The invention is a declarative language system and comprises a language as a tool for expressing network security policy in a formalized way. It allows the specification of security policy across a wide variety of networking layers and protocols. Using the language, a security administrator assigns a disposition to each and every network event that can occur in a data communications network. The event's disposition determines whether the event is allowed (i.e. conforms to the specified policy) or disallowed and what action, if any, should be taken by a system monitor in response to that event. Possible actions include, for example, logging the information into a database, notifying a human operator, and disrupting the offending network traffic.

 
Web www.patentalert.com

< Management apparatus and method for data collection including accumulating messages and determining message handlers for processing the accumulated messages

> Method and apparatus for providing adaptive VPN to enable different security levels in virtual private networks (VPNs)

~ 00490