Distributed firewall system and method
First Claim
1. A method of restricting packet transfer to a computer across a network, wherein the computer includes a network interface device coupled to the network and wherein the network interface device includes a packet filter, the method comprising:
- providing a security server connected to the network;
receiving a packet at the network interface device;
determining, at the network interface device, whether the packet is an authorized transaction;
if the packet is not an authorized transaction, routing the packet to the security server;
determining, at the security server, whether the packet is an authorized transaction; and
if the security server determines that the packet is an authorized transaction, configuring the network interface device to accept similar transactions.
15 Assignments
0 Petitions
Accused Products
Abstract
A system and method for restricting packet transfer to a computer across a network, wherein the computer includes a network interface device coupled to the network and wherein the network interface device includes a packet filter. A security server is connected to the network. A packet is received at the network interface device and the network interface device determines if the packet is an authorized transaction. If the packet is not an authorized transaction, the packet is routed to the security server, where the security server determines whether the packet is an authorized transaction. If the security server determines that the packet is an authorized transaction, the network interface device is configured to accept similar transactions.
358 Citations
46 Claims
-
1. A method of restricting packet transfer to a computer across a network, wherein the computer includes a network interface device coupled to the network and wherein the network interface device includes a packet filter, the method comprising:
-
providing a security server connected to the network;
receiving a packet at the network interface device;
determining, at the network interface device, whether the packet is an authorized transaction;
if the packet is not an authorized transaction, routing the packet to the security server;
determining, at the security server, whether the packet is an authorized transaction; and
if the security server determines that the packet is an authorized transaction, configuring the network interface device to accept similar transactions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of restricting packet transfer from a computer across a network, wherein the computer includes a network interface device coupled to the network and wherein the network interface device includes a packet filter, the method comprising:
-
providing a security server connected to the network;
receiving a packet at the network interface device;
determining, at the network interface device, whether the packet is an authorized transaction;
if the packet is not an authorized transaction, routing the packet to the security server;
determining, at the security server, whether the packet is an authorized transaction; and
if the security server determines that the packet is an authorized transaction, configuring the network interface device to permit similar transactions. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of limiting source spoofing in the transfer of packets from a computer across a network, wherein the computer includes a network interface device coupled to the network, wherein the computer has a computer address and wherein the network interface device includes a packet filter, the method comprising:
-
transferring a packet from the computer to the network interface device, wherein the packet includes a source address;
examining the packet within the network interface device, wherein examining includes comparing the source address to the computer address; and
if the source address matches the computer address, placing the packet on the network. - View Dependent Claims (21, 22, 23)
-
-
24. A computer system, comprising:
-
a network;
a computer connected to the network through a network interface device; and
a security server;
wherein the network interface device includes logic for transmitting information from the network interface device to the security server independent of the computer and wherein the security server configures the network interface device as a function of the transmitted information. - View Dependent Claims (25, 26, 27)
-
-
28. A computer system, comprising:
-
a network;
a computer connected to the network;
a router connected to the network, wherein the router includes a packet filter;
and a security server;
wherein the router receives packets from the network, filters the packets using the packet filter to detect unauthorized packets and transmits unauthorized packets to the security server independent of the computer; and
wherein the security server configures the router packet filter after analysis of the unauthorized packets. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A computer system, comprising:
-
a network;
a computer connected to the network through a network interface device; and
a security server capable of communicating with the network interface device;
wherein the network interface device includes a packet filter, wherein the packet filter includes quality of service control for managing traffic flowing through the network interface device; and
wherein the security server transfers configuration information to the network interface device to modify quality of service parameters on the network interface device as a function of changing security conditions within the computer system. - View Dependent Claims (34, 35, 36)
-
-
37. A distributed firewall system, comprising:
-
a plurality of computers, including a first computer, wherein the plurality of computers are connected through network interface cards to a network; and
a security server connected to the network;
wherein the network interface card for the first computer includes logic which selectively forwards packets addressed to the first computer from the network interface card to the security server. - View Dependent Claims (38, 39, 40, 41)
-
-
42. A method of providing computer security services to the computer of a remote user, comprising:
-
providing a security server;
installing a network interface device in the computer, wherein the network interface device includes logic for transmitting information from the network interface device to the security server independent of the computer;
transmitting information from the network interface device to the security server; and
configuring the network interface device as a function of the information transmitted from the network interface device to restrict packet transfer to the network interface device. - View Dependent Claims (43, 44, 45, 46)
-
Specification