Method and system for building dynamic firewall rules, based on content of downloaded documents
DCFirst Claim
Patent Images
1. A method for filtering incoming data from an external computer network, comprising:
- a firewall that is coupled to said external computer network;
a server computer system coupled to an internal computer network;
a plurality of clients that are coupled to said server computer system, said plurality of clients being unable to access said external computer network directly;
receiving, at said firewall, a document from said external computer network;
determining, by said firewall, whether said document is from a known blocked site;
in response to determining that said document is from a known blocked site, blocking, by said firewall, said document without scanning said document;
determining, by said firewall, whether said document is from a known safe site;
in response to determining that said document is from a known safe site, forwarding, by said firewall, said document to said server without scanning said document, all of said plurality of clients being permitted to access said forwarded document;
in response to determining that said document is not from a known blocked site or a known safe site, scanning, by said firewall, text fields included in said document for pre-selected keyword(s);
blocking, by said firewall, the document if any of said text fields include content that contains pro-selected keywords;
said server computer system being prohibited from receiving said document in response to said document being blocked; and
indicating that a site that sent said document is a known blocked site by adding, by said firewall, the address of said site to a filtering table.
13 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A method for filtering incoming data from an external computer network is provided. This method includes scanning the contents of incoming data for pre-selected keyword(s) and allowing it to pass per standard service rules if its content does not contain the pre-selected keyword(s). If the incoming data does contain pre-selected keywords, it is blocked and added to a “known-block” filtering table. Once added to the filtering table, the site will automatically be blocked in the future without having its contents scanned again for pre-selected keywords.
52 Citations
13 Claims
-
1. A method for filtering incoming data from an external computer network, comprising:
-
a firewall that is coupled to said external computer network; a server computer system coupled to an internal computer network; a plurality of clients that are coupled to said server computer system, said plurality of clients being unable to access said external computer network directly; receiving, at said firewall, a document from said external computer network; determining, by said firewall, whether said document is from a known blocked site; in response to determining that said document is from a known blocked site, blocking, by said firewall, said document without scanning said document; determining, by said firewall, whether said document is from a known safe site; in response to determining that said document is from a known safe site, forwarding, by said firewall, said document to said server without scanning said document, all of said plurality of clients being permitted to access said forwarded document; in response to determining that said document is not from a known blocked site or a known safe site, scanning, by said firewall, text fields included in said document for pre-selected keyword(s); blocking, by said firewall, the document if any of said text fields include content that contains pro-selected keywords; said server computer system being prohibited from receiving said document in response to said document being blocked; and indicating that a site that sent said document is a known blocked site by adding, by said firewall, the address of said site to a filtering table. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product in a computer readable medium for use in a data processing system for filtering incoming data from an external computer network, the computer program product comprising:
-
a firewall that is coupled to said external computer network; a server computer system coupled to an internal computer network; a plurality of clients that are coupled to said server computer system, said plurality of clients being unable to access said external computer network directly; instructions for receiving, at said firewall, a document from said external computer network; instructions for determining, by said firewall, whether said document is from a known blocked site; in response to determining that said document is from a known blocked site, instructions for blocking said document without scanning said document; instructions for determining, by said firewall, whether said document is from a known safe site; in response to determining that said document is from a known safe site, instructions for forwarding said document to said server without scanning said document, all of said plurality of clients being permitted to access said forwarded document; in response to determining that said document is not from a known blocked site or a known safe site, instructions for scanning, by said firewall, text fields included in said document for pre-selected keyword(s); instructions for blocking, by said firewall, the document if any of said text fields include content that contains pre-selected keywords; said server computer system being prohibited from receiving said document in response to said document being blocked; and instructions for indicating a site that sent said document is a known blocked site by adding, by said firewall, the address of said site to a filtering table. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for filtering incoming data from an external computer network, the system comprising:
-
a firewall that is coupled to said external computer network; a server computer system coupled to an internal computer network; a plurality of clients that are coupled to said server computer system, said plurality of clients being unable to access said external computer network directly; said firewall for receiving a document from said external computer network; said firewall for determining whether said document is from a known blocked site; in response to determining that said document is from a known blocked site, said firewall for blocking said document without scanning said document; said firewall for determining whether said document is from a known safe site; in response to determining that said document is from a known safe site, said firewall for forwarding said document to said server without scanning said document, all of said plurality of clients being permitted to access said forwarded document; in response to determining that said document is not from a known blocked site or a known safe site, said firewall for scanning text fields included in said document for pre-selected keyword(s); said firewall for blocking the document if any of said text fields include content that contains pre-selected keywords; said server computer system being prohibited from receiving said document in response to said document being blocked; and said firewall for indicating that a site that sent said document is a known blocked site by adding the address of said site to a filtering table.
-
Specification