Abstract: A method and system for determining whether to alter a firewall configuration. Message flow data associated with a message packet blocked by a firewall is received. The packet was blocked based on the firewall not having a message flow rule that permitted passage of the message packet. Risk values associated with a source network, destination network and destination port are identified by the message flow data. Based on the risk values, an electronic recommendation indicating whether to add to the firewall a message flow rule that permits the message flow to pass is determined and generated.

Abstract: A method and system for utilizing an expert system to determine whether to alter a firewall configuration. The expert system receives message flow data associated with a message packet blocked by a firewall. The packet is blocked based on an associated message flow not being permitted by a set of rules. The expert system assigns predefined risk values to the message flow data so that each risk value is associated with a source network, destination network or destination port included in the message flow data. The expert system utilizes the assigned risk values to determine a total risk value associated with the message packet. Finally, the expert system generates a proposal based on the total risk value. The proposal is a recommendation for or against adding to the set of rules a message flow rule that permits the message flow.

Abstract: A method for determining if a multiplicity of networks are authorized to communicate with each other and what IP protocol can be used for communication between each combination of two of the networks. For each network, a computer readable data base stores a record of (a) IP protocol(s) permitted to be used with said each network and (b) types of other networks permitted to communicate to said each network. For said each network, a computer readable data base stores a record of IP protocols and destination and source networks permitted by a respective firewall or router for said each network. For said each network, a computer readable data base stores a record of a type of said each network. Multiple combinations of the networks are automatically identified. Each of the combinations comprises a source network and a destination network.

Abstract: System, method and program product for managing a security policy of a firewall. The firewall receives a message packet addressed to a specified port of a destination IP address and determines that the firewall does not have a message flow rule which permits passing of the message packet to the port. The port is tested to determine if the port is open. If so, an administrator is queried whether the firewall should have a message flow rule which permits passing of the message packet to the port. If not, an administrator is not queried whether the firewall should have a message flow rule which permits passing of the message packet to the port. There may be first and second firewalls located between the source IP address and destination IP address. Before the port is tested, a central database is checked to learn if the central database has a record of whether the first firewall should have a message flow rule which permits passing of the message packet to the port.