Network adapter firewall system and method

US 8,185,943 B1
Filed: 12/20/2001
Issued: 05/22/2012
Est. Priority Date: 12/20/2001
Status: Active Grant

First Claim

Patent Images

1. A network adapter, comprising:

a plurality of designated trusted and untrusted ports; and

a processor provisioned in the network adapter, configured for providing firewall capabilities, and coupled within a computer, the network adapter coupled to a network via the ports, wherein network traffic from the trusted ports bypasses the processor, wherein the network adapter processor is configured for;

assembling the network traffic into packets, wherein a subset of the packets greater than a threshold for a maximum size of packets are stored in random access memory of the computer;

performing an initial determination whether certain assembled incoming packets are of interest for screening activities based on, at least, determining a source of the certain assembled incoming packets, a protocol of the certain assembled incoming packets, a timing of the certain assembled incoming packets and content within the certain assembled incoming packets;

determining whether the certain assembled incoming packets of interest violate a plurality of predetermined rules for packet transmissions;

denying access to certain areas of the computer based on a violation of the predetermined rules, wherein the violation is associated with remote access to the computer using an authentication certificate;

granting access to the certain areas of the computer if no violation occurs; and

communicating an alert that signals the violation, wherein the alert is provided using an indicator on the network adapter and the alert includes a plurality of options for addressing the violation.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network adapter system and associated method are provided. Included is a network adapter having a plurality of designated trusted and untrusted ports. The network adapter includes a processor coupled to a computer. Such processor is further coupled to a network via the ports. In use, the processor is configured for conditionally preventing network traffic from accessing the computer from the network via the untrusted ports and/or preventing unauthorized software from accessing the network in an untrusted manner from the computer.

Citations

14 Claims

1. A network adapter, comprising:
- a plurality of designated trusted and untrusted ports; and
  
  a processor provisioned in the network adapter, configured for providing firewall capabilities, and coupled within a computer, the network adapter coupled to a network via the ports, wherein network traffic from the trusted ports bypasses the processor, wherein the network adapter processor is configured for;
  
  assembling the network traffic into packets, wherein a subset of the packets greater than a threshold for a maximum size of packets are stored in random access memory of the computer;
  
  performing an initial determination whether certain assembled incoming packets are of interest for screening activities based on, at least, determining a source of the certain assembled incoming packets, a protocol of the certain assembled incoming packets, a timing of the certain assembled incoming packets and content within the certain assembled incoming packets;
  
  determining whether the certain assembled incoming packets of interest violate a plurality of predetermined rules for packet transmissions;
  
  denying access to certain areas of the computer based on a violation of the predetermined rules, wherein the violation is associated with remote access to the computer using an authentication certificate;
  
  granting access to the certain areas of the computer if no violation occurs; and
  
  communicating an alert that signals the violation, wherein the alert is provided using an indicator on the network adapter and the alert includes a plurality of options for addressing the violation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The network adapter as recited in claim 1, wherein the processor is capable of being user-configured locally.
  - 3. The network adapter as recited in claim 1, wherein the ports include physical ports coupled to the network adapter for receiving plugs therein.
  - 4. The network adapter as recited in claim 3, wherein the trusted ports are visually differentiated from the untrusted ports.
  - 5. The network adapter as recited in claim 4, wherein the trusted ports are visually differentiated from the untrusted ports utilizing color.
  - 6. The network adapter as recited in claim 1, wherein the ports are electronic ports.
  - 7. The network adapter as recited in claim 1, wherein received packets are of interest based on an associated protocol.
  - 8. The network adapter as recited in claim 1, wherein the processor is capable of passing received packets that are not of interest.
  - 9. The network adapter as recited in claim 1, wherein the network adapter includes at least one of:
    - a Peripheral Component Interconnect (PCI) card, an Industry Standard Architecture (ISA) card, an Integrated Services Digital Network (ISDN) adapter, a cable modem adapter, and a broadband adapter.
  - 10. The network adapter as recited in claim 1, wherein the network adapter includes an adapter circuit that is coupled to the network.
  - 11. The network adapter as recited in claim 10, wherein the adapter circuit is coupled to the computer.
  - 12. The network adapter as recited in claim 1, wherein non-volatile solid state memory is protected by configuring a bios of the network adapter with a password.
  - 13. The network adapter as recited in claim 1, further comprising:
    - a packet assembler module configured to utilize header information associated with packets for assembling data fields of received packets.
  - 14. The network adapter as recited in claim 1, wherein, based on an associated protocol, a predetermined amount of received packets are assembled by a packet assembler module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Jagger, Luke D., Rothwell, Anton C., Dennis, William R.
Primary Examiner(s)
Pyzocha, Michael

Application Number

US10/028,652
Time in Patent Office

3,806 Days
Field of Search

713/201, 726/11, 726/22
US Class Current

726/11
CPC Class Codes

H04L 63/0236 Filtering by address, proto...

Network adapter firewall system and method

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Network adapter firewall system and method

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links