Host controlled dynamic firewall system
First Claim
1. A method for operating a firewall, the method comprising:
- monitoring one or more communication channels at a host within a domain protected by a firewall;
detecting a communication protocol command in a communication channel at the host;
generating a firewall command at the host, wherein information within the firewall command is based on information within the communication protocol command; and
sending the firewall command from the host to the firewall to create a filtering condition at the firewall such that subsequent data transfers in accordance with the communication protocol command are allowed by the firewall.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, apparatus, and computer program product are presented for dynamically controlling a set of filtering-related operations at a firewall from one or more hosts. Instead of having a firewall monitor all of the command channels of different hosts within the protected domain, each host monitors its own command channels, and each host instructs the firewall as to which ports to open when communication protocol commands are detected. A host sends a command to the firewall to request the establishment of a filter rule at the firewall; these firewall operations may be secured through encryption, authentication, and authorization operations. Thereafter, the firewall allows data transfers that correspond to the detected protocol commands. The resulting firewall is much more lightweight and much faster than typical firewall implementations because the firewall neither has to monitor command channels nor parse differently formatted commands from different applications.
37 Citations
21 Claims
-
1. A method for operating a firewall, the method comprising:
-
monitoring one or more communication channels at a host within a domain protected by a firewall;
detecting a communication protocol command in a communication channel at the host;
generating a firewall command at the host, wherein information within the firewall command is based on information within the communication protocol command; and
sending the firewall command from the host to the firewall to create a filtering condition at the firewall such that subsequent data transfers in accordance with the communication protocol command are allowed by the firewall. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for operating a firewall, the apparatus comprising:
-
means for monitoring one or more communication channels at a host within a domain protected by a firewall;
means for detecting a communication protocol command in a communication channel at the host;
means for generating a firewall command at the host, wherein information within the firewall command is based on information within the communication protocol command; and
means for sending the firewall command from the host to the firewall to create a filtering condition at the firewall such that subsequent data transfers in accordance with the communication protocol command are allowed by the firewall. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a computer readable medium for use in operating a firewall, the computer program product comprising:
-
means for monitoring one or more communication channels at a host within a domain protected by a firewall;
means for detecting a communication protocol command in a communication channel at the host;
means for generating a firewall command at the host, wherein information within the firewall command is based on information within the communication protocol command; and
means for sending the firewall command from the host to the firewall to create a filtering condition at the firewall such that subsequent data transfers in accordance with the communication protocol command are allowed by the firewall. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification