Dynamic updating of firewall parameters

US 20080148380A1
Filed: 10/30/2006
Published: 06/19/2008
Est. Priority Date: 10/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method for dynamically updating a firewall parameter, the method comprising:

receiving a policy rule comprising a reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule;

receiving a firewall parameter value; and

populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The dynamic updating of firewall parameters is described. One exemplary embodiment includes receiving a policy rule that includes a reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, receiving a firewall parameter value, and populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range, thereby updating the policy rule.

Citations

20 Claims

1. A method for dynamically updating a firewall parameter, the method comprising:
- receiving a policy rule comprising a reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule;
  
  receiving a firewall parameter value; and
  
  populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 13)
- - 2. The method of claim 1, wherein the reference to the predefined container comprises a keyword associated with the predefined container.
  - 3. The method of claim 2, wherein receiving the firewall parameter value comprises receiving the keyword resolved to the firewall parameter value.
  - 4. The method of claim 1, wherein the policy rule is received at a policy level interface, and the firewall parameter value is received at a non-policy level interface.
  - 5. The method of claim 1, further comprising identifying a program from which the firewall parameter value is received and determining whether the program is allowed to populate the predefined container.
  - 6. The method of claim 5, wherein the program comprises one or more of a remote procedure call service, a Teredo service, and a network location awareness service.
  - 7. The method of claim 1, wherein the predefined container initially contains no firewall parameter values.
  - 8. The method of claim 1, wherein the permissible value range comprises one or more permissible values.
  - 9. The method of claim 1, wherein the firewall parameter value comprises one or more of a port number and an address.
  - 10. The method of claim 1, wherein the policy rule is received at a first, earlier time, and the firewall parameter value is received at a second, later time.
  - 13. The method of claim-11, wherein the firewall parameter comprises at least one of a port number and an address.

11. A method for dynamically updating a policy rule of a firewall located between a program and a network, the method comprising:
- sending, to a non-policy level interface on the firewall, a message-comprising a keyword defined for the program and a firewall parameter value resolved to the keyword;
  
  sending a message to a remote network device located across the firewall; and
  
  receiving a message from the remote network device according to a firewall rule implementing the firewall parameter value.
- View Dependent Claims (12, 14)
- - 12. The method of claim 11, wherein the program comprises one or more of a remote procedure call program, a Teredo program, and network location awareness program.
  - 14. The method of claim 11, wherein receiving a message from the remote network device comprises receiving a return from a remote procedure call to the remote network device.

15. A firewall for implementing security policy for controlling network traffic, the firewall comprising:
- code executable to present a policy level interface at which the firewall can receive an input of a policy rule referencing a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule;
  
  code executable to present a non-policy level interface at which the firewall service can receive a firewall parameter value from a program for populating the predefined container;
  
  code executable to populate the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range; and
  
  code executable to enforce the policy rule.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The firewall of claim 15, further comprising code representing an access control list to determine whether the program from which the firewall parameter value is received is authorized to populate the predefined container.
  - 17. The firewall of claim 15, further comprising code representing the predefined container.
  - 18. The firewall of claim 17, wherein the code representing the predefined container comprises code executable to store one or more of a port number and a network resource address in the predefined container.
  - 19. The firewall of claim 15, further comprising code representing a keyword associated with the predefined container, and code executable to receive from the program an input resolving the firewall parameter value to the keyword.
  - 20. The firewall of claim 15, further comprising code executable to determine whether the firewall parameter value received from the program is within the range of permissible firewall parameter values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Yariv, Eran, Abzarian, David, Cuellar, Gerardo Diaz

Granted Patent

US 8,099,774 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0263 Rule management

Dynamic updating of firewall parameters

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic updating of firewall parameters

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links