Firewall control via process interrogation

US 8,272,041 B2
Filed: 06/21/2007
Issued: 09/18/2012
Est. Priority Date: 06/21/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for controlling a firewall for a user computing system, said method comprising:

receiving, by a processor of a computer system, a data request at the firewall, the data request being associated with control of a program of the user computing system;

said processor determining that a process rule exists for the program, the process rule comprising a condition to be satisfied for a process of the user computing system, the process rule having been generated based on preferences received by a process interrogation controller in the firewall, the process rule being stored in a storage unit of the firewall, the user computing system, or a remote server;

in response to the determining that the process rule exists for the program, said processor further determining a manner for evaluating a status of the process and determining a current status of the process, wherein said determining the manner for evaluating comprises searching executable file information, calling an application program interface, or querying an operation system database;

said processor determining, using the determined manner for evaluating, whether the condition of the process rule is satisfied based on the current status of the process; and

in response to determining whether the condition of the process rule is satisfied, said processor performing one or more firewall actions comprising allowing or denying access to data packets, monitoring data packets, or redirecting data packets to another device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally speaking, systems, methods and media for implementing a firewall control system responsive to process interrogations are disclosed. Embodiments of a method may include receiving a data request at a firewall where the data request is associated with a program and determining whether a process rule exists for the associated program, where the process rule includes a condition to be satisfied for a process of the user computer system. Embodiments may also include, in response to determining that a process rule does exist, determining a method for evaluating a status of the process and determining a current status of the process. Embodiments may also include determining whether the process rule is satisfied based on the current status of the process and using the determined evaluation method. Embodiments may also include, in response to determining whether the condition of the process rule is satisfied, performing one or more firewall actions.

Citations

20 Claims

1. A method for controlling a firewall for a user computing system, said method comprising:
- receiving, by a processor of a computer system, a data request at the firewall, the data request being associated with control of a program of the user computing system;
  
  said processor determining that a process rule exists for the program, the process rule comprising a condition to be satisfied for a process of the user computing system, the process rule having been generated based on preferences received by a process interrogation controller in the firewall, the process rule being stored in a storage unit of the firewall, the user computing system, or a remote server;
  
  in response to the determining that the process rule exists for the program, said processor further determining a manner for evaluating a status of the process and determining a current status of the process, wherein said determining the manner for evaluating comprises searching executable file information, calling an application program interface, or querying an operation system database;
  
  said processor determining, using the determined manner for evaluating, whether the condition of the process rule is satisfied based on the current status of the process; and
  
  in response to determining whether the condition of the process rule is satisfied, said processor performing one or more firewall actions comprising allowing or denying access to data packets, monitoring data packets, or redirecting data packets to another device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1,wherein the data request is a request to control the program based on the process.
  - 3. The method of claim 2, wherein the request to control the program includes an identification of the process.
  - 4. The method of claim 1, wherein the data request includes a data packet and an indication of the program, wherein the program is transmitting or receiving the data packet.
  - 5. The method of claim 1, wherein the firewall is a hardware firewall.
  - 6. The method of claim 1, wherein the status of the process is an indication of whether or not the process is currently executing.
  - 7. The method of claim 1, wherein the status of the process is an indication of whether or not the process is sufficiently recent.

8. A computer program product, comprising a computer physically tangible storage device having a computer readable program code stored therein, said program code configured to be executed by a processor of a computer system to implement a method for controlling a firewall for a user computing system, said method comprising:
- said processor receiving a data request at the firewall, the data request being associated with control of a program of the user computing system;
  
  said processor determining that a process rule exists for the program, the process rule comprising a condition to be satisfied for a process of the user computing system, the process rule having been generated based on preferences received by a process interrogation controller in the firewall, the process rule being stored in a storage unit of the firewall, the user computing system, or a remote server;
  
  in response to the determining that a process rule exists for the program, said processor further determining a manner for evaluating a status of the process and determining a current status of the process, wherein said determining the manner for evaluating comprises searching executable file information, calling an application program interface, or querying an operation system database;
  
  said processor determining, using the determined manner for evaluating, whether the condition of the process rule is satisfied based on the current status of the process; and
  
  in response to determining whether the condition of the process rule is satisfied, said processor performing one or more firewall actions comprising allowing or denying access to data packets, monitoring data packets, or redirecting data packets to another device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein the data request is a request to control the program based on the process.
  - 10. The computer program product of claim 9, wherein the request to control the program includes an identification of the process.
  - 11. The computer program product of claim 8, wherein the data request includes a data packet and an indication of the program, wherein the program is transmitting or receiving the data packet.
  - 12. The computer program product of claim 8, wherein the firewall is a hardware firewall.
  - 13. The computer program product of claim 8, wherein the status of the process is an indication of whether or not the process is currently executing.
  - 14. The computer program product of claim 8, wherein the status of the process is an indication of whether or not the process is sufficiently recent.

15. A computer system comprising a processor, a memory coupled to the processor, and a computer readable storage device coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory to implement a method for controlling a firewall for a user computing system, said method comprising:
- said processor receiving a data request at the firewall, the data request being associated with control of a program of the user computing system;
  
  said processor determining that a process rule exists for the program, the process rule comprising a condition to be satisfied for a process of the user computing system, the process rule having been generated based on preferences received by a process interrogation controller in the firewall, the process rule being stored in a storage unit of the firewall, the user computing system, or a remote server;
  
  in response to the determining that a process rule exists for the program, said processor further determining a manner for evaluating a status of the process and determining a current status of the process, wherein said determining the manner for evaluating comprises searching executable file information, calling an application program interface, or querying an operation system database;
  
  said processor determining, using the determined manner for evaluating, whether the condition of the process rule is satisfied based on the current status of the process; and
  
  in response to determining whether the condition of the process rule is satisfied, said processor performing one or more firewall actions comprising allowing or denying access to data packets, monitoring data packets, or redirecting data packets to another device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, wherein the data request is a request to control the program based on the process.
  - 17. The computer system of claim 16, wherein the request to control the program includes an identification of the process.
  - 18. The computer system of claim 15, wherein the data request includes a data packet and an indication of the program, wherein the program is transmitting or receiving the data packet.
  - 19. The computer system of claim 15, wherein the firewall is a hardware firewall.
  - 20. The computer system of claim 15, wherein the status of the process is an indication of whether or not the process is currently executing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hamilton, Rick A. II, O'Connell, Brian M., Pavesi, John R., Walker, Keith R.
Primary Examiner(s)
Chai, Longbit

Application Number

US11/766,165
Publication Number

US 20080320581A1
Time in Patent Office

1,916 Days
Field of Search

726/11
US Class Current

726/11
CPC Class Codes

H04L 63/0263 Rule management

Firewall control via process interrogation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall control via process interrogation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links