Computerized system and method for advanced network content processing
First Claim
1. A computer-implemented method comprising:
- receiving a plurality of packets at a first interface of a multi-purpose network protection firewall device including one or more processors and a memory;
identifying a transmission protocol according to which network content distributed among a subset of packets of the plurality of packets is formatted as an instant messaging (IM) protocol;
using information regarding the identified transmission protocol to redirect the subset of packets to a proxy module integrated within the multi-purpose protection firewall device;
extracting the network content from the subset of packets and buffering at least a portion of the network content by the proxy module;
processing, by the proxy module, the buffered portion of the network content in accordance with at least one content processing rule selected from a plurality of content processing rules based on the identified transmission protocol;
identifying a second transmission protocol according to which network content distributed among a second subset of packets of the plurality of packets is formatted;
using information regarding the identified second transmission protocol to redirect the second subset of packets to a second proxy module integrated within the multi-purpose protection firewall device;
wherein the second transmission protocol is distinct from the transmission protocol;
wherein the processing comprises filtering the buffered portion of the network content;
wherein the plurality of content processing rules includes one or more content filtering rules; and
wherein the proxy module is implemented at least in part by the one or more processors and the memory, the memory having instructions tangibly embodied therein representing at least a portion of the proxy module that are executable by the one or more processors.
1 Assignment
0 Petitions
Accused Products
Abstract
A computerized system and method for processing network content in accordance with at least one content processing rule. In accordance with the inventive method, the network content is received at a first interface. The inventive system identifies a transmission protocol information of the received network content and uses the identified transmission protocol information to intercept at least a portion of the received network content formatted in accordance with a transmission protocol. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using the second interface.
32 Citations
76 Claims
-
1. A computer-implemented method comprising:
-
receiving a plurality of packets at a first interface of a multi-purpose network protection firewall device including one or more processors and a memory; identifying a transmission protocol according to which network content distributed among a subset of packets of the plurality of packets is formatted as an instant messaging (IM) protocol; using information regarding the identified transmission protocol to redirect the subset of packets to a proxy module integrated within the multi-purpose protection firewall device; extracting the network content from the subset of packets and buffering at least a portion of the network content by the proxy module; processing, by the proxy module, the buffered portion of the network content in accordance with at least one content processing rule selected from a plurality of content processing rules based on the identified transmission protocol; identifying a second transmission protocol according to which network content distributed among a second subset of packets of the plurality of packets is formatted; using information regarding the identified second transmission protocol to redirect the second subset of packets to a second proxy module integrated within the multi-purpose protection firewall device; wherein the second transmission protocol is distinct from the transmission protocol; wherein the processing comprises filtering the buffered portion of the network content; wherein the plurality of content processing rules includes one or more content filtering rules; and wherein the proxy module is implemented at least in part by the one or more processors and the memory, the memory having instructions tangibly embodied therein representing at least a portion of the proxy module that are executable by the one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A multi-purpose network protection firewall device comprising:
-
a first interface operable to receive a plurality of packets formatted in accordance with a plurality of transmission protocols; a plurality of proxy module coupled in communication with the first interface; a networking subsystem, coupled in communication with the proxy module, operable to; identify a transmission protocol of the plurality of transmission protocols according to which network content distributed among a subset of packets of the plurality of packets is formatted as an instant messaging (IM) protocol, redirect the subset of packets to the proxy module; identify a second transmission protocol according to which network content distributed among a second subset of packets of the plurality of packets is formatted; and use information regarding the identified second transmission protocol to redirect the second subset of packets to a second proxy module integrated within the multi-purpose network protection firewall device; wherein the second transmission protocol is distinct from the transmission protocol; wherein the proxy is operable to scan the buffered portion of the network content in accordance with at least one scanning criterion; wherein the proxy module is configured to extract the network content from the subset of packets, buffer at least a portion of the network content, and process the buffered portion of the network content in accordance with the at least one content processing rule selected from a plurality of content processing rules based on the identified transmission protocol; and wherein the plurality of content processing rules includes one or more content filtering rules. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74)
-
-
75. A non-transitory computer-readable storage medium tangibly embodying one or more sequences of instructions, which when executed by one or more processors of a multi-purpose network protection firewall device, causes the one or more processors to perform a method comprising:
-
receiving a plurality of packets formatted in accordance with a plurality of transmission protocols at a first interface of the multi-purpose network protection firewall device; identifying a transmission protocol according to which network content distributed among a subset of packets of the plurality of packets is formatted as an instant messaging (IM) protocol; using information regarding the identified transmission protocol to redirect the subset of packets to a proxy module integrated within the multi-purpose protection firewall device; extracting the network content from the subset of packets and buffering at least a portion of the network content by the proxy module; and processing, by the proxy module, the buffered portion of the network content in accordance with the at least one content processing rule selected from a plurality of content processing rules based on the identified transmission protocol; identifying a second transmission protocol according to which network content distributed among a second subset of packets of the plurality of packets is formatted; using information regarding the identified second transmission protocol to redirect the second subset of packets to a second proxy module integrated within the multi-purpose protection firewall device; wherein the second transmission protocol is distinct from the transmission protocol; wherein the processing comprises filtering the buffered portion of the network content; and wherein the plurality of content processing rules includes one or more content filtering rules.
-
-
76. A multi-purpose network protection firewall device comprising:
-
a first interface operable to receive a plurality of packets formatted in accordance with a plurality of transmission protocols; a proxy means coupled in communication with the first interface for extracting the network content from the subset of packets, buffering at least a portion of the network content, and processing the buffered portion of the network content in accordance with the at least one content processing rule selected from a plurality of content processing rules based on the identified transmission protocol; a networking subsystem, coupled in communication with the proxy module, operable to; identify a transmission protocol of the plurality of transmission protocols according to which network content distributed among a subset of packets of the plurality of packets is formatted as an instant messaging (IM) protocol, redirect the subset of packets to the proxy module; identify a second transmission protocol according to which network content distributed among a second subset of packets of the plurality of packets is formatted; and use information regarding the identified second transmission protocol to redirect the second subset of packets to a second proxy module integrated within the multi-purpose network protection firewall device; wherein the second transmission protocol is distinct from the transmission protocol; wherein the proxy is operable to scan the buffered portion of the network content in accordance with at least one scanning criterion; and wherein the plurality of content processing rules includes one or more content filtering rules.
-
Specification