Apparatus and method for providing a secure gateway for communication and data exchanges between networks
DCFirst Claim
1. A method of providing a secure gateway between a private network and a potentially hostile network, comprising the steps of:
- (a) addressing communications packets directly to a host on the potentially hostile network as if there were a communications path to the host, but encapulating the packets with a hardware destination address that matches a device address of the gateway;
(b) accepting at the gateway communications packets from either network that are encapsulated with a hardware destination address which matches the device address of the gateway;
(c) determining at the gateway whether there is a process bound to a destination port number of an accepted communications packet;
(d) establishing transparently at the gateway a first communications session with a source address/source port of the accepted communications packet if there is a process bound to the destination port number, else dropping the packet;
(e) establishing transparently at the gateway a second communications session with a destination address/destination port of the accepted communications packet if a first communications session is established; and
(f) transparently moving data associated with each subsequent communications packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions.
8 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
An apparatus and method for providing a secure firewall between a private network and a public network are disclosed. The apparatus is a gateway station having an operating system that is modified to disable communications packet forwarding, and further modified to process any communications packet having a network encapsulation address which matches the device address of the gateway station. The method includes enabling the gateway station to transparently initiate a first communications session with a client on a first network requesting a network service from a host on a second network, and a second independent communications session with the network host to which the client request was addressed. The data portion of communications packets from the first session are passed to the second session, and vice versa, by application level proxies which are passed the communications packets by the modified operating system. Data sensitivity screening is preferably performed on the data to ensure security. Only communications enabled by a security administrator are permitted. The advantage is a transparent firewall with application level security and data screening capability.
-
Citations
41 Claims
-
1. A method of providing a secure gateway between a private network and a potentially hostile network, comprising the steps of:
-
(a) addressing communications packets directly to a host on the potentially hostile network as if there were a communications path to the host, but encapulating the packets with a hardware destination address that matches a device address of the gateway; (b) accepting at the gateway communications packets from either network that are encapsulated with a hardware destination address which matches the device address of the gateway; (c) determining at the gateway whether there is a process bound to a destination port number of an accepted communications packet; (d) establishing transparently at the gateway a first communications session with a source address/source port of the accepted communications packet if there is a process bound to the destination port number, else dropping the packet; (e) establishing transparently at the gateway a second communications session with a destination address/destination port of the accepted communications packet if a first communications session is established; and (f) transparently moving data associated with each subsequent communications packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of providing a secure gateway between a private network and a potentially hostile network, comprising the steps of:
-
(a) addressing communications packets directly to a host on the potentially hostile network as if there were a communications path to host, but encapulating the packets with a hardware destination address that matches a device address of the gateway; (b) accepting from either network all TCP/IP packets that are encapsulated with a hardware destination address which matches the device address of the gateway; (c) determining whether there is a proxy process bound to a port for serving a destination port number of an accepted TCP/IP packet; (d) establishing a first communications session with a source address/source port number of the accepted TCP/IP packet if there is proxy process bound to the port for serving the destination port number, else dropping the packet; (e) determining if the source address/source port number of the accepted packet is permitted to communicate with a destination address/destination port number of the accepted packet by referencing a rule base, and dropping the packet if a permission rule cannot be located; (f) establishing a second communications session with the destination address/destination port number of the accepted TCP/IP packet if a first communications session is established and the permission rule is located; and (g) transparently moving data associated with each subsequent TCP/IP packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network, comprising in combination:
-
a gateway station adapted for connection to a telecommunications connection with each of the private network and the potentially hostile network; an operating system executable by the gateway station, a kernel of the operating system having been modified so that the operating system; a) cannot forward any communications packet from the private network to the potentially hostile network or from the potentially hostile network to the private network; and b) will accept for processing any communications packet from either of the private network and the potentially hostile network provided that the packet is encapsulated with a hardware destination address that matches the device address of the gateway station on the respective network; and at least one proxy process executable by the gateway station, the at least one proxy process being adapted to transparently initiate a first communications session with a source of an initial data packet accepted by the operating system and to transparently initiate a second communications session with a destination of the packet without intervention by the source, and to transparently pass the data portion of packets received by the first communications session to the second communications session and to pass the data portion of packets received by the second communications session to the first communications session, whereby the first session communicates with the source using data from the second session and the second session communicates with the destination using data received from the first session. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer system for providing a secure gateway between a private network and a potentially hostile network, comprising:
-
a) means for accepting from either network all communications packets that are encapsulated with a hardware destination address which matches the device address of the gateway; b) means for determining whether there is a process bound to a destination port number of an accepted communications packet; c) means for establishing a first communications session with a source address/source port of the accepted communications packet if there is a process bound to the destination port number, else dropping the packet; d) means for transparently establishing, without intervention from the source, a second communications session with a destination address/destination port of the accepted communications packet if a first communications session is established; and e) means for transparently moving data associated with each subsequent communications packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A computer-readable memory encoded with computer-readable instructions for providing a secure gateway between a private network and a potentially hostile network, comprising:
-
a) instructions for accepting from either network all communications packets that are encapsulated with a hardware destination address which matches the device address of the gateway; b) instructions for determining whether there is a process bound to a destination port number of an accepted communications packet; c) instructions for transparently establishing a first communications session with a source address/source port of the accepted communications packet if there is a process bound to the destination port number, else dropping the packet; d) instructions for transparently establishing, without intervention from the source, a second communications session with a destination address/destination port of the accepted communications packet if a first communications session is established; and e) instructions for transparently moving data associated with each subsequent communications packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions. - View Dependent Claims (39, 40, 41)
-
Specification