Firewalls that filter based upon protocol commands
First Claim
Patent Images
1. A method of controlling data transfers between a first and a second computer network, the method comprising:
- monitoring protocol commands by a proxy coupled between the first and second computer networks;
interpreting protocol commands exchanged between the first and second computer networks;
determining the type of protocol being used; and
restricting access to certain resources within the first and second computer networks based on the type of communications protocol being used and the type of protocol commands exchanged between the first and second computer networks, wherein restricting access is determined dynamically based on environmental changes.
1 Assignment
0 Petitions
Accused Products
Abstract
Data transfer is controlled between a first network and a second network of computers by a firewall-proxy combination. Active interpretation of protocol commands exchanged between the first network and the second network is performed to determine specific actions concerning completion of the protocol request. This active firewall-proxy combination may exist on either the first or second network of computers. This method of control provides centralized control and administration for all potentially reachable resources within a network.
84 Citations
25 Claims
-
1. A method of controlling data transfers between a first and a second computer network, the method comprising:
-
monitoring protocol commands by a proxy coupled between the first and second computer networks;
interpreting protocol commands exchanged between the first and second computer networks;
determining the type of protocol being used; and
restricting access to certain resources within the first and second computer networks based on the type of communications protocol being used and the type of protocol commands exchanged between the first and second computer networks, wherein restricting access is determined dynamically based on environmental changes. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of controlling data transfers between a first computer network and a second computer network, the first computer network includes a client computer and a firewall comprised of two routers and a proxy, the method comprising:
-
monitoring actively by a proxy reviewing protocol commands;
receiving by the proxy a request from the client computer to establish a session with the second computer network;
establishing a session with the second computer network by the proxy;
receiving protocol commands after a session is begun by the proxy from the client computer;
determining the type of protocol being used;
selectively allowing certain protocol commands to be transmitted to the second computer network based upon predetermined rules stored within the proxy, wherein said predetermined rules selected based upon the type of protocol being used, and allowing certain protocol commands is dynamically determined based on environmental changes; and
determining completion actions based upon the transmitted protocol commands. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method of controlling data transfers between a first computer network and a second computer network, the first computer network includes a client computer and a firewall comprised of two routers and a proxy, the method comprising:
-
monitoring actively by a proxy reviewing protocol commands;
receiving by the proxy a request from the client computer to establish a session with the second computer network;
establishing a session with the second computer network by the proxy;
receiving protocol commands by the proxy after a session is begun from the second computer network;
determining the type of protocol being used;
filtering the protocol commands to allow only certain of the protocol commands to be transmitted to the client computer based upon predetermined rules stored within the proxy, wherein said predetermined rules selected based upon the type of protocol being used, and filtering the protocol commands is dynamically determined based on environmental changes; and
determining completion actions based upon the transmitted protocol commands. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer-readable medium comprising program instructions for controlling data transfers between a first computer network and a second computer network by performing the following:
-
monitoring protocol commands;
interpreting protocol commands exchanged between the first and second computer networks;
determining completion actions based upon the type of communications protocol being used and the exchanged interpreted protocol commands for restricting access to certain resources within the first and second computer networks. - View Dependent Claims (20)
-
-
21. An apparatus for controlling data transfer between a first and a second computer network, the apparatus comprising:
-
a proxy server;
a first filter-router coupled between the first computer network and said proxy server;
a second filter-router coupled between the second computer network and said proxy server; and
wherein said proxy server monitors and interprets exchanged protocol commands between the first and second computer networks after a session is begun to determine completion actions based upon the type of communications protocol being used and the type of protocol commands exchanged between the first and second networks. - View Dependent Claims (22, 23, 24, 25)
-
Specification