SYSTEM AND METHOD FOR PROVIDING NETWORK AND COMPUTER FIREWALL PROTECTION WITH DYNAMIC ADDRESS ISOLATION TO A DEVICE
First Claim
1. A computer system comprising:
- at least one processor and memory;
an application associated with an application address;
a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network;
an address translation engine configured to translate between the application address and an external address; and
a driver for automatically forwarding the outgoing data packets to the address translation engine to translate the application address to the external address, and for automatically forwarding the incoming data packets to the address translation engine to translate the external address to the application address, the driver coupled to transmit the incoming data packets to a firewall configured to reject the incoming data packets if the incoming data packets include malicious content according to a security policy, and allow the incoming data packets to be forwarded to the application if the incoming data packets do not include malicious content according to the security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.
9 Citations
19 Claims
-
1. A computer system comprising:
-
at least one processor and memory; an application associated with an application address; a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network; an address translation engine configured to translate between the application address and an external address; and a driver for automatically forwarding the outgoing data packets to the address translation engine to translate the application address to the external address, and for automatically forwarding the incoming data packets to the address translation engine to translate the external address to the application address, the driver coupled to transmit the incoming data packets to a firewall configured to reject the incoming data packets if the incoming data packets include malicious content according to a security policy, and allow the incoming data packets to be forwarded to the application if the incoming data packets do not include malicious content according to the security policy. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a network interface configured to be coupled to an external network; a firewall in communication with the network interface, the firewall configured to perform both network-level security and application-level security on incoming data packets, the firewall being further configured to reject the incoming data packets if the incoming data packets include malicious content according to a security policy, the firewall being configured to allow the incoming data packets to pass to the one or more applications if the incoming data packets do not include malicious content according to the security policy; a computer system in communication with the firewall, the computer system having one or more applications associated with at least one application address, the computer system being configured to send to the firewall outgoing data packets including an application identifier identifying a particular application of the one or more applications to the firewall; and an address translation engine configured to translate the at least one application address associated with the particular application of the one or more applications to an external address, thereby dynamically isolating the particular application of the one or more applications from the external network. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
receiving by a personal computer system incoming data packets from an external network, the incoming data packets being associated with an external address; translating by the personal computer system the external address of the incoming data packets into an internal address associated with an application; providing by the personal computer system the incoming data packets to a firewall; receiving by the personal computer system an analysis indicating whether the incoming data packets include malicious code according to a security policy implemented by the firewall; routing the incoming data packets to the application if the analysis indicates that the incoming data packets do not include the malicious code according to the security policy; and rejecting the incoming data packets if the analysis indicates that the incoming data packets include the malicious code according to the security policy. - View Dependent Claims (14, 15)
-
-
16. A method comprising:
-
receiving by a computer system outgoing data packets from an application, the application being associated with an internal address; translating, using an address translation engine within the computer system, the internal address into an external address; routing, using a driver within the computer system, at least a subset of the outgoing data packets to an external network using the external address, thereby dynamically isolating the internal address from the external network; and providing, using a network interface within the computer system, the at least the subset of the outgoing data packets to the external network. - View Dependent Claims (17, 18, 19)
-
Specification