Incorporating network connection security levels into firewall rules

US 20080289027A1
Filed: 05/18/2007
Published: 11/20/2008
Est. Priority Date: 05/18/2007
Status: Active Grant

First Claim

Patent Images

1. A method for configuring a firewall for use in a computer system that comprises at least one first device disposed inside the firewall and at least one second device disposed outside the firewall, the method comprising an act of:

(A) establishing at least one rule for the firewall that determines at least one filtering function that the firewall performs on communications between the at least one first device and the at least one second device, wherein the at least one rule employs at least one filtering parameter that is based on at least one connection security level established for a connection between the at least one first device and the at least one second device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts.

83 Citations

View as Search Results

20 Claims

1. A method for configuring a firewall for use in a computer system that comprises at least one first device disposed inside the firewall and at least one second device disposed outside the firewall, the method comprising an act of:
- (A) establishing at least one rule for the firewall that determines at least one filtering function that the firewall performs on communications between the at least one first device and the at least one second device, wherein the at least one rule employs at least one filtering parameter that is based on at least one connection security level established for a connection between the at least one first device and the at least one second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the at least one filtering parameter blocks communications when no security level is established for the connection between the at least one first device and the at least one second device.
  - 3. The method of claim 1, wherein the at least one filtering parameter relates to whether communications over the connection between the at least one first device and the at least one second device are authenticated.
  - 4. The method of claim 1, wherein the at least one filtering parameter relates to whether integrity checking is performed for communications over the connection between the at least one first device and the at least one second device.
  - 5. The method of claim 1, wherein the at least one filtering parameter relates to whether communications over the connection between the at least one first device and the at least one second device are encrypted.
  - 6. The method of claim 1, wherein the at least one rule for the firewall comprises a plurality of rules comprising at least a first rule and a second rule, wherein the first rule comprises at least two filtering parameters comprising a first filtering parameter and a second filtering parameter, and wherein;
    - when the first and second filtering parameters are met for an evaluated communication between the first and second devices, the first rule results in the evaluated communication being allowed to pass through the firewall;
      
      when the first filtering parameter is met and the second filtering parameter is not met for the evaluated communication, the evaluation of the first rule results in the evaluated communication being further evaluated by the second rule to determine whether to allow the evaluated communication to pass through the firewall; and
      
      when the first filtering parameter is not met for an evaluated communication between the first and second devices, the evaluation of the first rule results in the evaluated communication being blocked by the firewall without further evaluation by the second rule.
  - 7. The method of claim 1, wherein the act (A) is performed by an administrator of the firewall.
  - 8. The method of claim 1, wherein the firewall comprises a configuration interface, and wherein the act (A) is performed by the configuration interface.

9. At least one computer readable medium encoded with a plurality of instructions that, when executed, perform a method for use in a computer system that comprises a firewall, at least one first device disposed inside the firewall and at least one second device disposed outside the firewall, the method comprising an act of:
- (A) implementing at least one rule for the firewall that determines at least one filtering function that the firewall performs on communications between the at least one first device and the at least one second device, wherein the at least one rule employs at least one filtering parameter that is based on at least one connection security level established for a connection between the at least one first device and the at least one second device.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The at least one computer readable medium of claim 9, wherein the at least one filtering parameter blocks communications when no security level is established for the connection between the at least one first device and the at least one second device.
  - 11. The at least one computer readable medium of claim 9, wherein the at least one filtering parameter relates to whether communications over the connection between the at least one first device and the at least one second device are authenticated.
  - 12. The at least one computer readable medium of claim 9, wherein the at least one filtering parameter relates to whether integrity checking is performed for communications over the connection between the at least one first device and the at least one second device.
  - 13. The at least one computer readable medium of claim 9, wherein the at least one filtering parameter relates to whether communications over the connection between the at least one first device and the at least one second device are encrypted.
  - 14. The at least one computer readable medium of claim 9, wherein the at least one rule for the firewall comprises a plurality of rules comprising at least a first rule and a second rule, wherein the first rule comprises at least two filtering parameters comprising a first filtering parameter and a second filtering parameter, and wherein;
    - when the first and second filtering parameters are met for an evaluated communication between the first and second devices, the first rule results in the evaluated communication being allowed to pass through the firewall;
      
      when the first filtering parameter is met and the second filtering parameter is not met for the evaluated communication, the evaluation of the first rule results in the evaluated communication being further evaluated by the second rule to determine whether to allow the evaluated communication to pass through the firewall; and
      
      when the first filtering parameter is not met for an evaluated communication between the first and second devices, the evaluation of the first rule results in the evaluated communication being blocked by the firewall without further evaluation by the second rule.

15. A device for use in a computer system that comprises a firewall, at least one first device disposed inside the firewall and at least one second device disposed outside the firewall, the device comprising:
- at least one processor programmed to implement at least one rule for the firewall that determines at least one filtering function that the firewall performs on communications between the at least one first device and the at least one second device, wherein the at least one rule employs at least one filtering parameter that is based on at least one connection security level established for a connection between the at least one first device and the at least one second device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The device of claim 15, wherein the at least one filtering parameter blocks communications when no security level is established for the connection between the at least one first device and the at least one second device.
  - 17. The device of claim 15, wherein the at least one filtering parameter relates to whether communications over the connection between the at least one first device and the at least one second device are authenticated.
  - 18. The device of claim 15, wherein the at least one filtering parameter relates to whether integrity checking is performed for communications over the connection between the at least one first device and the at least one second device.
  - 19. The device of claim 15, wherein the at least one filtering parameter relates to whether communications over the connection between the at least one first device and the at least one second device are encrypted.
  - 20. The device of claim 15, wherein the at least one rule for the firewall comprises a plurality of rules comprising at least a first rule and a second rule, wherein the first rule comprises at least two filtering parameters comprising a first filtering parameter and a second filtering parameter, and wherein;
    - when the first and second filtering parameters are met for an evaluated communication between the first and second devices, the first rule results in the evaluated communication being allowed to pass through the firewall;
      
      when the first filtering parameter is met and the second filtering parameter is not met for the evaluated communication, the evaluation of the first rule results in the evaluated communication being further evaluated by the second rule to determine whether to allow the evaluated communication to pass through the firewall; and
      
      when the first filtering parameter is not met for an evaluated communication between the first and second devices, the evaluation of the first rule results in the evaluated communication being blocked by the firewall without further evaluation by the second rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Yariv, Eran, Diaz Cuellar, Gerardo, Abzarian, David

Granted Patent

US 8,166,534 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/126 the source of the received ...

Incorporating network connection security levels into firewall rules

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Incorporating network connection security levels into firewall rules

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links