Internal network node with dedicated firewall
DCFirst Claim
1. A network arrangement comprising a first group of nodes defining an internal network and a second group of nodes defining an external network, said external network being connected in communication with said internal network by an intermediate node including a bastion firewall for protecting the nodes of the internal network from unauthorized communication originating at external nodes, the improvement comprising said internal network including,(a) a network attached device (NAD), and (b) a NAD node at which must be received every request for network access to said NAD initially originated at any other node of the network arrangement, said NAD node including computer readable medium having computer-executable instructions that perform the steps of, (i) receiving at said NAD node a request for network access to said NAD, (ii) determining whether the request for network access to said NAD is authorized, (iii) providing network access to said NAD when a request is authorized, and (iv) denying network access to said NAD when a request is not authorized,
- said NAD thereby being protected by a dedicated NAD firewall at said NAD node from unauthorized network access requests originating at said intermediate and internal and external nodes of the network arrangement.
17 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A network attached device server for implementing a network attached device and firewall management system (NADFW-MS). The NADFW-MS provides a multiple direction firewall that is dedicated for the protection of one or more associated NADs. The firewall is considered to be multiple directional because it filters data packets based on the network interface used to transport the data packets. The firewall is also able to filter data packets based on any other information contained in a data packet header. A data packet that does not penetrate the firewall is discarded and the reason for discarding the data packet is recorded in a log file. A data packet that does pass through the firewall is sent to a data management system that is responsible for providing access to the appropriate associated NAD. The data management system uses network protocol programs and interface mechanisms to process the data packet and to communicate the data packet to the appropriate NAD. The data management system may also function as a proxy server and generate a new data packet that is forwarded to another NAD server.
174 Citations
90 Claims
-
1. A network arrangement comprising a first group of nodes defining an internal network and a second group of nodes defining an external network, said external network being connected in communication with said internal network by an intermediate node including a bastion firewall for protecting the nodes of the internal network from unauthorized communication originating at external nodes, the improvement comprising said internal network including,
(a) a network attached device (NAD), and (b) a NAD node at which must be received every request for network access to said NAD initially originated at any other node of the network arrangement, said NAD node including computer readable medium having computer-executable instructions that perform the steps of, (i) receiving at said NAD node a request for network access to said NAD, (ii) determining whether the request for network access to said NAD is authorized, (iii) providing network access to said NAD when a request is authorized, and (iv) denying network access to said NAD when a request is not authorized, - said NAD thereby being protected by a dedicated NAD firewall at said NAD node from unauthorized network access requests originating at said intermediate and internal and external nodes of the network arrangement.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
37. A method of managing access to a network attached device (NAD) in a network arrangement including a first group of nodes defining an internal network and a second group of nodes defining an external network, the external network being connected in communication with the internal network by an intermediate node including a bastion firewall for protecting the nodes of the internal network from unauthorized communication originating at external nodes, the internal network including the NAD, the method comprising the steps of:
-
(a) determining for each and every request for network access to the NAD whether each request for network access to said NAD is authorized, (b) providing network access to said NAD when a request is authorized, and (c) denying network access to said NAD when a request is not authorized, whereby the NAD is protected by a dedicated NAD firewall from unauthorized network access requests originating at the intermediate and internal and external nodes of the network arrangement. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
(a) determining whether the header of the data packet contains information identifying a proper port of said NAD; (b) passing the data packet to the proper port; and
(c) at the proper port, using a network protocol program and an interface mechanism to provide the requested network access to said NAD.
-
-
45. The method of claim 37, wherein said NAD comprises a storage drive.
-
46. The method of claim 45, wherein said storage drive comprises a ZIP drive.
-
47. The method of claim 45, wherein said storage drive comprises a JAZ drive.
-
48. The method of claim 45, wherein said storage drive comprises a CD-ROM drive.
-
49. The method of claim 45, wherein said storage drive comprises a DVD drive.
-
50. The method of claim 45, wherein said storage drive comprises an optical drive.
-
51. The method of claim 45, wherein said storage drive comprises a tape drive.
-
52. The method of claim 45, wherein said storage drive comprises a hard drive.
-
53. The method of claim 37, wherein said NAD comprises a printer.
-
54. The method of claim 37, wherein said NAD comprises an audio device.
-
55. The method of claim 37, wherein said NAD comprises a video device.
-
56. The method of claim 37, wherein said NAD comprises a facsimile machine.
-
57. The method of claim 37, wherein said NAD comprises an audio-visual device.
-
58. An apparatus comprising an internal node of an internal network of a network arrangement, said internal node including a network attached device (NAD) and a computer with computer readable media having computer-executable instructions that perform the steps of,
(a) communicating with the network, including receiving requests for network access to the NAD, (b) determining whether each request for network access to said NAD is authorized, (c) providing network access to said NAD when a request is authorized, and (d) denying network access to said NAD when a request is not authorized, said NAD thereby being protected from unauthorized network access by a dedicated firewall of the apparatus.
-
79. An apparatus comprising an internal node of an internal network of a network arrangement, said internal node including a CD-ROM server with computer readable media having computer-executable instructions that perform the steps of,
(a) communicating with the network, including receiving requests for network access to a CD, (b) determining whether each request for network access to said CD is authorized, (c) providing network access to said CD when a request is authorized, and (d) denying network access to said CD when a request is not authorized, said CD-ROM server thereby being protected from unauthorized network access by a dedicated firewall of the apparatus.
-
80. An apparatus comprising an internal node of an internal network of a network arrangement, said internal node including a network storage server with computer readable media having computer-executable instructions that perform the steps of,
(a) communicating with the network, including receiving requests for network access to network storage, (b) determining whether each request for network access to said network storage is authorized, (c) providing network access to said network storage when a request is authorized, and (d) denying network access to said network storage when a request is not authorized, said network storage server thereby being protected from unauthorized network access by a dedicated firewall of the apparatus.
-
81. An apparatus comprising an internal node of an internal network of a network arrangement, said internal node including an audio device and computer readable media having computer-executable instructions that perform the steps of,
(a) communicating with the network, including receiving requests for network access to functions of said audio device, (b) determining whether each request for network access is authorized, (c) providing the requested network access when a request is authorized, and (d) denying the requested network access when a request is not authorized, said audio device thereby being protected from unauthorized network access by a dedicated firewall of the apparatus.
-
82. An apparatus comprising an internal node of an internal network of a network arrangement, said internal node including a video device and computer readable media having computer-executable instructions that perform the steps of,
(a) communicating with the network, including receiving requests for network access to functions of said video device, (b) determining whether each request for network access is authorized, (c) providing the requested network access when a request is authorized, and (d) denying the requested network access when a request is not authorized, said video device thereby being protected from unauthorized network access by a dedicated firewall of the apparatus.
-
83. An apparatus comprising an internal node of an internal network of a network arrangement, said internal node including a facsimile machine and computer readable media having computer-executable instructions that perform the steps of,
(a) communicating with the network, including receiving requests for network access to functions of said facsimile machine, (b) determining whether each request for network access is authorized, (c) providing the requested network access when a request is authorized, and (d) denying the requested network access when a request is not authorized, said facsimile machine thereby being protected from unauthorized network access by a dedicated firewall of the apparatus.
-
84. An apparatus comprising an internal node of an internal network of a network arrangement, said internal node including a printer and computer readable media having computer-executable instructions that perform the steps of,
(a) communicating with the network, including receiving requests for network access to functions of said printer, (b) determining whether each request for network access is authorized, (c) providing the requested network access when a request is authorized, and (d) denying the requested network access when a request is not authorized, said printer thereby being protected from unauthorized network access by a dedicated firewall of the apparatus.
Specification