Integrated firewall, IPS, and virus scanner system and method

US 8,015,611 B2
Filed: 09/10/2007
Issued: 09/06/2011
Est. Priority Date: 01/10/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A security system, comprising:

a router; and

a security sub-system component of the router;

wherein the security sub-system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners all integrated into a single sub-system;

wherein each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of users and is configured a user-specific manner;

wherein the user-specific configuration is provided utilizing a plurality of user-specific policies selected by each user such that a first user of the single sub-system is capable of specifying a first policy and a second user of the single sub-system is capable of specifying a second policy different than the first policy;

wherein the security sub-system component of the router exchanges state information, which includes an active or a standby status per port, with another security sub-system component of another router;

wherein if the exchanged state information indicates that the security sub-system component and the other security sub-system component are both active for a port, then the security sub-system component and the other security sub-system component renegotiate a respective status of each security sub-system component for the port.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided including a router and a security sub-system coupled to the router. Such security sub-system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners. Further, each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of user and is configured in a user-specific.

Citations

21 Claims

1. A security system, comprising:
- a router; and
  
  a security sub-system component of the router;
  
  wherein the security sub-system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners all integrated into a single sub-system;
  
  wherein each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of users and is configured a user-specific manner;
  
  wherein the user-specific configuration is provided utilizing a plurality of user-specific policies selected by each user such that a first user of the single sub-system is capable of specifying a first policy and a second user of the single sub-system is capable of specifying a second policy different than the first policy;
  
  wherein the security sub-system component of the router exchanges state information, which includes an active or a standby status per port, with another security sub-system component of another router;
  
  wherein if the exchanged state information indicates that the security sub-system component and the other security sub-system component are both active for a port, then the security sub-system component and the other security sub-system component renegotiate a respective status of each security sub-system component for the port.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The system as recited in claim 1, wherein the security sub-system further includes a plurality of anti-spam modules and each of the anti-spam modules is assigned to at least one of the plurality of the users and is configured in the user-specific manner.
  - 3. The system as recited in claim 1, wherein the security sub-system further includes a plurality of content filtering modules and each of the content filtering modules is assigned to at least one of the plurality of the users and is configured in the user-specific manner.
  - 4. The system as recited in claim 1, wherein the security sub-system further includes a plurality of uniform resource locator (URL) filtering modules and each of the URL filtering modules is assigned to at least one of the plurality of the users and is configured in the user-specific manner.
  - 5. The system as recited in claim 1, wherein the security sub-system further includes a plurality of virtual private network (VPN) modules and each of the VPN modules is assigned to at least one of the plurality of the users and is configured in the user-specific manner.
  - 6. The system as recited in claim 1, wherein the security sub-system further includes a plurality of spyware filtering modules and each of the spyware filtering modules is assigned to at least one of the plurality of the users and is configured in the user-specific manner.
  - 7. The system as recited in claim 1, wherein the security sub-system further includes a plurality of adware filtering modules and each of the adware filtering modules is assigned to at least one of the plurality of the users and is configured in the user-specific manner.
  - 8. The system as recited in claim 1, wherein the user-specific policies are selected utilizing a graphical user interface.
  - 9. The system as recited in claim 8, wherein the graphical user interface includes a virtual firewall interface, a virtual IPS interface, and a virtual virus scanner interface.
  - 10. The system as recited in claim 1, wherein the system is used to counter terrorism.
  - 11. The system as recited in claim 1, wherein the security sub-system is equipped with a failover function.
  - 12. The system as recited in claim 1, wherein the security sub-system requires the first user and the second user to log-in before specifying the first policy and the second policy.
  - 13. The system as recited in claim 1, wherein the first user is required to log-in to a first subscriber portal and the second user is required to log-in to a second subscriber portal.
  - 14. The system as recited in claim 13, wherein upper domain information is hidden in the first subscriber portal and the second subscriber portal.
  - 15. The system as recited in claim 14, wherein the upper domain information that is hidden in the first subscriber portal and the second subscriber portal includes details on policies applied to a first domain that is above or parallel with a second domain of the first user and the second user.
  - 16. The system as recited in claim 1, wherein for each one of the plurality of users, functionality of each of the virtual firewalls, the IPSs, and the virus scanners assigned to the user is provided upon subscription by the user.
  - 17. The system as recited in claim 16, wherein for the functionality of each of the virtual firewalls, the IPSs, and the virus scanners, configuration of the functionality only appears in a subscriber user interface if the functionality is provisioned to the user by a reseller utilizing a reseller user interface separate from the subscriber user interface.
  - 18. The system as recited in claim 17, wherein the functionality is provisioned by the reseller only if the functionality is subscribed to by the user.
  - 19. The system as recited in claim 1, wherein the user-specific configuration includes a maximum number of ACL entries, a maximum number of NAT/PAT entries, a maximum number of routes, a maximum number of TCP flows at one time, a maximum number of content filtering rules, a maximum number of Sub-Admin domains that can be created, and a maximum number of SSL keys.

20. A security method, comprising:
- receiving data utilizing a router; and
  
  processing the data utilizing a security system component of the router;
  
  wherein the security system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners all integrated into a single system;
  
  wherein each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of users and is configured in a user-specific manner;
  
  wherein the user-specific configuration is provided utilizing a plurality of user-specific policies selected by each user such that a first user of the single system is capable of specifying a first policy and a second user of the single system is capable of specifying a second policy different than the first policy;
  
  wherein the security system component of the router exchanges state information, which includes an active or a standby status per port, with another security system component of another router;
  
  wherein if the exchanged state information indicates that the security system component and the other security system component are both active for a port, then the security system component and the other security system component renegotiate a respective status of each security system component for the port.

21. A security computer program product embodied on a computer readable non-transitory medium, comprising:
- computer code for receiving data utilizing a router; and
  
  computer code for processing the data utilizing a security system component of the router;
  
  wherein the security system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners all integrated into a single system;
  
  wherein each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of users and is configured in a user-specific manner;
  
  wherein the user-specific configuration is provided utilizing a plurality of use policies selected by each user such that a first user of the single system is capable of specifying a first policy and a second user of the single system is capable of specifying a second policy different than the first policy;
  
  wherein the security system component of the router exchanges state information, which includes an active or a standby status per port, with another security system component of another router;
  
  wherein if the exchanged state information indicates that the security system component and the other security system component are both active for a port, then the security system component and the other security system component renegotiate a respective status of each security system component for the port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Gupta, Ramesh M., Raman, Ananth, Vissamsetti, Srikant, Haeffele, Steven M.
Primary Examiner(s)
Revak; Christopher A

Application Number

US11/852,932
Publication Number

US 20080060073A1
Time in Patent Office

1,457 Days
Field of Search

None
US Class Current

726/23
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Integrated firewall, IPS, and virus scanner system and method

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated firewall, IPS, and virus scanner system and method

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links