DYNAMICALLY ADAPTIVE NETWORK FIREWALLS AND METHOD, SYSTEM AND COMPUTER PROGRAM PRODUCT IMPLEMENTING SAME
First Claim
1. A method for constructing a dynamically adaptive network firewall, comprising:
- establishing a firewall model for the firewall, wherein the firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, to the connections between the nodes, or to a combination thereof, wherein each of the nodes represents simultaneously a source and a destination for data packets, wherein the firewall rules in the firewall model comprise dynamic chains of rules, and wherein the dynamic chains comprise defined places for functional extensions thereto;
implementing the firewall on one or more machines connected to network segments where the nodes reside; and
dynamically inserting a firewall rule at one of the defined places while the firewall is operating on the one or more machines.
10 Assignments
0 Petitions
Accused Products
Abstract
One embodiment creates a model of the traffic through a network firewall and uses that model to dynamically manipulate the network firewall. The firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, the connections between the nodes, or a combination thereof. Each of the nodes represents simultaneously a source and a destination for data packets. The firewall rules include dynamic chains of rules having defined places where firewall rules may be dynamically inserted into or deleted from the firewall while the firewall is operating on one or more machines connected to network segments where the nodes reside.
-
Citations
20 Claims
-
1. A method for constructing a dynamically adaptive network firewall, comprising:
-
establishing a firewall model for the firewall, wherein the firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, to the connections between the nodes, or to a combination thereof, wherein each of the nodes represents simultaneously a source and a destination for data packets, wherein the firewall rules in the firewall model comprise dynamic chains of rules, and wherein the dynamic chains comprise defined places for functional extensions thereto; implementing the firewall on one or more machines connected to network segments where the nodes reside; and dynamically inserting a firewall rule at one of the defined places while the firewall is operating on the one or more machines. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product comprising one or more computer readable storage media storing computer instructions translatable by one or more processors to perform:
-
establishing a firewall model for the firewall, wherein the firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, to the connections between the nodes, or to a combination thereof, wherein each of the nodes represents simultaneously a source and a destination for data packets, wherein the firewall rules in the firewall model comprise dynamic chains of rules, and wherein the dynamic chains comprise defined places for functional extensions thereto; implementing the firewall on one or more machines connected to network segments where the nodes reside; and dynamically inserting a firewall rule at one of the defined places while the firewall is operating on the one or more machines. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system, comprising:
-
one or more processors; and one or more computer readable storage media accessible by the one or more processors and storing computer instructions translatable by the one or more processors to perform; establishing a firewall model for the firewall, wherein the firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, to the connections between the nodes, or to a combination thereof, wherein each of the nodes represents simultaneously a source and a destination for data packets, wherein the firewall rules in the firewall model comprise dynamic chains of rules, and wherein the dynamic chains comprise defined places for functional extensions thereto; implementing the firewall on one or more machines connected to network segments where the nodes reside; and dynamically inserting a firewall rule at one of the defined places while the firewall is operating on the one or more machines. - View Dependent Claims (17, 18, 19, 20)
-
Specification