1. Field of the Invention
The present invention is related to computer network security, and more particularly to a system and method for representing and implementing a security policy.
2. Background Information
Recent developments in technology have made access easier to publicly available computer networks, such as the Internet. Organizations are increasingly turning to external networks such as the Internet to foster communication between employees, suppliers and clients. With this increased access comes an increased vulnerability to malicious activities on the part of both people inside and outside the organization. Firewalls have become an essential tool in controlling the flow of data between internal networks and these external networks.
A firewall is a system which enforces a security policy on communication traffic entering and leaving an internal network. An overview of firewall technology is provided in xe2x80x9cFirewalls fend off invasions from the Netxe2x80x9d published February 1998 in IEEE Spectrum, the discussion of which is hereby incorporated by reference. Access Control Lists (ACLs) are a very important part of a firewall design. These lists are used to both restrict access to servers and to define the required filters for those services. Almost every connection to or through the firewall will use the ACL to determine whether the connection is allowed and what the conditions of the connections are.
Secure Computing Corporation currently manufactures two firewall products: Sidewinder(trademark) and BorderWare(trademark) Firewall Server(trademark) (BFS). Both Sidewinder and BorderWare have an ACL mechanism. On BFS, the ACL checks are performed in the kernel. The advantage of this is that each process can access the data even from its own chroot(2) area. Each process simply does a system call. There is no place in BFS"" ACL system calls to block and the code required in the proxies/servers is easy to implement and is unobtrusive. The ACLs themselves, however, are very difficult for the user to understand. The end result is a nice mechanism that is difficult to use.
On Sidewinder there is a process called ACLd which resolves the ACL checks. In order to make the ACLs work properly, ACLd is a non-blocking process. Proxies must open a connection to ACLd, make the request, and come back later to get the result. Thus, the ACL part of the proxy code itself is more complex and pervasive. Further, ACLd can be a bottleneck since that one process is serving many other processes. Sidewinder can, however, support a much more flexible and comprehensive ACL system than is found on BFS.
What is needed is an ACL mechanism which provides quick access to the ACL mechanism while at the same time maintaining the complex functionality of the Sidewinder system.
In addition, although ACLs are a convenient, centrally located, way of storing access control rules, they do tend to become complex as the number of networks and users increase. This increased complexity makes them cumbersome and unwieldy to apply, and difficult to manage. Rules get out of date, often leaving dangerous access rules in place for users who no longer are supposed to have access to the system (e.g., ex-employees).
What is needed is a method of presenting and managing access control rules which can easily respond to changes in the number of networks and users.
The present invention is a system and method of implementing a security policy, comprising the steps of providing a plurality of access policies, defining a process and connecting the access policies and the process to form a security policy.
According to another aspect of the present invention, an access control mechanism is described in a computer network having a plurality of separate networks. The access control mechanism includes a plurality of regions, including a first and a second region, one or more services bridging said first and second region, access control rules which define a security policy, wherein the access control rules limit data transfer by the one or more services bridging the first and second regions, wherein the access control rules are defined as a decision tree, wherein the decision tree includes a decision node and a first and a second branch and wherein the decision node includes a true and a false destination path, wherein the true destination path leads to the first branch and the false destination path leads to the second branch and access control logic, wherein the access control logic operates with the access control rules to enforce the security policy.
According to yet another aspect of the present invention, a system and method for limiting transfers between networks comprises the steps of defining a to-from set, wherein the to-from set lists a source network and a destination network, associating the to-from set with the first service, defining a path, wherein the path includes desired options for limiting transfer from the source network to the destination network via the first service, storing information regarding the to-from set, the first service and the path as an access control rule, receiving a request to set up said first service between the source network and the destination network, comparing the request to the access control rule to determine access and, if access is allowed, establishing the service between the source and destination networks.