Secure network proxy for connecting entities
First Claim
1. A network communication session manager comprising:
- a connection manager that responds to an entity requesting a connection to a remote responding entity by simultaneously establishing a transparent session connection operable at a plurality of distinct protocol layers, between the communication session manager and the requesting entity;
a security monitor, operatively coupled to the connection manager that monitors communication from the requesting entity for conformance to predefined conditions and wherein the connection manager, responsive to the security monitor establishes an independent connection to the responding entity; and
a relay, operatively coupled to the connection manager, that relays communication between the requesting entity and the responding entity when both connections are operative, and wherein the relay operates at or below the plurality of distinct protocol layers.
7 Assignments
0 Petitions
Accused Products
Abstract
A proxy which is part of a firewall program controls exchanges of information between two application entities. The proxy interrogates attempts to establish a communication session by requesting entities with a server entity in lower layers in accordance with defined authentication procedures. The proxy interfaces with networking software to direct a communication stack to monitor connection requests to any address on specific ports. The requestor'"'"'s address, and the server'"'"'s address are checked against an access control list. If either address is invalid, the proxy closes the connection. If both are valid, a new connection is setup such that both the requestor and server are transparently connected to the proxy with variable higher levels being connected in a relay mode. Protocol data units are interrogated for conformance to a protocol session, and optionally further decoded to add additional application specific filtering. In one embodiment, an OSI architecture comprises the levels.
411 Citations
29 Claims
-
1. A network communication session manager comprising:
-
a connection manager that responds to an entity requesting a connection to a remote responding entity by simultaneously establishing a transparent session connection operable at a plurality of distinct protocol layers, between the communication session manager and the requesting entity; a security monitor, operatively coupled to the connection manager that monitors communication from the requesting entity for conformance to predefined conditions and wherein the connection manager, responsive to the security monitor establishes an independent connection to the responding entity; and a relay, operatively coupled to the connection manager, that relays communication between the requesting entity and the responding entity when both connections are operative, and wherein the relay operates at or below the plurality of distinct protocol layers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A network communication session manager comprising:
-
a connection manager that responds to a requesting entity for a connection to a remote device and transparently, and sinultaneously, establishes an independent connection operable at a plurality of distant protocol layers, between the network communication session manager and the remote device; a security monitor, operatively coupled to the connection manager that monitors and selectively modifies data communicated from the requesting entity for conformance to supported protocol standards and adherence to a defined security policy; and a relay, operatively coupled to the connection manger, that relays communication between the requesting entity and the remote device when both connections are operative, wherein the relay operates under the control of the security monitor, and further wherein the relay operates at or below the plurality of distinct protocol layers.
-
-
10. A method of ensuring secure communications between a requesting application entity and a serving application entity by use of a proxy therebetween, comprising:
-
responding to an entity requesting a connection to the serving application entity; establishing a transparent session connection operable at a plurality of layers, between the proxy and the requesting entity; monitoring, at a plurality of distinct layer, communication from the requesting entity for conformance to a selected communication protocol; and relaying communication between the requesting entity and the serving entity responsive to the conformance to the selected communication protocol, and further wherein the relay operates at or below the plurality of distinct layers. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A storage medium having a computer program stored thereon for causing a suitably programmed system to ensure communications between a requesting application entity and a serving application entity, by performing the following steps when such program is executed on the system:
-
responding to an entity requesting a connection to the serving application entity; establishing a transparent session connection operable at a plurality of layers, between the system and the requesting entity; monitoring, at a plurality of distinct protocol layers, communication from the requesting entity for conformance to a selected communication protocol; and relaying communication between the requesting entity and the serving entity responsive to the conformance to the selected communication protocol, and further wherein the relay operates at or below the plurality of distinct protocol layers. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A network communication controller, comprising:
-
a processor; a memory coupled to the processor; a communications device operatively coupled to the processor and to the memory, wherein the communications device provides any of a plurality of communication connections; and a firewall module operatively coupled to the processor that implements with the processor a communications protocol that controls communication at a plurality of distinct protocol layers, between a requestor and a server via the communications device, wherein the firewall module further comprises; a connection manger that responds to the requestor requesting a connection to the server and establishes a transparent session connection between the communication controller and the requestor; an interrogator, operatively coupled to the connection manager that monitors communication from the requestor for conformance to a selected communication protocol; and a relay, operatively coupled to the connection manager and to the server, that relays communication between the requestor and the server under the control of the connection manager and further wherein the relay operates at or below the plurality of distinct protocol layers. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification