Firewall system for protecting network elements connected to a public network
DCFirst Claim
1. A firewall system for protecting a network element from access over a network to which the network element is attached, the firewall system comprising:
- a firewall box comprising a stand alone computing platform;
a first connection connecting the firewall box to the network element; and
at least one proxy agent running on the firewall box for verifying that an access request packet received over the first connection is authorized to access the network element, the at least one proxy agent initiating a connection to the network element on behalf of the access request if the access request is authorized, wherein the at least one proxy agent verifies that a time period during which an incoming access request is received is valid.
5 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
Providing a firewall for isolating network elements from a publicly accessible network to which such network elements are attached. The firewall operates on a stand alone computer connected between the public network and the network elements to be protected such that all access to the protected network elements must go through the firewall. The firewall application running on the stand alone computer is preferably the only application running on that machine. The application includes a variety of proxy agents that are specifically assigned to an incoming request in accordance with the service protocol (i.e., port number) indicated in the incoming access request. An assigned proxy agent verifies the authority of an incoming request to access a network element indicated in the request. Once verified, the proxy agent completes the connection to the protected network element on behalf of the source of the incoming request.
-
Citations
36 Claims
-
1. A firewall system for protecting a network element from access over a network to which the network element is attached, the firewall system comprising:
-
a firewall box comprising a stand alone computing platform; a first connection connecting the firewall box to the network element; and at least one proxy agent running on the firewall box for verifying that an access request packet received over the first connection is authorized to access the network element, the at least one proxy agent initiating a connection to the network element on behalf of the access request if the access request is authorized, wherein the at least one proxy agent verifies that a time period during which an incoming access request is received is valid. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
2. A firewall system for protecting a network element from access over a network to which the network element is attached, the firewall system comprising:
-
a firewall box comprising a stand alone computing platform; a first connection connecting the firewall box to the network element; and at least one proxy agent running on the firewall box for verifying that an access request packet received over the first connection is authorized to access the network element, the at least one proxy agent initiating a connection to the network element on behalf of the access request if the access request is authorized; wherein the at least one proxy agent performs a Changeroot command prior to processing an incoming access request.
-
-
3. A firewall system for protecting a network element from access over a network to which the network element is attached, the firewall system comprising:
-
a firewall box comprising a stand alone computing platform; a first connection connecting the network to the firewall box; a second connection connecting the firewall box to the network element; and at least one proxy agent running on the firewall box for verifying that an access request packet received over the first connection is authorized to access the network element, the at least one proxy agent initiating a connection to the network element on behalf of the access request if the access request is authorized, wherein the at least one proxy agent prompts the user to enter a user name and a password and verifies that a user associated with an incoming access request is authorized to access the network element, and upon receiving and verifying the user name and password, communicates a second password to the user using a communication channel other than the computer network being used to initiate the connection, which second password is to be entered by the user to advance a logon process. - View Dependent Claims (21, 22)
-
-
4. A firewall method for protecting a network element from unauthorized access over a network to which the network element is attached, the method comprising the steps of:
-
receiving an incoming access request; assigning a proxy agent to the incoming access request in accordance with a port number indicated in the incoming access request; verifying the authority of the incoming access request to access the protected network element; forming a connection to the network element via the proxy agent on behalf of the incoming access request, if the authority of the incoming access request is verified wherein the step of verifying the authority of the incoming access request includes; determining the identity of a source of the incoming access request; initiating a first set of verification checks in response to a first identified source; and initiating a second set of verification checks in response to a second identified source. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
5. A firewall method for protecting a network element from unauthorized access over a network to which the network element is attached, the method comprising the steps of:
-
receiving an incoming access request; assigning a proxy agent to the incoming access request in accordance with at least a port number indicated in the incoming access request; verifying the authority of the incoming access request to access the protected network element; and
thereafterforming a connection to the network element via the proxy agent on behalf of the incoming access request if the authority of the incoming access request is verified; wherein the step of verifying the authority of the incoming access request includes; verifying that a user associated with the incoming access request is authorized to access the network element; checking the accuracy of a first password associated with the incoming access request; and
,communicating a second password to the user using a communication channel other than the network connection, which second password is to be entered by the user to advance a logon process. - View Dependent Claims (35, 36)
-
-
6. A firewall method for protecting a network element from unauthorized access over a network to which the network element is attached, the method comprising the steps of:
-
receiving an incoming access request; assigning a proxy agent to the incoming access request in accordance with a port number indicated in the incoming access request; verifying the authority of the incoming access request to access the protected network element; verifying that a time period during which an incoming access request is received is valid; and forming a connection to the network element via the proxy agent on behalf of the incoming access request if the authority and time period of the incoming access request is verified.
-
Specification