| 摘要 |
A method of network security policy administration for a network client uses a finite state machine to maintain the security policy information of the network client. Security policy information may originate in a remote source such a directory storage as well as, or alternatively, locally in cache and local store locations. The finite state machine has four states, Initial, DS, Cache, and Local, and transitions between states responsive to the availability of security policy information from the various policy information sources. Furthermore, security policy updates occur via a differencing mechanism, wherein only filters that have changed are updated, minimizing impact on unchanged policy filters and the traffic protected by them, and minimizing lulls in policy coverage.
|
