Firewall providing enhanced network security and user transparency
First Claim
1. A system for providing filtered HTML software over a computer network, the system comprising:
- a computer network connection;
an association between client identifiers and IP addresses;
a gateway server, said gateway server having at least one HTML filtering process and being in communication with the association, the gateway server providing at least one filtered HTML page to a client over a computer network, said client being in communication with said gateway server over said computer network connection.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a firewall that achieves maximum network security and maximum user convenience. The firewall employs “envoys” that exhibit the security robustness of prior-art proxies and the transparency and ease-of-use of prior-art packet filters, combining the best of both worlds. No traffic can pass through the firewall unless the firewall has established an envoy for that traffic. Both connection-oriented (e.g., TCP) and connectionless (e.g., UDP-based) services may be handled using envoys. Establishment of an envoy may be subjected to a myriad of tests to “qualify” the user, the requested communication, or both. Therefore, a high level of security may be achieved. The usual added burden of prior-art proxy systems is avoided in such a way as to achieve fall transparency—the user can use standard applications and need not even know of the existence of the firewall. To achieve full transparency, the firewall is configured as two or more sets of virtual hosts. The firewall is, therefore, “multi-homed,” each home being independently configurable. One set of hosts responds to addresses on a first network interface of the firewall. Another set of hosts responds to addresses on a second network interface of the firewall. In one aspect, programmable transparency is achieved by establishing DNS mappings between remote hosts to be accessed through one of the network interfaces and respective virtual hosts on that interface. In another aspect, automatic transparency may be achieved using code for dynamically mapping remote hosts to virtual hosts in accordance with a technique referred to herein as dynamic DNS, or DDNS.
119 Citations
25 Claims
-
1. A system for providing filtered HTML software over a computer network, the system comprising:
-
a computer network connection;
an association between client identifiers and IP addresses;
a gateway server, said gateway server having at least one HTML filtering process and being in communication with the association, the gateway server providing at least one filtered HTML page to a client over a computer network, said client being in communication with said gateway server over said computer network connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system for performing HTML filtering, the system comprising:
-
a gateway, the gateway having at least one virtual host, the at least one virtual host configuring an association between client identifiers, IP addresses, and a process that performs HTML filtering, the gateway being in communication with a client, IP addresses, and HTML filtering process; and
a computer network connection, the computer network connection connecting the computer system to a computer network to allow the gateway to provide filtered HTML to the client over the computer network. - View Dependent Claims (10)
-
-
11. A system for testing a set of HTML code provided by a web server, comprising:
-
a computer network connection;
an association between client identifiers and IP addresses; and
a gateway server, said gateway server having at least one process for testing HTML and being in communication with said client, said server providing HTML to a client over a computer network, said client being in communication with said gateway server over said computer network connection. - View Dependent Claims (12, 13)
-
-
14. A system for testing a set of computer code provided by a web server, comprising:
-
a computer network connection;
an association between an asset ID and file type; and
a gateway server, said gateway server having at least one process for testing files for the presence of an asset ID in files transmitted over said computer network connection, said transmitted files matching a file type contained in said association. - View Dependent Claims (15)
-
-
16. A method of testing a functionality of a networked system that provides at least some dynamic information, comprising the steps of:
-
emulating a web browser by constructing a request for dynamic information to be sent to a personal computing device;
forwarding the request to the web server;
receiving dynamic information in response to forwarding the request;
parsing the received information into static information;
dynamically proxying the static information; and
validating the static information and the dynamic information received. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer-readable medium useful in association with a client computer coupled to a server via a computer network, the computer network providing a network connection for transmitting data from the server to the client computer and from the client computer to the server, the computer-readable medium having computer-executable instructions for tracking information received by a client from a network wherein the information includes at least some dynamic information, the instructions executed to parse the information received into static information, if present, and dynamic information;
- and validate the static information, if present, and the dynamic information.
Specification