Firewall propagation
First Claim
1. A data communication network comprising:
- a plurality of network devices;
a data filtering server having a trigger module containing one or more trigger names, one or more trigger definitions, one or more propagation policies, and a trigger definition translation module, and a trigger directory;
a first data filtering module having a first policy propagation file;
a second data filtering module having a second policy propagation file; and
a data filtering policy server for combining policy statements.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for propagating data security policies and rules up a chain of network components, for example, from an end-user device having a firewall, to a network component at the “edge” of the network, such as a so-called “edge” firewall server, from where a policy statement can be transmitted to a service provider, such as an ISP, are described. A device, such as a computer or mobile phone, has, as part of its firewall software, a policy propagation file, that communicates with pre-existing firewall software. The firewall software creates a policy statement upon detecting a triggering event, which is transmitted from the device to the next data security component up the chain, “upstream,” in the network. In some cases this device may be a firewall server or a firewall policy server. The firewall server may combine policy statements from numerous end-user type devices and transmit the policy statement to an external network component, such as an ISP firewall server or similar device. The ISP or other service provider may then use the policy statement to implement date security rules for the devices in the network. In this manner, the firewall operated by the ISP implements rules and policies of a network owner or the owner of a stand-alone device, thereby preventing unwanted traffic from entering the network.
306 Citations
17 Claims
-
1. A data communication network comprising:
-
a plurality of network devices; a data filtering server having a trigger module containing one or more trigger names, one or more trigger definitions, one or more propagation policies, and a trigger definition translation module, and a trigger directory; a first data filtering module having a first policy propagation file; a second data filtering module having a second policy propagation file; and a data filtering policy server for combining policy statements. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of filtering data entering a network, the method comprising:
-
creating a first policy statement containing one or more trigger names, one or more propagation policies, and one or more trigger short definitions; within the network, propagating the first policy statement to a network data security server; determining if there is a match in a first trigger name contained in the first policy statement with a second trigger name contained in a second policy statement; if there is a match, creating a combined policy statement, wherein the second policy statement contains data that overrides data in the first policy statement; and determining which recipients should receive the combined policy statement. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
Specification