Incorporating network connection security levels into firewall rules
First Claim
Patent Images
1. A method for configuring a firewall for use in a computer system that comprises at least one first device disposed inside the firewall and at least one second device disposed outside the firewall, the method comprising an act of:
- (A) obtaining information on a connection security policy regulating connections in the computer system between the at least one first device and the at least one second device, the connection security policy specifying as a constraint at least one connection security level that can be established for connections between the at least one first device and the at least one second device;
(B) configuring the firewall with at least one rule for the firewall that determines at least one filtering function that the firewall performs on communications between the at least one first device and the at least one second device, wherein the at least one rule employs at least one filtering parameter that is based on the at least one connection security level specified as the constraint of the connection security policy regulating connections in the computer system, the at least one filtering parameter not being uniquely related to a connection between the at least one first device and the at least one second device.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts.
-
Citations
20 Claims
-
1. A method for configuring a firewall for use in a computer system that comprises at least one first device disposed inside the firewall and at least one second device disposed outside the firewall, the method comprising an act of:
-
(A) obtaining information on a connection security policy regulating connections in the computer system between the at least one first device and the at least one second device, the connection security policy specifying as a constraint at least one connection security level that can be established for connections between the at least one first device and the at least one second device; (B) configuring the firewall with at least one rule for the firewall that determines at least one filtering function that the firewall performs on communications between the at least one first device and the at least one second device, wherein the at least one rule employs at least one filtering parameter that is based on the at least one connection security level specified as the constraint of the connection security policy regulating connections in the computer system, the at least one filtering parameter not being uniquely related to a connection between the at least one first device and the at least one second device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. At least one computer readable storage medium encoded with a plurality of instructions that, when executed, perform a method for use in a computer system that comprises a firewall, at least one first device disposed inside the firewall and at least one second device disposed outside the firewall, the method comprising an act of:
(A) configuring the firewall with at least one rule for the firewall that determines at least one filtering function that the firewall performs on communications between the at least one first device and the at least one second device, wherein the at least one rule employs at least one filtering parameter that is based on at least one connection security level specified as a constraint of a connection security policy regulating connections in the computer system between the at least one first device and the at least one second device, the at least one filtering parameter not being uniquely limited to any specific connection. - View Dependent Claims (10, 11, 12, 13, 14)
-
15. A device for use in a computer system that comprises a firewall, at least one first device disposed inside the firewall and at least one second device disposed outside the firewall, the device comprising:
at least one processor programmed to receive information on at least one connection security level specified as a constraint of a connection security policy regulating connections in the computer system between the at least one first device and the at least one second device, the at least one connection security level being able be established for a connection between the at least one first device and the at least one second device; based on the information on the at least one connection security level, configure the firewall with at least one rule for the firewall that determines at least one filtering function that the firewall performs on communications between the at least one first device and the at least one second device, wherein the at least one rule employs at least one filtering parameter identifying the at least one connection security level specified as the constraint of the connection security policy, the at least one filtering parameter having at least one value that is not uniquely limited to a connection between a first device of the at least one first device and a second device of the at least one second device. - View Dependent Claims (16, 17, 18, 19, 20)
Specification