Methods and systems for protecting a secured network
DC CAFCFirst Claim
1. A method comprising:
- receiving, by at least one network security device located at a boundary of a network protected by the at least one network security device, a plurality of rule sets;
receiving a plurality of packets via a communication interface of the at least one network security device;
executing, at a first time and on a packet by packet basis, a first rule set specifying a first set of network addresses for which packets should be forwarded;
executing, at a second time and on a packet by packet basis, a second rule set specifying a second set of network addresses for which packets should be forwarded; and
executing, at a third time and on a packet by packet basis, a third rule set specifying a third set of network addresses for which packets should be forwarded, the second time being after the first time, the third time being after the second time, the second set of network addresses including more network addresses than the first set of network addresses, and the third set of network addresses including more network addresses than the second set of network addresses.
2 Assignments
Litigations
1 Petition
Accused Products
Abstract
Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets. Performing the at least one of multiple packet transformation functions specified by the dynamic security policy on the packets may include performing at least one packet transformation function other than forwarding or dropping the packets.
194 Citations
20 Claims
-
1. A method comprising:
-
receiving, by at least one network security device located at a boundary of a network protected by the at least one network security device, a plurality of rule sets; receiving a plurality of packets via a communication interface of the at least one network security device; executing, at a first time and on a packet by packet basis, a first rule set specifying a first set of network addresses for which packets should be forwarded; executing, at a second time and on a packet by packet basis, a second rule set specifying a second set of network addresses for which packets should be forwarded; and executing, at a third time and on a packet by packet basis, a third rule set specifying a third set of network addresses for which packets should be forwarded, the second time being after the first time, the third time being after the second time, the second set of network addresses including more network addresses than the first set of network addresses, and the third set of network addresses including more network addresses than the second set of network addresses. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network security device comprising:
-
at least one processor; and a memory storing instructions that when executed by the at least one processor cause the network security device to; receive, at the network security device, a plurality of rule sets; receive a plurality of packets via a communication interface of the network security device; execute, at a first time and on a packet by packet basis, a first rule set specifying a first set of network addresses for which packets should be forwarded; execute, at a second time and on a packet by packet basis, a second rule set specifying a second set of network addresses for which packets should be forwarded; and execute, at a third time and on a packet by packet basis, a third rule set specifying a third set of network addresses for which packets should be forwarded, the second time being after the first time, the third time being after the second time, the second set of network addresses including more network addresses than the first set of network addresses, and the third set of network addresses including more network addresses than the second set of network addresses. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to:
-
receive, at the computing system located at a boundary of a network protected by the computing system, a plurality of rule sets; receive a plurality of packets via a communication interface of the computing system; execute, at a first time and on a packet by packet basis, a first rule set specifying a first set of network addresses for which packets should be forwarded; execute, at a second time and on a packet by packet basis, a second rule set specifying a second set of network addresses for which packets should be forwarded; and execute, at a third time and on a packet by packet basis, a third rule set specifying a third set of network addresses for which packets should be forwarded, the second time being after the first time, the third time being after the second time, the second set of network addresses including more network addresses than the first set of network addresses, and the third set of network addresses including more network addresses than the second set of network addresses. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification