In recent years, an intranet which can only be used within the confines of organization is widely used. In the intranet used by a large-scale organization with multiple bases, a filter device needs to be installed in a WAN (Wide Area Network) which connects the bases to each other, at a domain boundary for each department, or the like. More specifically, a filter device such as a firewall, a backbone router with a filtering function, an intelligent switch, or the like is installed to counter the threat of virus invasion, unauthorized access from outside, and the like. As a result, localization of the network damage is realized.
In the network such as the intranet or the like, by setting an appropriate filtering rule to each filter device, the security of the entire intranet is ensured. Here, when an intranet becomes large-scale, the number of filter devices used in the network increases and the type of the filter device also increases. Because the filtering rule needs to be individually set to each filter device, the filtering rule is dispersed and a problem with improper setting or the like occurs.
In patent literature 1, an example of a filtering rule setting support method is disclosed. In the filtering rule setting support method disclosed in patent literature 1, a central filtering rule management device collects the filtering rule set to the filter device that is a management target. After that, by detecting redundancy and inconsistency between the rules by using an access matrix model and generating the filtering rule which does not have redundancy and inconsistency, the central filtering rule management device prompts a network administrator to a proper change of the setting by a network administrator.
In non-patent literature 1, an example of the filtering rule setting support method is disclosed. In the filtering rule setting support method disclosed in non-patent literature 1, a central filtering rule management device collects the filtering rule set to the filter device that is the management target. After that, by simulating an information flow between a client and a server by using a directed graph model, the central filtering rule management device detects the presence of an information leaking path that breaches an information protection policy. By notifying the network administrator of a detected result, the central filtering rule management device prompts the network administrator to a change to more proper setting.