Computerized system and method for policy-based content filtering
First Claim
Patent Images
1. A computer-implemented method for processing application-level content of network service protocols, the method comprising:
- receiving an incoming network connection, at a networking subsystem of a firewall device, the incoming connection being characterized by a source network address, a destination network address and a network service protocol;
determining, by the networking subsystem, the network service protocol of the incoming network connection;
determining, by the networking subsystem, whether to allow or deny the incoming connection by identifying a matching firewall policy based on the source network address, the destination network address and the network service protocol and applying packet-layer firewall rules associated with the matching firewall policy;
if the incoming connection is allowed, then;
redirecting the incoming network connection, by the networking subsystem, to a proxy module of one or more proxy modules within the firewall device that is configured to support the network service protocol;
retrieving, by the proxy module, one or more content processing configuration schemes associated with the matching firewall policy, the one or more content processing configuration schemes each including a plurality of content processing configuration settings for each of one or more network service protocols; and
processing, by the proxy module, application-level content of a packet stream associated with the incoming network connection byreconstructing the application-level content, including extracting and buffering content from a plurality of packets of the packet stream; and
scanning the application-level content based on the retrieved one or more content processing configuration schemes.
1 Assignment
1 Petition
Accused Products
Abstract
Firewalls and other filtering gateways have become common security devices for improving computer network security. As more features and functionality are added to these devices they become quite complex to configure. By associating configuration schemes with firewall policies, configuration can be simplified without compromising flexibility. Administrators have more options to filter different traffic streams based on their type and sources. They also have increased flexibility to be able to filter traffic on a per user basis, through authentication mechanisms tied to various filtering options.
52 Citations
30 Claims
-
1. A computer-implemented method for processing application-level content of network service protocols, the method comprising:
-
receiving an incoming network connection, at a networking subsystem of a firewall device, the incoming connection being characterized by a source network address, a destination network address and a network service protocol; determining, by the networking subsystem, the network service protocol of the incoming network connection; determining, by the networking subsystem, whether to allow or deny the incoming connection by identifying a matching firewall policy based on the source network address, the destination network address and the network service protocol and applying packet-layer firewall rules associated with the matching firewall policy; if the incoming connection is allowed, then; redirecting the incoming network connection, by the networking subsystem, to a proxy module of one or more proxy modules within the firewall device that is configured to support the network service protocol; retrieving, by the proxy module, one or more content processing configuration schemes associated with the matching firewall policy, the one or more content processing configuration schemes each including a plurality of content processing configuration settings for each of one or more network service protocols; and processing, by the proxy module, application-level content of a packet stream associated with the incoming network connection by reconstructing the application-level content, including extracting and buffering content from a plurality of packets of the packet stream; and scanning the application-level content based on the retrieved one or more content processing configuration schemes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 22, 23, 24, 25, 26)
-
-
10. A firewall system for processing application-level content of network service protocols, the firewall system comprising:
-
a non-transitory memory having stored therein a configuration database including a plurality of firewall policies and a plurality of content processing configuration schemes, each content processing configuration scheme of the plurality of content processing configuration schemes including a plurality of content processing configuration settings for each of a plurality of network protocols; a networking interface operable to receive a network connection; one or more proxy modules each operable to support one or more network protocols of the plurality of network protocols; and a networking subsystem operable to (i) receive the network connection from the networking interface, (ii) apply packet-layer firewall rules associated with a firewall policy of the plurality of firewall policies that is appropriate for the network connection and (ii) redirect the network connection to a proxy module of the one or more proxy modules based on a network protocol associated with the network connection if the network connection is allowed by the packet-layer firewall rules; and wherein the proxy module processes application-level content of a packet stream associated with the network connection by reconstructing the application-level content, including extracting and buffering content from a plurality of packets of the packet stream; and scanning the application-level content based on one or more content processing configuration schemes of the plurality of content processing configuration schemes that have been associated with the firewall policy by an administrator of the firewall system. - View Dependent Claims (11, 12, 27, 28, 29, 30)
-
-
13. A non-transitory computer-readable storage medium tangibly embodying instructions, which when executed by a firewall system, cause the firewall system to perform a method for processing application-level content, the method comprising:
-
determining, by a networking subsystem of the firewall system, the network service protocol of the incoming network connection, the incoming connection being characterized by a source network address, a destination network address and a network service protocol; determining, by the networking subsystem, whether to allow or deny the incoming connection by identifying a matching firewall policy based on the source network address, the destination network address and the network service protocol and applying packet-layer firewall rules associated with the matching firewall policy; if the incoming connection is allowed, then; redirecting the incoming network connection, by the networking subsystem, to a proxy module of one or more proxy modules of the firewall system that is configured to support the network service protocol; retrieving, by the proxy module, one or more content processing configuration schemes associated with the matching firewall policy, the one or more content processing configuration schemes each including a plurality of content processing configuration settings for each of one or more network service protocols; and processing, by the proxy module, application-level content of a packet stream associated with the incoming network connection by reconstructing the application-level content, including extracting and buffering content from a plurality of packets of the packet stream; and scanning the application-level content based on the retrieved one or more content processing configuration schemes. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification