Computerized system and method for policy-based content filtering
First Claim
1. A computer-implemented method for processing network content, the method comprising:
- a. receiving an incoming network connection, the incoming connection being characterized by a source network address, a destination network address and a network service protocol;
b. determining the network service protocol of the incoming network connection;
c. identifying a matching policy based on the source network address, the destination network address and the network service protocol;
d. retrieving one or more configuration scheme associated with the matching policy; and
e. processing network content associated with the incoming network connection based on the retrieved one or more configuration schemes.
1 Assignment
0 Petitions
Accused Products
Abstract
Firewalls and other filtering gateways have become common security devices for improving computer network security. As more features and functionality are added to these devices they become quite complex to configure. By associating configuration schemes with firewall policies, configuration can be simplified without compromising flexibility. Administrators have more options to filter different traffic streams based on their type and sources. They also have increased flexibility to be able to filter traffic on a per user basis, through authentication mechanisms tied to various filtering options.
-
Citations
46 Claims
-
1. A computer-implemented method for processing network content, the method comprising:
-
a. receiving an incoming network connection, the incoming connection being characterized by a source network address, a destination network address and a network service protocol;
b. determining the network service protocol of the incoming network connection;
c. identifying a matching policy based on the source network address, the destination network address and the network service protocol;
d. retrieving one or more configuration scheme associated with the matching policy; and
e. processing network content associated with the incoming network connection based on the retrieved one or more configuration schemes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium embodying a configuration scheme for configuring a computerized firewall system to process network content associated with an incoming network connection, the configuration scheme comprising:
-
information on one or more communication protocols; and
one or more settings for each communication protocol;
wherein upon receiving the incoming network connection by the computerized firewall system, the one or more settings of the configuration scheme are applied to configure the computerized firewall system based on a source network address, a destination network address and a network service protocol associated with the incoming network connection. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-readable medium embodying a firewall policy for use in connection with a computerized firewall system, the firewall policy comprising:
-
at least one source network address;
at least one destination network address;
at least one service network protocol;
at least one configuration scheme identifier associating the firewall policy with a corresponding configuration scheme; and
information identifying an action to be taken when the policy is invoked;
wherein upon receiving the incoming network connection by the computerized firewall system, the firewall policy is invoked based on the at least one source network address, the at least one destination network address and the at least one network service protocol. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer-readable medium embodying a configuration database for use in connection with a computerized firewall system, the configuration database comprising:
-
at least one configuration scheme; and
at least one firewall policy;
wherein the at least one firewall policy is linked to the at least one configuration scheme; and
wherein upon receiving an incoming network connection by the computerized firewall system, the computerized firewall system invokes the at least one firewall policy and applies the at least one configuration scheme. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
-
-
35. A firewall system for processing network content, the firewall system comprising:
-
a networking interface for receiving a network connection;
a networking subsystem;
a proxy subsystem supporting one or more network protocols; and
a configuration database for storing at least one firewall policy and at least one firewall configuration scheme;
wherein the networking subsystem re-directs the network connection to the proxy based on the at least one firewall policy and wherein the proxy subsystem processes the network content associated with the network connection based on the at least one firewall configuration scheme. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
Specification