Methods, systems, and computer program products for automatically configuring firewalls
First Claim
Patent Images
1. A method of automatically configuring a firewall, the method comprising:
- automatically detecting an attempt by a software application executing on a user device to communicate through the firewall, wherein the firewall has blocked the communication attempt;
automatically collecting information about the attempt detected;
automatically assessing a danger level of allowing the software application to communicate through the firewall based upon the information collected, comprising determining at least one of the following;
whether the software application is attempting to communicate sensitive and private data from the user device, whether the software application is using a stealth communication method, whether the software application is executing at a root directory level of the user device, whether the software application is executing at an administrator level directory of the user device, whether the software application is attempting to access sensitive memory portions of the user device, whether the software application is attempting to access hard drive portions of the user device including sensitive directories, whether the software application is attempting to execute at a highly privileged operator level of the user device, and whether the software application is attempting to communicate with a suspicious web site; and
automatically reconfiguring the firewall to allow the software application to communicate through the firewall if the assessed danger level is below a threshold danger level, wherein the threshold danger level is variable and further comprising increasing the threshold danger level as a number of blocked software application communication attempts increases, and decreasing the threshold danger level as the number of blocked software application communication attempts decreases.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products that automatically configure firewalls are provided. An blocked attempt by a software application executing on a user device to communicate through a firewall is detected. Information about the detected communication attempt is collected. A danger level of allowing the software application to communicate through the firewall is assessed based upon the collected information. The blocking rules/policy of the firewall are automatically modified to allow the software application to communicate through the firewall if the assessed danger level is below a threshold level.
12 Citations
15 Claims
-
1. A method of automatically configuring a firewall, the method comprising:
-
automatically detecting an attempt by a software application executing on a user device to communicate through the firewall, wherein the firewall has blocked the communication attempt; automatically collecting information about the attempt detected; automatically assessing a danger level of allowing the software application to communicate through the firewall based upon the information collected, comprising determining at least one of the following;
whether the software application is attempting to communicate sensitive and private data from the user device, whether the software application is using a stealth communication method, whether the software application is executing at a root directory level of the user device, whether the software application is executing at an administrator level directory of the user device, whether the software application is attempting to access sensitive memory portions of the user device, whether the software application is attempting to access hard drive portions of the user device including sensitive directories, whether the software application is attempting to execute at a highly privileged operator level of the user device, and whether the software application is attempting to communicate with a suspicious web site; andautomatically reconfiguring the firewall to allow the software application to communicate through the firewall if the assessed danger level is below a threshold danger level, wherein the threshold danger level is variable and further comprising increasing the threshold danger level as a number of blocked software application communication attempts increases, and decreasing the threshold danger level as the number of blocked software application communication attempts decreases. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system that automatically configures a firewall, comprising:
-
a processor; memory coupled to the processor; and a computer program code residing in the memory that, when executed by the processor, causes the processor to perform the following; automatically detect an attempt by a software application executing on a user device to communicate through the firewall, wherein the firewall has blocked the communication attempt; automatically collect information about the attempt detected; automatically assess a danger level of allowing the software application to communicate through the firewall based upon the information collected based on at least one of the following;
whether the software application is attempting to communicate sensitive and private data from the user device, whether the software application is using a stealth communication method, whether the software application is executing at a root directory level of the user device, whether the software application is executing at an administrator level directory of the user device, whether the software application is attempting to access sensitive memory portions of the user device, whether the software application is attempting to access hard drive portions of the user device including sensitive directories, whether the software application is attempting to execute at a highly privileged operator level of the user device such as root, and whether the software application is attempting to communicate with a suspicious web site; andautomatically reconfigure the firewall to allow the software application to communicate through the firewall if the assessed danger level is below a threshold danger level, wherein the threshold danger level is variable and wherein the processor is configured to increase the threshold danger level as a number of blocked software application communication attempts increases, and decrease the threshold danger level as the number of blocked software application communication attempts decreases. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
Specification