Security system for network address translation systems
First Claim
1. An apparatus configured to provide network connections between nodes on a local network and nodes outside the local network, the apparatus comprising:
- a first processor;
memory in communication with the first processor; and
a firewall specifying at least one security criterion and configured to protect the local network from packets that pose a security risk;
wherein the apparatus is operable to;
perform network address translation of network layer addresses associated with packets exchanged between nodes on the local network and nodes outside the local network;
generate a network address translation list including at least one translation, each specifying a local network layer address of a local node and an associated global unique network layer address;
match IP addresses in packets against IP addresses specified in the local network layer address or the associated global unique network layer address of the at least one translation in the network address translation list.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for providing perform network address translation of network layer addresses of packets exchanged between nodes on a local network and nodes outside the local network. This allows local hosts in an enterprise network to share global IP addresses from a limited pool of such addresses available to the enterprise. The translation may be accomplished by replacing the source address in headers on packets destined for the Internet and by replacing destination address in headers on packets entering the local enterprise network from the Internet. Packets arriving from the Internet are screened by an adaptive security algorithm. According to this algorithm, packets are dropped and logged unless they are deemed nonthreatening.
70 Citations
16 Claims
-
1. An apparatus configured to provide network connections between nodes on a local network and nodes outside the local network, the apparatus comprising:
-
a first processor; memory in communication with the first processor; and a firewall specifying at least one security criterion and configured to protect the local network from packets that pose a security risk; wherein the apparatus is operable to; perform network address translation of network layer addresses associated with packets exchanged between nodes on the local network and nodes outside the local network; generate a network address translation list including at least one translation, each specifying a local network layer address of a local node and an associated global unique network layer address; match IP addresses in packets against IP addresses specified in the local network layer address or the associated global unique network layer address of the at least one translation in the network address translation list. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An method for providing network connections between nodes on a local network and nodes outside the local network, the method comprising:
-
performing network address translation of network layer addresses associated with packets exchanged between nodes on the local network and nodes outside the local network; generating, using a first computer-based processing unit, a network address translation list including at least one translation, each specifying a local network layer address of a local node and an associated global unique network layer address; and matching IP addresses in packets against IP addresses specified in the local network layer address or the associated global unique network layer address of the at least one translation in the network address translation list. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A system for providing network connections between nodes on a local network and nodes outside the local network, the system comprising:
-
at least one processor; memory; means for performing network address translation of network layer addresses associated with packets exchanged between nodes on the local network and nodes outside the local network; means for generating a network address translation list including at least one translation, each specifying a local network layer address of a local node and an associated global unique network layer address; and means for matching IP addresses in packets against IP addresses specified in the local network layer address or the associated global unique network layer address of the at least one translation in the network address translation list. - View Dependent Claims (13, 14, 15, 16)
-
Specification