Method and apparatus for managing internetwork and intranetwork activity
First Claim
1. A computer-readable medium having computer-executable components for managing communication of data packets between an intranetwork and an internetwork, the intranetwork connecting a plurality of computers via a communications medium, the internetwork connecting a plurality of intranetworks via communications media, the computer-readable medium having computer-executable components comprising:
- (a) a graphical user interface for allowing an administrator of a computer connected to the intranetwork to input;
(i) user information identifying each user of a computer connected to the intranetwork;
(ii) mapping information mapping each identified user to at least one computer connected to intranetwork; and
(ii) user policies for each identified user governing the communication of data packets between the identified user and the internetwork;
(b) a database for storing the user information, mapping information and user policies for each identified user provided by the administrator using the graphical user interface;
(c) a filter executive for optimizing the user policies for each identified user stored in the database into a set of rules for each identified user; and
(d) a filter engine for filtering data packets communicated between the intranetwork and the internetwork according to the set of rules for each identified user optimized by the filter executive and the mapping information for each identified user.
21 Assignments
0 Petitions
Reexamination
Accused Products
Abstract
In accordance with the present invention, a network management program (80) is provided that manages the communication of data packets between an intranetwork (44) and an internetwork (40). An operator of a computer connected to the intranetwork (44) inputs vital information regarding users of computers connected to the intranetwork (44), mapping information regarding computers connected to the intranetwork (44), and policies to be applied against those users and computers, using a graphical user interface (GUI 70). The GUI (70) communicates the vital user information, mapping information and policies to a database (72) which stores and organizes the vital user information, mapping information and policies. A filter executive (76) optimizes the policies stored in the database (72) into a set of rules for each user and passes the rules to a filter engine (78). The filter engine (78) filters all outbound data packets transmitted from the intranetwork (44) to the internetwork (40) and verifies all inbound data packets from the internetwork (40) according to the rules provided by the filter executive (76). The filter executive (76) also communicates the mapping information stored in the database (72) to a naming service manager (74) which further updates the mapping information and returns the updated mapping information to the filter executive (76). Consequently, the filter executive (78) filters the data packets according to the most recent mapping information.
631 Citations
72 Claims
-
1. A computer-readable medium having computer-executable components for managing communication of data packets between an intranetwork and an internetwork, the intranetwork connecting a plurality of computers via a communications medium, the internetwork connecting a plurality of intranetworks via communications media, the computer-readable medium having computer-executable components comprising:
-
(a) a graphical user interface for allowing an administrator of a computer connected to the intranetwork to input; (i) user information identifying each user of a computer connected to the intranetwork; (ii) mapping information mapping each identified user to at least one computer connected to intranetwork; and (ii) user policies for each identified user governing the communication of data packets between the identified user and the internetwork; (b) a database for storing the user information, mapping information and user policies for each identified user provided by the administrator using the graphical user interface; (c) a filter executive for optimizing the user policies for each identified user stored in the database into a set of rules for each identified user; and (d) a filter engine for filtering data packets communicated between the intranetwork and the internetwork according to the set of rules for each identified user optimized by the filter executive and the mapping information for each identified user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An apparatus for managing communication of data packets between an intranetwork and an internetwork, the intranetwork connecting a plurality of computers via a communications medium, the internetwork connecting a plurality of intranetworks via communications media, the apparatus comprising:
-
(a) a storage medium for storing; (i) a database which includes user information, mapping information and policies for each user of a computer connected to the intranetwork, wherein the user information identifies each user, wherein the mapping information maps each user to a computer connected to the intranetwork, and wherein the policies govern the communication of data packets between each user and the internetwork; (ii) a filter executive which optimizes the user policies for each user stored in the database into a set of rules for each user; and (iii) a filter engine which filters data packets communicated between the intranetwork and the internetwork according to the set of rules for each user optimized by the filter executive and the mapping information for each user; and (b) a processing unit electronically coupled to the storage medium for executing program instructions which maintain the database, implement the filter executive and implement the filter engine. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A method for managing communication of information between users of a plurality of computers connected to an intranetwork, and an internetwork, wherein the internetwork connects a plurality of intranetworks, the method comprising:
-
(a) identifying each user of the plurality of computers connected to the intranetwork; (b) mapping each user to at least one computer connected to the intranetwork; (c) establishing a set of user rules for each user governing the communication of information between the user and the internetwork; and (d) filtering the information communicated between the users of the plurality of computers connected to the intranetwork and the internetwork according to the set of user rules for each user. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
-
Specification