Incorporating network connection security levels into firewall rules

US 8,776,208 B2
Filed: 03/22/2012
Issued: 07/08/2014
Est. Priority Date: 05/18/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method of regulating transmissions using a firewall, the method comprising:

receiving a first transmission at the firewall, the firewall being associated with at least a first multi-parameter firewall rule and at least one other multi-parameter firewall rule, each of the first multi-parameter firewall rule and the at least one other multi-parameter firewall rule having at least a first parameter, a connection security parameter relating to one or more types of connection security, a first field that specifies an action for that multi-parameter firewall rule, and another field that specifies whether transmissions not meeting the connection security parameter should be blocked;

determining that properties of the first transmission do not meet the first parameter of the first multi-parameter firewall rule;

handling the first transmission according to the at least one other multi-parameter firewall rule without determining whether the properties of the first transmission meet the connection security parameter of the first multi-parameter firewall rule;

receiving a second transmission at the firewall;

determining that properties of the second transmission meet the first parameter of the first multi-parameter firewall rule and do not meet the connection security parameter of the first multi-parameter firewall rule;

blocking the second transmission with the firewall without determining whether the properties of the second transmission meet parameters of the at least one other multi-parameter firewall rule if the other field of the first multi-parameter firewall rule specifies that transmissions not meeting the connection security parameter should be blocked;

receiving a third transmission at the firewall;

determining that properties of the third transmission meet the first parameter of the first multi-parameter firewall rule and meet the connection security parameter of the first multi-parameter firewall rule; and

taking an action regarding the third transmission that is specified by the first field of the first multi-parameter firewall rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts.

58 Citations

View as Search Results

20 Claims

1. A method of regulating transmissions using a firewall, the method comprising:
- receiving a first transmission at the firewall, the firewall being associated with at least a first multi-parameter firewall rule and at least one other multi-parameter firewall rule, each of the first multi-parameter firewall rule and the at least one other multi-parameter firewall rule having at least a first parameter, a connection security parameter relating to one or more types of connection security, a first field that specifies an action for that multi-parameter firewall rule, and another field that specifies whether transmissions not meeting the connection security parameter should be blocked;
  
  determining that properties of the first transmission do not meet the first parameter of the first multi-parameter firewall rule;
  
  handling the first transmission according to the at least one other multi-parameter firewall rule without determining whether the properties of the first transmission meet the connection security parameter of the first multi-parameter firewall rule;
  
  receiving a second transmission at the firewall;
  
  determining that properties of the second transmission meet the first parameter of the first multi-parameter firewall rule and do not meet the connection security parameter of the first multi-parameter firewall rule;
  
  blocking the second transmission with the firewall without determining whether the properties of the second transmission meet parameters of the at least one other multi-parameter firewall rule if the other field of the first multi-parameter firewall rule specifies that transmissions not meeting the connection security parameter should be blocked;
  
  receiving a third transmission at the firewall;
  
  determining that properties of the third transmission meet the first parameter of the first multi-parameter firewall rule and meet the connection security parameter of the first multi-parameter firewall rule; and
  
  taking an action regarding the third transmission that is specified by the first field of the first multi-parameter firewall rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein handling the first transmission according to the at least one other multi-parameter firewall rule includes:
    - determining that the properties of the first transmission meet the first parameter of the at least one other multi-parameter firewall rule; and
      
      handling the first transmission according to an evaluation of the connection security parameter of the at least one other multi-parameter firewall rule.
  - 3. The method of claim 1, wherein taking the action specified by the first field of the first multi-parameter firewall rule comprises allowing the third transmission through the firewall.
  - 4. The method of claim 1, wherein determining that the properties of the third transmission meet the first parameter of the first multi-parameter firewall rule and meet the connection security parameter of the first multi-parameter firewall rule includes:
    - determining that the properties of the third transmission meet the first parameter of the first multi-parameter firewall rule by evaluating at least one transmission characteristic of the third transmission relative to the first parameter of the first multi-parameter firewall rule; and
      
      determining that the properties of the third transmission meet the connection security parameter of the first multi-parameter firewall rule by evaluating the third transmission for the one or more types of connection security.
  - 5. The method of claim 4, wherein evaluating the at least one transmission characteristic comprises evaluating a source address, a destination address, a source port, a destination port, a protocol, a data size, and/or a source application.
  - 6. The method of claim 4, wherein determining that the properties of the third transmission meet the connection security parameter of the first multi-parameter firewall rule comprises determining that the properties of the third transmission meet at least one connection security level, the at least one connection security level being specified as a constraint of a connection security policy regulating connections between a first device and a second device.
  - 7. The method of claim 6, wherein determining that the properties of the third transmission meet the at least one connection security level comprises determining that connection security for the third transmission meets or exceeds the at least one connection security level.
  - 8. The method of claim 4, wherein evaluating the third transmission for the one or more types of connection security comprises evaluating the third transmission for a type of connection security including authentication, integrity checking, encryption, and/or anti-replay.
  - 9. The method of claim 8, wherein evaluating the third transmission for one or more types of connection security comprises evaluating the third transmission to determine, if the third transmission uses connection security, a level of security of the connection security that is used.

10. At least one computer-readable memory having stored thereon computer-executable instructions that, in response to execution by a firewall device, cause the firewall device to perform operations, the operations comprising:
- receiving a first transmission at the firewall device, the firewall device being associated with at least a first firewall rule of a set of firewall rules, the first firewall rule comprising a first parameter relating to at least one transmission characteristic, a connection security parameter relating to one or more types of connection security, a first field that specifies an action for that firewall rule, and a connection security field that specifies whether transmissions not meeting the connection security parameter are to be blocked;
  
  determining that at least one transmission characteristic of the first transmission does not meet the first parameter of the first firewall rule;
  
  handling the first transmission according to at least one other firewall rule of the set of firewall rules without determining whether a connection security characteristic of the first transmission meets the connection security parameter of the first firewall rule;
  
  receiving a second transmission at the firewall device;
  
  determining that at least one transmission characteristic of the second transmission meets the first parameter of the first firewall rule and a connection security characteristic of the second transmission does not meet the connection security parameter of the first firewall rule;
  
  blocking the second transmission with the firewall device without regard to additional firewall rules of the set of firewall rules if the connection security field of the first firewall rule specifies that transmissions not meeting the connection security parameter are to be blocked;
  
  receiving a third transmission at the firewall device;
  
  determining that at least one transmission characteristic of the third transmission meets the first parameter of the first firewall rule and a connection security characteristic of the third transmission meets the connection security parameter of the first firewall rule; and
  
  taking an action regarding the third transmission that is specified by the first field of the first firewall rule.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The at least one computer-readable memory of claim 10, wherein handling the first transmission according to the at least one other firewall rule includes:
    - determining that the at least one transmission characteristic of the first transmission meets a first parameter of the at least one other firewall rule; and
      
      handling the first transmission according to an evaluation of a second parameter of the at least one other firewall rule.
  - 12. The at least one computer-readable memory of claim 10, wherein the at least one transmission characteristic of the first transmission includes a source address, destination address, source port, destination port, protocol, data size, and/or a source application.
  - 13. The at least one computer-readable memory of claim 10, wherein determining that the connection security characteristic of the third transmission meets the connection security parameter of the first firewall rule comprises determining that the connection security characteristic of the third transmission meets at least one connection security level, the at least one connection security level being specified as a constraint of a connection security policy regulating connections between a first device and a second device.
  - 14. The at least one computer-readable memory of claim 10, wherein determining that the at least one transmission characteristic of the second transmission meets the first parameter of the first firewall rule and the connection security characteristic of the second transmission does not meet the connection security parameter of the first firewall rule includes evaluating the second transmission to determine, if the second transmission uses connection security, a level of the connection security that is used.
  - 15. The at least one computer-readable memory of claim 10, wherein determining that the first firewall rule indicates that the second transmission should be blocked comprises determining that a parameter of the first firewall rule indicates that the second transmission should be blocked if the first parameter is met and the connection security second parameter is not met.

16. A firewall device, comprising:
- at least one processor; and
  
  at least one computer-readable memory having processor-executable instructions stored therein that, in response to execution by the at least one processor, cause the firewall device to regulate transmission of data through the firewall device based on a set of two or more firewall rules, each of the two or more firewall rules having at least a first parameter and a connection security parameter, the regulation of transmission of data comprising;
  
  receiving a first transmission;
  
  determining that properties of the first transmission do not meet the first parameter of a first firewall rule of the set of firewall rules;
  
  handling the first transmission according to at least one other firewall rule of the set of firewall rules without determining whether the properties of the first transmission meet the connection security parameter of the first firewall rule;
  
  receiving a second transmission;
  
  determining that properties of the second transmission meet the first parameter of the first firewall rule;
  
  determining that the properties of the second transmission do not meet the connection security parameter of the first firewall rule, the connection security parameter of the first firewall rule relating to one or more types of connection security;
  
  in response to the determination that the properties of the second transmission do not meet the connection security parameter of the first firewall rule, determining whether the second transmission is to be blocked based on a setting in a connection security field that specifies whether transmissions not meeting the connection security parameter are to be blocked;
  
  if the connection security field specifies that transmissions not meeting the connection security parameter are to be blocked, blocking the second transmission without determining whether the properties of the second transmission meet parameters of a next firewall rule of the set of firewall rules;
  
  receiving a third transmission;
  
  determining that properties of the third transmission meet the first parameter of the first firewall rule and meet the connection security parameter of the first firewall rule; and
  
  in response to the determination that the properties of the third transmission meet the first parameter of the first firewall rule and meet the connection security parameter of the first firewall rule, taking an action regarding the third transmission that is specified by the first firewall rule.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The firewall device of claim 16, wherein determining whether the second transmission is to be blocked comprises evaluating a configuration of the firewall device, separate from the set of firewall rules, for an indication of whether the second transmission is to be blocked.
  - 18. The firewall device of claim 16, wherein determining whether the second transmission is to be blocked comprises determining whether another parameter of the first firewall rule indicates that the second transmission is to be blocked.
  - 19. The firewall device of claim 16, wherein handling the first transmission according to the at least one other firewall rule of the set of firewall rules comprises:
    - determining whether the properties of the first transmission meet first and connection security parameters of the next firewall rule of the set of firewall rules.
  - 20. The firewall device of claim 16, wherein:
    - determining that the properties of the first transmission meet the first parameter of the first firewall rule comprises evaluating at least one transmission characteristic of the first transmission; and
      
      determining that the properties of the third transmission meet the connection security parameter of the first firewall rule comprises evaluating the third transmission for the one or more types of connection security.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Yariv, Eran, Diaz-Cuellar, Gerardo, Abzarian, David
Primary Examiner(s)
Truong, Thanhnga B
Assistant Examiner(s)
Jeudy, Josnel

Application Number

US13/427,436
Publication Number

US 20120185929A1
Time in Patent Office

838 Days
Field of Search

713153-154, 726 2- 3, 726 11- 15, 709246-247, 709/249
US Class Current

726/11
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/126 the source of the received ...

Incorporating network connection security levels into firewall rules

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

58 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Incorporating network connection security levels into firewall rules

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links