Selective auto-revocation of firewall security settings

US 8,214,889 B2
Filed: 11/03/2006
Issued: 07/03/2012
Est. Priority Date: 11/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method of managing security settings of a firewall and exceptions to security settings of the firewall in a networked environment, the method comprising:

managing security settings and exceptions based on network class to control network communication through the firewall;

receiving a connection request from a computing device to a first network;

classifying the first network to a specified network class, the classifying at least partially based on a user input from a user of the computing device;

applying at least one exception to the first network based on the first network being in the specified network class; and

upon detection of a change in network connection from the first network to a second network, classifying the second network to the specified network class, the classifying at least partially based on user input from the user of the computing device and revoking the at least one exception for the second network, wherein the at least one exception includes a network security exception enabled by the user to a network rule managed by the firewall, and the revoking occurs automatically according to the network security exception enabled by the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Management of security firewall settings in a networked computing environment is described. One example embodiment includes applying security settings and exceptions to the security settings based on network class for network communication, and upon detection of an event, revoking at least one exception for at least one network in a specified class.

29 Citations

View as Search Results

16 Claims

1. A method of managing security settings of a firewall and exceptions to security settings of the firewall in a networked environment, the method comprising:
- managing security settings and exceptions based on network class to control network communication through the firewall;
  
  receiving a connection request from a computing device to a first network;
  
  classifying the first network to a specified network class, the classifying at least partially based on a user input from a user of the computing device;
  
  applying at least one exception to the first network based on the first network being in the specified network class; and
  
  upon detection of a change in network connection from the first network to a second network, classifying the second network to the specified network class, the classifying at least partially based on user input from the user of the computing device and revoking the at least one exception for the second network, wherein the at least one exception includes a network security exception enabled by the user to a network rule managed by the firewall, and the revoking occurs automatically according to the network security exception enabled by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the revoked exception is an application-enabled exception to a firewall rule.
  - 3. The method of claim 1 wherein a plurality of exceptions are revoked upon detection of the change in the network connection.
  - 4. The method of claim 1 wherein said revocation is based on a persistence flag associated with the at least one exception, the persistence flag identifying no persistence of the at least one exception.
  - 5. The method of claim 1 further comprising, upon detection of a change in network class, or a change in network infrastructure for the first network, revoking the at least one exception for the first network.
  - 6. The method of claim 1 wherein said change in network connection includes a change in a network address.
  - 7. The method of claim 1 further comprising, upon detection of a change in a risk assessment of a user, revoking the at least one exception for the first network.
  - 8. The method of claim 1 further comprising, upon detection of a software download over the first network, revoking the at least one exception for the first network.
  - 9. The method of claim 1 further comprising, upon detection of a change in a software status of software communicating with the firewall, revoking at least one exception for at least one network.

10. A method of managing security settings of a firewall in a networked environment, the method comprising:
- managing a security profile with at least a first security setting for network communication through the firewall, the first security setting applied to network communication over networks in a specified class;
  
  receiving a user-selected request for a second security setting including at least one exception to the first security setting in the security profile;
  
  receiving a connection request from a computing device to a first network;
  
  classifying the first network to the specified class, the classifying at least partially based on a user input from a user of the computing device;
  
  applying said second security setting including the at least one exception to network communication over the first network in said specified class; and
  
  upon detection of an event including a connection to a second network, wherein said connection to a second network includes an establishment of a new network connection in the networked environment, classifying the second network to determine that the second network is in the specified class, the classifying at least partially based on a user input from the user of the computing device, and automatically revoking at least said at least one exception from being applied to network communication over the second network based at least on the second network being in said specified class and applying said first security setting to network communication over the second network in said specified class.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10 further comprising monitoring a flag identifying persistence of the at least one exception, said automatic revocation further comprising automatically revoking the at least one exception when the flag identifies no persistence of the at least one exception, and further comprising maintaining the at least one exception for a network of the specified class when the flag identifies persistence of the at least one exception.
  - 12. The method of claim 10 further comprising, upon detection of a change in a network classification to the first network, revoking the at least one exception from being applied to network communication over the first network.
  - 13. The method of claim 10 wherein said event further includes a change in a network infrastructure, a change in a network access protection, a change in a risk assessment of a user, or a software download over the networked environment.

14. A computerized system for network communication in a networked environment having networks of a first class and networks of a second class, comprising:
- a computing device configured to connect to a first unknown network and a second unknown network;
  
  a network classification program configured to classify networks into the first and second classes, the classification at least partially based on user input from a user of the computing device and also based on network characteristics including a security level, the first class including networks of a lower security level than the second class;
  
  a firewall program having a plurality of selectable exceptions for each of the first and second classes, the firewall program configured to automatically revoke at least one exception previously enabled for networks of the first class upon a connection by the computing device to a first unknown network of the first class; and
  
  the firewall program further configured to automatically maintain at least one exception previously enabled for networks of the second class upon a connection by the computing device to a second unknown network of the second class.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14 wherein the firewall program is configured to revoke all exceptions previously enabled for networks of the first class upon the connection to the first unknown network.
  - 16. The system of claim 14 wherein the firewall program is further configured to determine whether to revoke at least one exception based on whether a system shut-down preceded the connection to the first or second unknown networks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bahl, Pradeep, Dadhia, Rajesh, Diaz Cuellar, Gerardo
Primary Examiner(s)
Goodarzi, Nasser
Assistant Examiner(s)
LEWIS, LISA C

Application Number

US11/592,778
Publication Number

US 20080109890A1
Time in Patent Office

2,069 Days
Field of Search

726/11
US Class Current

726/11
CPC Class Codes

H04L 63/0263 Rule management

H04L 63/1416 Event detection, e.g. attac...

Selective auto-revocation of firewall security settings

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Selective auto-revocation of firewall security settings

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others