SECURE FIREWALL CONFIGURATIONS
First Claim
1. A computer program product for managing a firewall on an endpoint, the computer program product comprising computer executable code embodied in a non-transitory computer-readable medium that, when executing on one or more computing devices, performs the steps of:
- storing a process cache in a kernel space of an operating system on the endpoint, the endpoint having a memory that includes the kernel space and a user space and the process cache storing at least one property for a configuration of a firewall provided by a software firewall process executing in the user space on the endpoint;
storing a tamper protection cache in the kernel space, the tamper protection cache identifying one or more protected computing objects on the endpoint, wherein the tamper protection cache secures the one or more computing objects with reference to a trust authority external to the operating system, and wherein the one or more protected computing objects includes the software firewall process;
receiving a request for a change to the configuration of the firewall from a second process with a kernel driver; and
conditionally authorizing the change from the kernel driver only when the one or more protected computing objects also includes the second process that requests the change to the configuration of the firewall.
4 Assignments
0 Petitions
Accused Products
Abstract
The configuration of a firewall on an endpoint is secured to prevent changes by unauthorized processes, while permitting changes that are requested by authorized processes. Authorized processes can be stored in a tamper protection cache within a kernel of the operating system of the endpoint and secured with reference to a trust authority external to the operating system. When a process on the endpoint requests a change to the firewall configuration, the requesting process can be checked against the processes listed in the tamper protection cache, and any suitable rules can be applied to limit or prevent changes to firewall configuration.
77 Citations
20 Claims
-
1. A computer program product for managing a firewall on an endpoint, the computer program product comprising computer executable code embodied in a non-transitory computer-readable medium that, when executing on one or more computing devices, performs the steps of:
-
storing a process cache in a kernel space of an operating system on the endpoint, the endpoint having a memory that includes the kernel space and a user space and the process cache storing at least one property for a configuration of a firewall provided by a software firewall process executing in the user space on the endpoint; storing a tamper protection cache in the kernel space, the tamper protection cache identifying one or more protected computing objects on the endpoint, wherein the tamper protection cache secures the one or more computing objects with reference to a trust authority external to the operating system, and wherein the one or more protected computing objects includes the software firewall process; receiving a request for a change to the configuration of the firewall from a second process with a kernel driver; and conditionally authorizing the change from the kernel driver only when the one or more protected computing objects also includes the second process that requests the change to the configuration of the firewall.
-
-
2. A method for managing a firewall on an endpoint, the method comprising:
-
storing a process cache in a kernel space of an operating system on the endpoint, the endpoint having a memory that includes the kernel space and a user space and the process cache storing at least one property for a software firewall process executing in the user space on the endpoint; storing a tamper protection cache in the kernel space, the tamper protection cache identifying one or more protected computing objects on the endpoint, wherein the tamper protection cache secures the one or more computing objects with reference to a trust authority external to the operating system, and wherein the one or more protected computing objects includes the software firewall process; receiving a request for a change to a configuration of the software firewall process from a second process with a kernel driver; and conditionally authorizing the change from the kernel driver only when the one or more protected computing objects also includes the second process. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
an endpoint having a memory and an operating system that organizes the memory into a user space for executing processes and a kernel space for the operating system; a software firewall process executing in the user space; a process cache stored in the kernel space, the process cache storing at least one property for the software firewall process executing in the user space; a tamper protection cache stored in the kernel space, the tamper protection cache secured with reference to a trust authority external to the operating system and identifying one or more protected computing objects on the endpoint, wherein the one or more protected computing objects includes the software firewall process; and a kernel driver executing in the kernel space and configured to detect a request for a change to the at least one property of the software firewall process from a second process and to conditionally authorize the change only when the one or more protected computing objects also includes the second process. - View Dependent Claims (17, 18, 19, 20)
-
Specification