Firewall system protecting a community of appliances, appliance participating in the system and method of updating the firewall rules within the system
First Claim
1. Firewall system making it possible to secure a community of interconnectable appliances sharing a set of at least one common global security rule, each appliance of the community possessing means for storing a local security policy consisting at least of global security rules, of a list of the members of the community as well as of their state of connection and of a list of services offered locally, a plurality of appliances of the community comprising a filter of messages destined for and originating from the network to which it is connected, the system comprising no centralized means, it possesses on each appliance of the community local means of calculating the rules used by the filter as a function of the local security policy.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to the protection by firewall of a domestic community of interconnectable appliances. The invention allows distributed and totally decentralized management of the firewall policy, implemented at the level of each appliance, which is consistent and adapts dynamically to the changes occurring within the domestic network. We shall speak of ubiquitous firewalls.
68 Citations
16 Claims
- 1. Firewall system making it possible to secure a community of interconnectable appliances sharing a set of at least one common global security rule, each appliance of the community possessing means for storing a local security policy consisting at least of global security rules, of a list of the members of the community as well as of their state of connection and of a list of services offered locally, a plurality of appliances of the community comprising a filter of messages destined for and originating from the network to which it is connected, the system comprising no centralized means, it possesses on each appliance of the community local means of calculating the rules used by the filter as a function of the local security policy.
- 7. Appliance comprising means for belonging to a community of interconnectable appliances sharing a set of at least one common global security rule, possessing means of storing a local security policy consisting at least of global security rules, of a list of the members of the community as well as of their state of connection and of a list of services offered locally, the said appliance possessing a firewall comprising a filter of the messages destined for and originating from the network to which it is connected, further possessing local means of calculating the firewall rules used by the filter as a function of the local security policy, calling upon no centralized means.
-
13. Method of updating rules used by a firewall consisting of a filter of the messages destined for and originating from the network to which is connected the appliance implementing the method, the appliance forming part of a community of interconnectable appliances sharing a set of at least one common global security rule, the appliance possessing means of storing a local security policy consisting at least of global security rules, of a list of the members of the community as well as of their state of connection and a list of services offered locally, the said rules being calculated as a function of the local security policy, comprising at least the following steps:
-
the detection of the addition, the removal and the banishing of an appliance of the community;
the detection of the changes of network address of an appliance of the community;
the triggering of a new calculation of the rules in response to the change of the local security policy. - View Dependent Claims (14, 15, 16)
-
Specification