordnung von Datenpaketenfilterregeln

Country Status (5)

Country Link
US (1) US6606710B2 (de)
EP (1) EP1006701B1 (de)
JP (1) JP3568850B2 (de)
CA (1) CA2287689C (de)
DE (1) DE69941081D1 (de)

Families Citing this family (109)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6466976B1 (en) * 1998-12-03 2002-10-15 Nortel Networks Limited System and method for providing desired service policies to subscribers accessing the internet
US7107612B1 (en) 1999-04-01 2006-09-12 Juniper Networks, Inc. Method, apparatus and computer program product for a network firewall
US6701432B1 (en) * 1999-04-01 2004-03-02 Netscreen Technologies, Inc. Firewall including local bus
US6871284B2 (en) 2000-01-07 2005-03-22 Securify, Inc. Credential/condition assertion verification optimization
US7143439B2 (en) 2000-01-07 2006-11-28 Security, Inc. Efficient evaluation of rules
US8074256B2 (en) 2000-01-07 2011-12-06 Mcafee, Inc. Pdstudio design system and method
US6779120B1 (en) * 2000-01-07 2004-08-17 Securify, Inc. Declarative language for specifying a security policy
US6789127B1 (en) * 2000-02-15 2004-09-07 Lucent Technologies Inc. Preparation for network interface recognition of network packet portion with declarative notation for field thereof and constraint therefor
US20020010800A1 (en) * 2000-05-18 2002-01-24 Riley Richard T. Network access control system and method
AU2001268492A1 (en) * 2000-06-16 2002-01-02 Securify, Inc. Efficient evaluation of rules
WO2001099371A2 (en) * 2000-06-16 2001-12-27 Securify, Inc. Credential/condition assertion verification optimization
US7917647B2 (en) 2000-06-16 2011-03-29 Mcafee, Inc. Method and apparatus for rate limiting
US7032031B2 (en) * 2000-06-23 2006-04-18 Cloudshield Technologies, Inc. Edge adapter apparatus and method
US8204082B2 (en) 2000-06-23 2012-06-19 Cloudshield Technologies, Inc. Transparent provisioning of services over a network
US9444785B2 (en) 2000-06-23 2016-09-13 Cloudshield Technologies, Inc. Transparent provisioning of network access to an application
US7003555B1 (en) * 2000-06-23 2006-02-21 Cloudshield Technologies, Inc. Apparatus and method for domain name resolution
US7346702B2 (en) * 2000-08-24 2008-03-18 Voltaire Ltd. System and method for highly scalable high-speed content-based filtering and load balancing in interconnected fabrics
JP4080169B2 (ja) * 2000-09-29 2008-04-23 株式会社リコー セッション確立方法
US7970886B1 (en) * 2000-11-02 2011-06-28 Arbor Networks, Inc. Detecting and preventing undesirable network traffic from being sourced out of a network domain
US7437654B2 (en) * 2000-11-29 2008-10-14 Lucent Technologies Inc. Sub-packet adaptation in a wireless communication system
FI20010110A0 (fi) 2001-01-18 2001-01-18 Stonesoft Oy Pakettien lajittelu gateway-verkkoelementissä
FI20010256A0 (fi) * 2001-02-12 2001-02-12 Stonesoft Oy Pakettidatayhteystietojen käsittely tietoturvagatewayelementissä
US6947983B2 (en) * 2001-06-22 2005-09-20 International Business Machines Corporation Method and system for exploiting likelihood in filter rule enforcement
US7386525B2 (en) 2001-09-21 2008-06-10 Stonesoft Corporation Data packet filtering
US7284269B2 (en) * 2002-05-29 2007-10-16 Alcatel Canada Inc. High-speed adaptive structure of elementary firewall modules
US7337230B2 (en) * 2002-08-06 2008-02-26 International Business Machines Corporation Method and system for eliminating redundant rules from a rule set
US20040059943A1 (en) * 2002-09-23 2004-03-25 Bertrand Marquet Embedded filtering policy manager using system-on-chip
US8141159B2 (en) 2002-12-31 2012-03-20 Portauthority Technologies Inc. Method and system for protecting confidential information
US7409707B2 (en) * 2003-06-06 2008-08-05 Microsoft Corporation Method for managing network filter based policies
KR100548154B1 (ko) * 2003-06-11 2006-01-31 (주)엔텔스 유무선 통신망에서의 패킷 전송 제어 및 패킷 과금 데이터생성을 위한 방법 및 장치
US20050033731A1 (en) * 2003-08-05 2005-02-10 Lesh Neal B. Priority-based search for combinatorial optimization problems
US7451483B2 (en) * 2003-10-09 2008-11-11 International Business Machines Corporation VLAN router with firewall supporting multiple security layers
US7408932B2 (en) 2003-10-20 2008-08-05 Intel Corporation Method and apparatus for two-stage packet classification using most specific filter matching and transport level sharing
JP4464655B2 (ja) * 2003-11-06 2010-05-19 株式会社野村総合研究所 コンピュータの監視装置および監視対象のコンピュータに関するメッセージの処理方法
US7661123B2 (en) * 2003-12-05 2010-02-09 Microsoft Corporation Security policy update supporting at least one security service provider
US7533413B2 (en) * 2003-12-05 2009-05-12 Microsoft Corporation Method and system for processing events
US7430760B2 (en) * 2003-12-05 2008-09-30 Microsoft Corporation Security-related programming interface
US7525958B2 (en) * 2004-04-08 2009-04-28 Intel Corporation Apparatus and method for two-stage packet classification using most specific filter matching and transport level sharing
JP4418302B2 (ja) * 2004-05-31 2010-02-17 独立行政法人科学技術振興機構 中継装置、パケットフィルタリング方法及びパケットフィルタリングプログラム
US7475424B2 (en) * 2004-09-02 2009-01-06 International Business Machines Corporation System and method for on-demand dynamic control of security policies/rules by a client computing device
JP2006211533A (ja) * 2005-01-31 2006-08-10 Ricoh Co Ltd ネットワークファクシミリ装置
US10015140B2 (en) * 2005-02-03 2018-07-03 International Business Machines Corporation Identifying additional firewall rules that may be needed
US7792775B2 (en) 2005-02-24 2010-09-07 Nec Corporation Filtering rule analysis method and system
EP1864226B1 (de) * 2005-03-28 2013-05-15 Wake Forest University Verfahren, systeme und computerprogramm zur optimierung der firewall-regelung eines netzwerkes
US7644055B2 (en) * 2005-05-02 2010-01-05 Sap, Ag Rule-based database object matching with comparison certainty
JP4747724B2 (ja) * 2005-08-05 2011-08-17 日本電気株式会社 多次元ルール可視化システム、方法、プログラム、可視化データ生成システム、方法およびプログラム
US8407778B2 (en) 2005-08-11 2013-03-26 International Business Machines Corporation Apparatus and methods for processing filter rules
KR101005002B1 (ko) * 2005-11-01 2010-12-30 샌디스크 아이엘 엘티디 플래시 메모리에서의 테스트를 위한 방법, 시스템 및컴퓨터 판독가능한 코드를 저장한 저장 매체
JP4545085B2 (ja) * 2005-12-08 2010-09-15 富士通株式会社 ファイアウォール装置
GB2433396B (en) * 2005-12-15 2010-06-23 Bridgeworks Ltd A bridge
US7966655B2 (en) * 2006-06-30 2011-06-21 At&T Intellectual Property Ii, L.P. Method and apparatus for optimizing a firewall
US20080148382A1 (en) * 2006-12-15 2008-06-19 International Business Machines Corporation System, method and program for managing firewalls
CA2641829A1 (en) * 2007-10-26 2009-04-26 University Of Ottawa Control access rule conflict detection
US8046492B1 (en) * 2007-11-06 2011-10-25 Juniper Networks, Inc. Offset independent filtering
US8418240B2 (en) * 2007-12-26 2013-04-09 Algorithmic Security (Israel) Ltd. Reordering a firewall rule base according to usage statistics
US8448220B2 (en) * 2008-04-29 2013-05-21 Mcafee, Inc. Merge rule wizard
EP2294766A1 (de) * 2008-05-22 2011-03-16 Nokia Siemens Networks Oy Adaptiver scheduler für eine kommunikationssystemvorrichtung, system und verfahren
US20090300748A1 (en) * 2008-06-02 2009-12-03 Secure Computing Corporation Rule combination in a firewall
JP5309924B2 (ja) * 2008-11-27 2013-10-09 富士通株式会社 パケット処理装置、ネットワーク機器、及びパケット処理方法
US20100138893A1 (en) * 2008-12-02 2010-06-03 Inventec Corporation Processing method for accelerating packet filtering
ATE536696T1 (de) * 2009-04-01 2011-12-15 Nokia Siemens Networks Oy Verfahren und vorrichtung zur umorganisation von filtern
EP2256660B1 (de) * 2009-05-28 2015-08-12 Sap Se Von einem Computer durchgeführtes Verfahren, Computersystem und Computerprogrammprodukt zur Optimierung der Beurteilung einer Richtlinienspezifikation
JP5258676B2 (ja) * 2009-06-12 2013-08-07 Kddi株式会社 ファイアウォールにおけるルール情報変更方法、管理装置及びプログラム
US8495725B2 (en) 2009-08-28 2013-07-23 Great Wall Systems Methods, systems, and computer readable media for adaptive packet filtering
JP5441250B2 (ja) * 2009-09-15 2014-03-12 Kddi株式会社 ファイアウォールに対するポリシ情報表示方法、管理装置及びプログラム
US8407789B1 (en) * 2009-11-16 2013-03-26 Symantec Corporation Method and system for dynamically optimizing multiple filter/stage security systems
US8489534B2 (en) 2009-12-15 2013-07-16 Paul D. Dlugosch Adaptive content inspection
US8489581B2 (en) * 2010-07-28 2013-07-16 International Business Machines Corporation Method and apparatus for self optimizing data selection
US8432914B2 (en) * 2010-11-22 2013-04-30 Force 10 Networks, Inc. Method for optimizing a network prefix-list search
US10430775B1 (en) * 2011-11-11 2019-10-01 Amazon Technologies, Inc. Validation and lookup techniques for rule-based data categorization
US8880760B2 (en) * 2012-04-27 2014-11-04 Hewlett-Packard Development Company, L.P. Self organizing heap method includes a packet reordering method based on packet passing rules only reordering packets from a load/unload input signal is asserted
US9137205B2 (en) 2012-10-22 2015-09-15 Centripetal Networks, Inc. Methods and systems for protecting a secured network
US9565213B2 (en) 2012-10-22 2017-02-07 Centripetal Networks, Inc. Methods and systems for protecting a secured network
US8949418B2 (en) 2012-12-11 2015-02-03 International Business Machines Corporation Firewall event reduction for rule use counting
US9203806B2 (en) 2013-01-11 2015-12-01 Centripetal Networks, Inc. Rule swapping in a packet network
US20140250138A1 (en) * 2013-03-04 2014-09-04 Vonage Network Llc Method and apparatus for optimizing log file filtering
US9124552B2 (en) 2013-03-12 2015-09-01 Centripetal Networks, Inc. Filtering network data transfers
US9094445B2 (en) 2013-03-15 2015-07-28 Centripetal Networks, Inc. Protecting networks from cyber attacks and overloading
WO2014151789A1 (en) * 2013-03-15 2014-09-25 Trans Union Llc System and method for developing business rules for decision engines
EP2899920B1 (de) 2014-01-24 2017-09-06 Deutsche Telekom AG System und Verfahren zur Filterung und Speicherung von Daten
JP6193147B2 (ja) * 2014-02-17 2017-09-06 Kddi株式会社 ファイアウォール装置の制御装置及びプログラム
US10528224B2 (en) * 2014-12-10 2020-01-07 Rakuten, Inc. Server, display control method, and display control program
US9264370B1 (en) 2015-02-10 2016-02-16 Centripetal Networks, Inc. Correlating packets in communications networks
US9866576B2 (en) 2015-04-17 2018-01-09 Centripetal Networks, Inc. Rule-based network-threat detection
WO2016185513A1 (ja) 2015-05-15 2016-11-24 三菱電機株式会社 パケットフィルタ装置、及びパケットフィルタ方法
US9838354B1 (en) * 2015-06-26 2017-12-05 Juniper Networks, Inc. Predicting firewall rule ranking value
EP3144842A1 (de) * 2015-09-15 2017-03-22 Siemens Aktiengesellschaft System und verfahren zur analytik eines objektes
US9917856B2 (en) 2015-12-23 2018-03-13 Centripetal Networks, Inc. Rule-based network-threat detection for encrypted communications
US11729144B2 (en) 2016-01-04 2023-08-15 Centripetal Networks, Llc Efficient packet capture for cyber threat analysis
JP6760110B2 (ja) 2017-01-30 2020-09-23 富士通株式会社 制御装置、転送装置、および、制御方法
US10503899B2 (en) 2017-07-10 2019-12-10 Centripetal Networks, Inc. Cyberanalysis workflow acceleration
US11233777B2 (en) 2017-07-24 2022-01-25 Centripetal Networks, Inc. Efficient SSL/TLS proxy
US10284526B2 (en) 2017-07-24 2019-05-07 Centripetal Networks, Inc. Efficient SSL/TLS proxy
JP6962239B2 (ja) * 2018-03-01 2021-11-05 富士通株式会社 ネットワーク管理装置、ネットワーク管理方法、ネットワーク管理プログラム、及びネットワークシステム
US10333898B1 (en) 2018-07-09 2019-06-25 Centripetal Networks, Inc. Methods and systems for efficient network protection
US10965647B2 (en) 2018-11-07 2021-03-30 Forcepoint Llc Efficient matching of feature-rich security policy with dynamic content
US11128602B2 (en) 2018-11-07 2021-09-21 Forcepoint Llc Efficient matching of feature-rich security policy with dynamic content using user group matching
US11516228B2 (en) * 2019-05-29 2022-11-29 Kyndryl, Inc. System and method for SIEM rule sorting and conditional execution
WO2021010515A1 (ko) * 2019-07-16 2021-01-21 엘지전자 주식회사 차량용 방화벽 제공 장치
EP3779807A1 (de) * 2019-08-13 2021-02-17 Rohde & Schwarz GmbH & Co. KG Adaptives regelbewertungssystem sowie verfahren zur automatischen anpassung einer regelbewertung
US11711344B2 (en) * 2020-04-30 2023-07-25 Forcepoint Llc System and method for creating buffered firewall logs for reporting
US11539622B2 (en) * 2020-05-04 2022-12-27 Mellanox Technologies, Ltd. Dynamically-optimized hash-based packet classifier
US11782895B2 (en) 2020-09-07 2023-10-10 Mellanox Technologies, Ltd. Cuckoo hashing including accessing hash tables using affinity table
US11362996B2 (en) 2020-10-27 2022-06-14 Centripetal Networks, Inc. Methods and systems for efficient adaptive logging of cyber threat incidents
US11159546B1 (en) 2021-04-20 2021-10-26 Centripetal Networks, Inc. Methods and systems for efficient threat context-aware packet filtering for network protection
US11917042B2 (en) 2021-08-15 2024-02-27 Mellanox Technologies, Ltd. Optimizing header-based action selection
CN114301620A (zh) * 2021-11-17 2022-04-08 北京威努特技术有限公司 一种基于acl时间域的快速匹配方法
DE102023104049A1 (de) * 2022-02-18 2023-08-24 Hirschmann Automation And Control Gmbh Bedingte Filterung für zeitdeterministische Firewalls
US11929837B2 (en) 2022-02-23 2024-03-12 Mellanox Technologies, Ltd. Rule compilation schemes for fast packet classification

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2753254B2 (ja) 1988-04-06 1998-05-18 株式会社日立製作所 パケツト交換システム
US5493689A (en) 1993-03-01 1996-02-20 International Business Machines Corporation System for configuring an event driven interface including control blocks defining good loop locations in a memory which represent detection of a characteristic pattern
CA2124479A1 (en) 1993-06-30 1994-12-31 Thaddeus Julius Kowalski Methods and apparatus for optimizing decision making
US5446874A (en) * 1993-12-23 1995-08-29 International Business Machines Corp. Automated benchmarking with self customization
US5848393A (en) 1995-12-15 1998-12-08 Ncr Corporation "What if . . . " function for simulating operations within a task workflow management system
US6009475A (en) 1996-12-23 1999-12-28 International Business Machines Corporation Filter rule validation and administration for firewalls
US6173364B1 (en) * 1997-01-15 2001-01-09 At&T Corp. Session cache and rule caching method for a dynamic filter
US6233686B1 (en) * 1997-01-17 2001-05-15 At & T Corp. System and method for providing peer level access control on a network
US5832482A (en) 1997-02-20 1998-11-03 International Business Machines Corporation Method for mining causality rules with applications to electronic commerce
US6038596A (en) 1997-05-23 2000-03-14 International Business Machines Corporation Method and system in a network for decreasing performance degradation triggered by multiple user redundant input events
US6041347A (en) 1997-10-24 2000-03-21 Unified Access Communications Computer system and computer-implemented process for simultaneous configuration and monitoring of a computer network
US6219786B1 (en) 1998-09-09 2001-04-17 Surfcontrol, Inc. Method and system for monitoring and controlling network access

Also Published As

Publication number Publication date
EP1006701A3 (de) 2000-12-20
US6606710B2 (en) 2003-08-12
JP3568850B2 (ja) 2004-09-22
CA2287689A1 (en) 2000-06-03
EP1006701B1 (de) 2009-07-08
EP1006701A2 (de) 2000-06-07
US20030051165A1 (en) 2003-03-13
JP2000174808A (ja) 2000-06-23
CA2287689C (en) 2003-09-30

Similar Documents

Publication Publication Date Title
DE69941081D1 (de) Anpassbare Wiederordnung von Datenpaketenfilterregeln
DE60026037D1 (de) Dielektrischer resonator und dielektrisches filter
DE69816681D1 (de) Dielektrisches Filter und dielektrischer Duplexer
DE69809811T2 (de) Dielektrisches Filter und dielektrischer Duplexer
DE69820502D1 (de) Dielektrisches Filter und dielektrischer Duplexer
DE60231076D1 (de) Datenpaketfilterung
DE60011482D1 (de) Dielektrisches Filter
DE60037085D1 (de) Gleichtaktfilter
DE69823898D1 (de) Hochfrequenzfilter
DE60102099D1 (de) Dielektrisches Resonatorfilter
DE69811748D1 (de) Dielektrisches Filter
DE69826902D1 (de) Dielektrisches Filter,dielektrischer Duplexer und Kommunikationsgerät
DE29712020U1 (de) Dielektrischer Keramikfilter
DE69904520D1 (de) Symmetrisches dielektrisches Filter
DE59812879D1 (de) Integrator-Filterschaltung
DE50001449D1 (de) Dielektrisches mikrowellenfilter
FI991476A (fi) Alipäästösuodatin
DE69937818D1 (de) Dielektrisches Filter, Duplexer und Kommunikationsgerät
DE69932653D1 (de) Dielektrisches Filter und dielektrischer Duplexer
DE69822081D1 (de) Dielektrisches Filter, dielektrischer Duplexer und Kommunikationsvorrichtung
DE69928586D1 (de) Filter
DE60007360T2 (de) Amorphe modifikation von torasemid
ATA206398A (de) Dielektrisches filter und duplex-filter
DE69906090D1 (de) Filteranordnungen
ID23470A (id) Filter

Legal Events

Date Code Title Description
8364 No opposition during term of opposition