Method and system for building dynamic firewall rules, based on content of downloaded documents

US 7,093,287 B1
Filed: 10/12/2000
Issued: 08/15/2006
Est. Priority Date: 10/12/2000
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A method for filtering incoming data from an external computer network, comprising:

a firewall that is coupled to said external computer network;

a server computer system coupled to an internal computer network;

a plurality of clients that are coupled to said server computer system, said plurality of clients being unable to access said external computer network directly;

receiving, at said firewall, a document from said external computer network;

determining, by said firewall, whether said document is from a known blocked site;

in response to determining that said document is from a known blocked site, blocking, by said firewall, said document without scanning said document;

determining, by said firewall, whether said document is from a known safe site;

in response to determining that said document is from a known safe site, forwarding, by said firewall, said document to said server without scanning said document, all of said plurality of clients being permitted to access said forwarded document;

in response to determining that said document is not from a known blocked site or a known safe site, scanning, by said firewall, text fields included in said document for pre-selected keyword(s);

blocking, by said firewall, the document if any of said text fields include content that contains pro-selected keywords;

said server computer system being prohibited from receiving said document in response to said document being blocked; and

indicating that a site that sent said document is a known blocked site by adding, by said firewall, the address of said site to a filtering table.

View all claims

13 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A method for filtering incoming data from an external computer network is provided. This method includes scanning the contents of incoming data for pre-selected keyword(s) and allowing it to pass per standard service rules if its content does not contain the pre-selected keyword(s). If the incoming data does contain pre-selected keywords, it is blocked and added to a “known-block” filtering table. Once added to the filtering table, the site will automatically be blocked in the future without having its contents scanned again for pre-selected keywords.

52 Citations

View as Search Results

13 Claims

1. A method for filtering incoming data from an external computer network, comprising:
- a firewall that is coupled to said external computer network;
  
  a server computer system coupled to an internal computer network;
  
  a plurality of clients that are coupled to said server computer system, said plurality of clients being unable to access said external computer network directly;
  
  receiving, at said firewall, a document from said external computer network;
  
  determining, by said firewall, whether said document is from a known blocked site;
  
  in response to determining that said document is from a known blocked site, blocking, by said firewall, said document without scanning said document;
  
  determining, by said firewall, whether said document is from a known safe site;
  
  in response to determining that said document is from a known safe site, forwarding, by said firewall, said document to said server without scanning said document, all of said plurality of clients being permitted to access said forwarded document;
  
  in response to determining that said document is not from a known blocked site or a known safe site, scanning, by said firewall, text fields included in said document for pre-selected keyword(s);
  
  blocking, by said firewall, the document if any of said text fields include content that contains pro-selected keywords;
  
  said server computer system being prohibited from receiving said document in response to said document being blocked; and
  
  indicating that a site that sent said document is a known blocked site by adding, by said firewall, the address of said site to a filtering table.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein the document is allowed to pass per standard service rules if the content does not contain pre-selected keyword(s).
  - 3. The method according to claim 1, further comprising storing an indication in said filtering table of each known safe site that can be passed per standard service rules without having to be scanned for pre-selected keywords.
  - 4. The method according to claim 1, wherein the step of indicating that a site that sent said document is a known blocked site by adding, by said firewall, the address of a site to a filtering table further comprises adding the address of the site to a “
    - known-block”
      
      table when said site has sent a document that includes said pre-selected keywords so that the site will be blocked in the future without having its contents scanned for pre-selected keywords.
  - 5. The method according to claim 1, wherein addition of a site to the filtering table is implemented using a strong text parsing language.
  - 6. The method according to claim 1, wherein the instance of the filter is periodically refreshed to enact the updated filtering tables.

7. A computer program product in a computer readable medium for use in a data processing system for filtering incoming data from an external computer network, the computer program product comprising:
- a firewall that is coupled to said external computer network;
  
  a server computer system coupled to an internal computer network;
  
  a plurality of clients that are coupled to said server computer system, said plurality of clients being unable to access said external computer network directly;
  
  instructions for receiving, at said firewall, a document from said external computer network;
  
  instructions for determining, by said firewall, whether said document is from a known blocked site;
  
  in response to determining that said document is from a known blocked site, instructions for blocking said document without scanning said document;
  
  instructions for determining, by said firewall, whether said document is from a known safe site;
  
  in response to determining that said document is from a known safe site, instructions for forwarding said document to said server without scanning said document, all of said plurality of clients being permitted to access said forwarded document;
  
  in response to determining that said document is not from a known blocked site or a known safe site, instructions for scanning, by said firewall, text fields included in said document for pre-selected keyword(s);
  
  instructions for blocking, by said firewall, the document if any of said text fields include content that contains pre-selected keywords;
  
  said server computer system being prohibited from receiving said document in response to said document being blocked; and
  
  instructions for indicating a site that sent said document is a known blocked site by adding, by said firewall, the address of said site to a filtering table.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product according to claim 7, further comprising instructions for allowing the document to pass per standard service rules if the content does not contain pre-selected keyword(s).
  - 9. The computer program product according to claim 7, further comprising instructions for storing an indication in said filtering table of each known safe site that can be passed per standard service rules without having to be scanned for pre-selected keywords.
  - 10. The computer program product according to claim 7, wherein the instructions for indicating that a site that sent said document is a known blocked site by adding, by said firewall, that address of said site to a filtering table further comprises adding the address of said site to a “
    - known-block”
      
      table when said site has sent a document includes said pre-selected keywords so that the site will be blocked in the future without having its contents scanned for pre-selected keywords.
  - 11. The computer program product according to claim 7, wherein the instructions for addition of a site to the filtering table are implemented in a strong text parsing language.
  - 12. The computer program product according to claim 7, wherein the instance of the filter is periodically refreshed to enact the updated filtering tables.

13. A system for filtering incoming data from an external computer network, the system comprising:
- a firewall that is coupled to said external computer network;
  
  a server computer system coupled to an internal computer network;
  
  a plurality of clients that are coupled to said server computer system, said plurality of clients being unable to access said external computer network directly;
  
  said firewall for receiving a document from said external computer network;
  
  said firewall for determining whether said document is from a known blocked site;
  
  in response to determining that said document is from a known blocked site, said firewall for blocking said document without scanning said document;
  
  said firewall for determining whether said document is from a known safe site;
  
  in response to determining that said document is from a known safe site, said firewall for forwarding said document to said server without scanning said document, all of said plurality of clients being permitted to access said forwarded document;
  
  in response to determining that said document is not from a known blocked site or a known safe site, said firewall for scanning text fields included in said document for pre-selected keyword(s);
  
  said firewall for blocking the document if any of said text fields include content that contains pre-selected keywords;
  
  said server computer system being prohibited from receiving said document in response to said document being blocked; and
  
  said firewall for indicating that a site that sent said document is a known blocked site by adding the address of said site to a filtering table.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Barracuda Networks Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Gusler, Carl Phillip, Hamilton, Rick Allen II
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
HOFFMAN, BRANDON S

Application Number

US09/687,100
Time in Patent Office

2,133 Days
Field of Search

713/201
US Class Current

726/13
CPC Class Codes

H04L 63/0209 Architectural arrangements,...

H04L 63/0227 Filtering policies mail mes...

Method and system for building dynamic firewall rules, based on content of downloaded documents

First Claim

13 Assignments

Litigations

0 Petitions

Accused Products

Abstract

52 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for building dynamic firewall rules, based on content of downloaded documents

First Claim

13 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links