Transparent security proxy for unreliable message exchange protocols
First Claim
1. A network communication manager comprising:
- a port manager that;
receives a client message intended for a selected server;
assigns such message to a port based on an address in the message;
sends the message to the intended server; and
routes a reply message from the server to the client while identifying the reply message as originating from the server; and
a security monitor, operatively coupled to the port manager that monitors messages from the clients for conformance to predefined conditions and prevents the further sending of non conforming messages wherein the port manager is interposed between the security monitor and the server.
7 Assignments
0 Petitions
Accused Products
Abstract
A proxy which is part of a firewall program controls exchanges of messages between two application entities. The proxy interrogates attempts to send a communication session by requesting entities with a server entity in accordance with defined authentication procedures. The Proxy interfaces with networking software to direct a communication stack to monitor connection messages to any address on specific ports. The requestor'"'"'s address, and the server'"'"'s address are extracted from the messages and checked fo compliance with a security policy such as one including an access control list. If either address is invalid, the proxy deletes the message. If both are valid, the message is relayed, and the ports used are tracked for a predetermined time. Reply messages are then sent using the address of the server entity so that the proxy is transparent to the requester.
252 Citations
25 Claims
-
1. A network communication manager comprising:
-
a port manager that; receives a client message intended for a selected server; assigns such message to a port based on an address in the message; sends the message to the intended server; and routes a reply message from the server to the client while identifying the reply message as originating from the server; and a security monitor, operatively coupled to the port manager that monitors messages from the clients for conformance to predefined conditions and prevents the further sending of non conforming messages wherein the port manager is interposed between the security monitor and the server. - View Dependent Claims (2, 3, 4, 7, 8, 9)
-
- 5. The network communication manager of claim I wherein the security monitor maintains an access control list used to identify authorized clients from which message receipt is acceptable.
-
10. A network communication manager for a firewall which intercepts messages addressed to one or more servers coupled to the firewall, the network communication manager comprising:
-
a port manager that receives messages from a requesting entity addressed to a server entity; a security monitor, operatively coupled to the port manager that monitors messages received from the requesting entity for conformance to supported protocol standards and adherence to a defined security policy; and a relay, operatively coupled to the security monitor, that relays messages from the requesting entity to the server entity using an address of the firewall, responsive to the security monitor and to addresses in the messages, Relays messages from the server entity addressed to the firewall to the requesting entity inserting the address of the server entity in such messages. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of ensuring secure message transfer between a requesting application on one host and a serving application on another host coupled by a network using an unreliable protocol by use of a proxy on a firewall between the hosts, comprising the steps of:
-
receiving a message from the requesting application intended for the serving application; monitoring the message from the requesting application for conformance to a selected communication protocol; relaying the message from the requesting application to the serving application based on a server address in the message and responsive to the conformance of the message to the selected communication protocol while making the message appear as if it originated from the firewall; and relaying a reply message from the serving application to the requesting application having the address of the serving entity encapsulated in the message as an address of origin. - View Dependent Claims (19, 20)
-
-
21. A storage medium having a computer program stored thereon for causing a suitably programmed system to ensure secure message transfer using a connectionless communication protocol between a requesting application entity and a serving application entity, by performing the following steps when such program is executed on the system:
-
receiving a message from the requesting application intended for the serving application; monitoring the message from the requesting application for conformance to a selected communication protocol; relaying the message from the requesting application to the serving application based on a server address imbedded in the message and responsive to the conformance of the message to the selected communication protocol while making the message appear as if it originated from the system; and relaying a reply message from the serving application to the requesting application having the address of the serving entity imbedded in the message as an address of origin. - View Dependent Claims (22, 23)
-
-
24. A network communication controller, comprising:
-
a processor; a memory coupled to the processor; a communications device operatively coupled to the processor and to the memory wherein the communications device provides multiple ports that receive messages; and a firewall module operatively coupled to the processor that implements with the processor a communications protocol that controls connectionless message transfer between a requestor and a server via the communications device ports, wherein the firewall module further comprises; a port manager that receives messages from a requestor addressed to a server; a security monitor, operatively coupled to the port manager that monitors messages received from the requestor for conformance to supported protocol standards and adherence to a defined security policy; and a relay, operatively coupled to the security monitor, that relays messages from the requestor to the server based on a server address incorporated in each message and responsive to the security monitor while using an address of the communication controller and relays messages from the server which are addressed to the communication controller to the requesting entity imbedding the address of the server entity in such messages. - View Dependent Claims (25)
-
Specification