Method and apparatus in an application framework system for providing a port and network hardware resource firewall for distributed applications
First Claim
1. A method for managing a distributed port firewall system, the method comprising:
- configuring a port for access by a specified user during a specified time interval and denying access to all other users during the specified time interval;
deploying and starting a target endpoint firewall client on a target endpoint computing device;
deploying and starting a source endpoint firewall client on the specified user'"'"'s source endpoint computing device;
responsive to a request by the specified user for access to the port and responsive to a determination that the requested port is assigned to the user for use at the time requested, returning the requested port to the specified user, wherein the request by the specified user for access to the port is from an application that the specified user is executing on the source endpoint computing device, wherein the specified user executable application is enabled to open the port on the target endpoint computing devicewherein the step of deploying and starting a target endpoint firewall client is responsive to the specified user logging onto the target endpoint, the target endpoint firewall client being operative to query a port firewall database and responsive thereto, to selectively enable access to the requested resource by the application based on firewall properties maintained in the port firewall database.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, system, apparatus, and computer program product are presented for a distributed port firewall system. The distributed port firewall system provides mapping of port usage to application needs, application action object (AAO) used to identify the use of ports. Application action object may be opened based on endpoint and user. Port firewall “properties” are added in order to configure firewall which are only configurable by certain trusted users or applications. Different policies applied to usage and the opening of ports based on both a collection of endpoints, managed regions, or on a per endpoint basis. Beyond just allowing an application to open a port, the allowed packet types are also configured to work in conjunction with a distributed packet snooper session.
60 Citations
25 Claims
-
1. A method for managing a distributed port firewall system, the method comprising:
-
configuring a port for access by a specified user during a specified time interval and denying access to all other users during the specified time interval; deploying and starting a target endpoint firewall client on a target endpoint computing device; deploying and starting a source endpoint firewall client on the specified user'"'"'s source endpoint computing device; responsive to a request by the specified user for access to the port and responsive to a determination that the requested port is assigned to the user for use at the time requested, returning the requested port to the specified user, wherein the request by the specified user for access to the port is from an application that the specified user is executing on the source endpoint computing device, wherein the specified user executable application is enabled to open the port on the target endpoint computing device wherein the step of deploying and starting a target endpoint firewall client is responsive to the specified user logging onto the target endpoint, the target endpoint firewall client being operative to query a port firewall database and responsive thereto, to selectively enable access to the requested resource by the application based on firewall properties maintained in the port firewall database. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product in a computer readable media for use in a computing device for managing a distributed port firewall system, the computer program product comprising:
-
first instructions for configuring a port for access by a specified user during a specified time interval and denying access to all other users during the specified time interval; second instructions for deploying and starting a target endpoint firewall client on a target endpoint computing device; third instructions for deploying and starting a source endpoint firewall client on the specified user'"'"'s source endpoint computing device; fourth instructions for responsive to a request by the specified user for access to the port and responsive to a determination that the requested port is assigned to the user for use at the time requested, returning the requested port to the specified user, wherein the request by the specified user for access to the port is from an application that the specified user is executing on the source endpoint computing device, wherein the specified user executable application is enabled to open the port on the target endpoint computing device wherein the third instructions for deploying and starting a target endpoint firewall client is responsive to the specified user logging onto the target endpoint, the target endpoint firewall client being operative to query a port firewall database and responsive thereto, to selectively enable access to the requested resource by the application based on firewall properties maintained in the port firewall database. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for managing a distributed port firewall system, the system comprising:
-
first means for configuring a port for access by a specified user during a specified time interval and denying access to all other users during the specified time interval; second means for deploying and starting a target endpoint firewall client on a target endpoint computing device; third means for deploying and starting a source endpoint firewall client on the specified user'"'"'s source endpoint computing device; fourth means for responsive to a request by the specified user for access to the port and responsive to a determination that the requested port is assigned to the user for use at the time requested, returning the requested port to the specified user, wherein the request by the specified user for access to the port is from an application that the specified user is executing on the source endpoint computing device, wherein the specified user executable application is enabled to open the port on the target endpoint computing device wherein the third means for deploying and starting a target endpoint firewall client is responsive to the specified user logging onto the target endpoint, the target endpoint firewall client being operative to query a port firewall database and responsive thereto, to selectively enable access to the requested resource by the application based on firewall properties maintained in the port firewall database. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A distributed port firewall system, comprising:
-
a gateway, of the distributed port firewall system, comprising a port firewall database, the port firewall database having stored therein firewall properties for endpoints of the distributed port firewall system, including an indication of which endpoints can have remote access to ports of the distributed port firewall system; a first endpoint computing device, of the distributed port firewall system, comprising an application requesting a resource; and a second endpoint computing device, of the distributed port firewall system, comprising the requested resource and a firewall process operative to query the port firewall database and responsive thereto, to selectively enable access to the requested resource by the application wherein the firewall process on the second endpoint computing device retrieves firewall properties from a port firewall manager coupled to the port firewall database. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A port firewall manager, comprising:
-
means for receiving an action object from an application executing on a source endpoint computing device, said action object containing a request for a resource; and means for initiating, responsive to the means for receiving the action object, a client firewall process on a target endpoint computing device, the target endpoint computing device comprising the requested resource, wherein the client firewall process is operable to determine access properties associated with the requested resource means for receiving, from the target endpoint computing device, a request for firewall properties associated with the requested resource; means for retrieving the firewall properties from a firewall database; and means for sending the retrieved firewall properties to the target endpoint computing device. - View Dependent Claims (23, 24, 25)
-
Specification