Dynamically adaptive network firewalls and method, system and computer program product implementing same
First Claim
1. A method for constructing a dynamically adaptive network firewall, comprising:
- establishing a firewall model for the firewall, wherein the firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, to the connections between the nodes, or to a combination thereof, wherein each of the nodes represents simultaneously a source and a destination for data packets, wherein the firewall rules in the firewall model implementing a hierarchical structure and comprise dynamic chains of rules forming various paths through the hierarchical structure, and wherein the dynamic chains comprise defined places for functional extensions to the hierarchical structure;
implementing the firewall on one or more machines connected to network segments where the nodes reside; and
dynamically inserting at least one firewall rule at one of the defined places in the hierarchical structure while the firewall is processing traffic through the one or more machines.
10 Assignments
0 Petitions
Accused Products
Abstract
One embodiment creates a model of the traffic through a network firewall and uses that model to dynamically manipulate the network firewall. The firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, the connections between the nodes, or a combination thereof. Each of the nodes represents simultaneously a source and a destination for data packets. The firewall rules include dynamic chains of rules having defined places where firewall rules may be dynamically inserted into or deleted from the firewall while the firewall is operating on one or more machines connected to network segments where the nodes reside.
-
Citations
20 Claims
-
1. A method for constructing a dynamically adaptive network firewall, comprising:
-
establishing a firewall model for the firewall, wherein the firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, to the connections between the nodes, or to a combination thereof, wherein each of the nodes represents simultaneously a source and a destination for data packets, wherein the firewall rules in the firewall model implementing a hierarchical structure and comprise dynamic chains of rules forming various paths through the hierarchical structure, and wherein the dynamic chains comprise defined places for functional extensions to the hierarchical structure; implementing the firewall on one or more machines connected to network segments where the nodes reside; and dynamically inserting at least one firewall rule at one of the defined places in the hierarchical structure while the firewall is processing traffic through the one or more machines. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product comprising one or more computer readable storage media storing computer instructions translatable by one or more processors to perform:
-
establishing a firewall model for the firewall, wherein the firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, to the connections between the nodes, or to a combination thereof, wherein each of the nodes represents simultaneously a source and a destination for data packets, wherein the firewall rules in the firewall model implementing a hierarchical structure and comprise dynamic chains of rules forming various paths through the hierarchical structure, and wherein the dynamic chains comprise defined places for functional extensions to the hierarchical structure; implementing the firewall on one or more machines connected to network segments where the nodes reside; and dynamically inserting at least one firewall rule at one of the defined places in the hierarchical structure while the firewall is processing traffic through the one or more machines. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system, comprising:
-
one or more processors; and one or more computer readable storage media accessible by the one or more processors and storing computer instructions translatable by the one or more processors to perform; establishing a firewall model for the firewall, wherein the firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, to the connections between the nodes, or to a combination thereof, wherein each of the nodes represents simultaneously a source and a destination for data packets, wherein the firewall rules in the firewall model implementing a hierarchical structure and comprise dynamic chains of rules forming various paths through the hierarchical structure, and wherein the dynamic chains comprise defined places for functional extensions to the hierarchical structure; implementing the firewall on one or more machines connected to network segments where the nodes reside; and dynamically inserting at least one firewall rule at one of the defined places in the hierarchical structure while the firewall is processing traffic through the one or more machines. - View Dependent Claims (17, 18, 19, 20)
-
Specification