Integrated firewall, IPS, and virus scanner system and method
First Claim
Patent Images
1. A security system, comprising:
- a router; and
a security sub-system component of the router;
wherein the security sub-system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners all integrated into a single sub-system;
wherein each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of users and is configured a user-specific manner;
wherein the user-specific configuration is provided utilizing a plurality of user-specific policies selected by each user such that a first user of the single sub-system is capable of specifying a first policy and a second user of the single sub-system is capable of specifying a second policy different than the first policy;
wherein the security sub-system component of the router exchanges state information, which includes an active or a standby status per port, with another security sub-system component of another router;
wherein if the exchanged state information indicates that the security sub-system component and the other security sub-system component are both active for a port, then the security sub-system component and the other security sub-system component renegotiate a respective status of each security sub-system component for the port.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided including a router and a security sub-system coupled to the router. Such security sub-system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners. Further, each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of user and is configured in a user-specific.
-
Citations
21 Claims
-
1. A security system, comprising:
-
a router; and a security sub-system component of the router; wherein the security sub-system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners all integrated into a single sub-system; wherein each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of users and is configured a user-specific manner; wherein the user-specific configuration is provided utilizing a plurality of user-specific policies selected by each user such that a first user of the single sub-system is capable of specifying a first policy and a second user of the single sub-system is capable of specifying a second policy different than the first policy; wherein the security sub-system component of the router exchanges state information, which includes an active or a standby status per port, with another security sub-system component of another router; wherein if the exchanged state information indicates that the security sub-system component and the other security sub-system component are both active for a port, then the security sub-system component and the other security sub-system component renegotiate a respective status of each security sub-system component for the port. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A security method, comprising:
-
receiving data utilizing a router; and processing the data utilizing a security system component of the router; wherein the security system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners all integrated into a single system; wherein each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of users and is configured in a user-specific manner; wherein the user-specific configuration is provided utilizing a plurality of user-specific policies selected by each user such that a first user of the single system is capable of specifying a first policy and a second user of the single system is capable of specifying a second policy different than the first policy; wherein the security system component of the router exchanges state information, which includes an active or a standby status per port, with another security system component of another router; wherein if the exchanged state information indicates that the security system component and the other security system component are both active for a port, then the security system component and the other security system component renegotiate a respective status of each security system component for the port.
-
-
21. A security computer program product embodied on a computer readable non-transitory medium, comprising:
-
computer code for receiving data utilizing a router; and computer code for processing the data utilizing a security system component of the router; wherein the security system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners all integrated into a single system; wherein each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of users and is configured in a user-specific manner; wherein the user-specific configuration is provided utilizing a plurality of use policies selected by each user such that a first user of the single system is capable of specifying a first policy and a second user of the single system is capable of specifying a second policy different than the first policy; wherein the security system component of the router exchanges state information, which includes an active or a standby status per port, with another security system component of another router; wherein if the exchanged state information indicates that the security system component and the other security system component are both active for a port, then the security system component and the other security system component renegotiate a respective status of each security system component for the port.
-
Specification