Integrated computer security management system and method
First Claim
1. A computer-implemented method for managing computer security information, comprising:
- determining by a firewall whether a first packet should be deemed as accepted based upon a first firewall rule;
if the first packet is deemed as accepted, determining by a computer security device, whether to send the first packet based on the determination by the firewall that the first packet is deemed accepted and on a first evaluation by the computer security device, wherein the firewall is different from the computer security device, and wherein the determining by the firewall and the determining by the computer security device are performed in parallel;
determining by the firewall whether a second packet should be deemed as trusted by identifying a source of the second packet, comparing the identified source to a predetermined list, and, if the identified source matches a source on the list, designating the second packet as trusted and originating from a trusted data provider; and
if the second packet is deemed by the firewall as trusted, then sending the second packet without waiting for a second evaluation by the computer security device and irrespective of the second evaluation made by the computer security device.
11 Assignments
0 Petitions
Accused Products
Abstract
The present invention is generally directed to a computer security management system that integrates a firewall with an intrusion detection system (IDS). In other words, the firewall and IDS of the present invention can be designed to communicate process or status information and packets with one another. The present invention can facilitate centralized control of the firewall and the IDS and can increase the speed at which packets are passed between a secured computer network and an external network. Increased packet processing speed can be achieved in several ways. For example, the firewall and IDS can process packets in series, in parallel, and sometimes singularly when one of the components is not permitted to process a packet. Alternatively, singular processing can also be performed when one component is permitted to pass a packet to the secured computer network without checking with the other component.
-
Citations
19 Claims
-
1. A computer-implemented method for managing computer security information, comprising:
-
determining by a firewall whether a first packet should be deemed as accepted based upon a first firewall rule; if the first packet is deemed as accepted, determining by a computer security device, whether to send the first packet based on the determination by the firewall that the first packet is deemed accepted and on a first evaluation by the computer security device, wherein the firewall is different from the computer security device, and wherein the determining by the firewall and the determining by the computer security device are performed in parallel; determining by the firewall whether a second packet should be deemed as trusted by identifying a source of the second packet, comparing the identified source to a predetermined list, and, if the identified source matches a source on the list, designating the second packet as trusted and originating from a trusted data provider; and if the second packet is deemed by the firewall as trusted, then sending the second packet without waiting for a second evaluation by the computer security device and irrespective of the second evaluation made by the computer security device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for managing computer security information, comprising:
-
determining by a firewall whether a first packet should be deemed as accepted based upon a first firewall rule; if the first packet is deemed as accepted, determining by the firewall whether a computer security device comprises availability to evaluate the first packet, wherein the firewall is different from the computer security device, and wherein the determining by the firewall and the evaluation by the computer security device are performed in parallel; if the computer security device does not comprise availability to evaluate the first packet, then determining by the firewall whether to block the first packet without consideration of the computer security device'"'"'s evaluation of the first packet or to process the first packet based on the firewall'"'"'s determination; in response to a determination to process the first packet based on the firewall'"'"'s determination; sending the first packet if the firewall determines that the first packet is deemed as acceptable; and blocking the first packet if the firewall determines that the first packet should be blocked; determining by the firewall whether a second packet should be deemed as trusted by identifying a source of the second packet, comparing the identified source to a predetermined list, and if the identified source matches a source on the list then designating the second packet as trusted and originating from a trusted data provider; and if the second packet is deemed by the firewall as trusted, then sending the second packet without waiting for a second evaluation by the computer security device and irrespective of the second evaluation made by the computer security device. - View Dependent Claims (10, 11, 12, 17)
-
-
13. An integrated computer security management system comprising:
-
a secured computer network; a firewall adapted to perform an evaluation of a packet with one or more rules in order to determine whether to send the packet to the secured computer network, the firewall operative to determine whether the packet is deemed as; accepted based upon the one or more rules, the firewall further operative to wait for further evaluation of the packet by a device other than the firewall before passing the packet, if the packet is accepted;
ortrusted by identifying the packet as originating from a trusted data provider, the firewall further operative to allow the packet to pass without waiting for the further evaluation of the packet by the other device if the packet is deemed as trusted; a computer security device adapted to perform another evaluation of the packet in parallel with the evaluation made by the firewall, to compare the packet with one or more listed signatures, to generate an alert if a match between the packet and one or more listed signatures exists, and to determine whether to send the packet to the secured computer network based on the evaluation of the packet by the computer security device and the evaluation of the packet by the firewall if the firewall deems the packet as accepted, wherein the firewall is different from the computer security device; and a central controller coupled to the firewall and the computer security device, adapted to configure at least one of the firewall and computer security device. - View Dependent Claims (14, 15, 16, 18, 19)
-
Specification