Policy-based content filtering
First Claim
1. A computer-implemented method for processing application-level content of network service protocols, the method comprising:
- defining, within a firewall device, one or more content processing configuration schemes, each of the one or more content processing configuration schemes including a plurality of content processing configuration settings for one or more network service protocols;
storing, by the firewall device, the one or more content processing configuration schemes;
associating, by the firewall device, one or more of the stored content processing configuration schemes with a firewall policy;
receiving an incoming network connection, at a networking subsystem of the firewall device the incoming connection being characterized by a source network address, a destination network address and a network service protocol;
determining, by the networking subsystem, whether to allow or deny the incoming connection by identifying a matching firewall policy based on the source network address, the destination network address and the network service protocol and applying packet-layer firewall rules associated with the matching firewall policy;
if the incoming connection is allowed, then;
redirecting the incoming network connection, by the networking subsystem, to a proxy module of one or more proxy modules within the firewall device that is configured to support the network service protocol;
retrieving, by the proxy module, one or more content processing configuration schemes associated with the matching firewall policy; and
processing, by the proxy module, application-level content of a packet stream associated with the incoming network connection byreconstructing the application-level content, including extracting and buffering content from a plurality of packets of the packet stream; and
scanning the application-level content based on the retrieved one or more content processing configuration schemes.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for processing application-level content of network service protocols. According to one embodiment, one or more content processing configuration schemes are defined within a firewall device. Each of the one or more content processing configuration schemes including multiple content processing configuration settings for one or more network service protocols. The one or more content processing configuration schemes are stored by the firewall device. One or more of the stored content processing configuration schemes are associated with a firewall policy by the firewall device.
-
Citations
16 Claims
-
1. A computer-implemented method for processing application-level content of network service protocols, the method comprising:
-
defining, within a firewall device, one or more content processing configuration schemes, each of the one or more content processing configuration schemes including a plurality of content processing configuration settings for one or more network service protocols; storing, by the firewall device, the one or more content processing configuration schemes; associating, by the firewall device, one or more of the stored content processing configuration schemes with a firewall policy; receiving an incoming network connection, at a networking subsystem of the firewall device the incoming connection being characterized by a source network address, a destination network address and a network service protocol; determining, by the networking subsystem, whether to allow or deny the incoming connection by identifying a matching firewall policy based on the source network address, the destination network address and the network service protocol and applying packet-layer firewall rules associated with the matching firewall policy; if the incoming connection is allowed, then; redirecting the incoming network connection, by the networking subsystem, to a proxy module of one or more proxy modules within the firewall device that is configured to support the network service protocol; retrieving, by the proxy module, one or more content processing configuration schemes associated with the matching firewall policy; and processing, by the proxy module, application-level content of a packet stream associated with the incoming network connection by reconstructing the application-level content, including extracting and buffering content from a plurality of packets of the packet stream; and scanning the application-level content based on the retrieved one or more content processing configuration schemes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system comprising:
-
non-transitory storage device having tangibly embodied therein instructions representing a security application; and one or more processors coupled to the non-transitory storage device and operable to execute the security application to perform a method comprising; defining one or more content processing configuration schemes, each of the one or more content processing configuration schemes including a plurality of content processing configuration settings for one or more network service protocols; storing the one or more content processing configuration schemes; associating one or more of the stored content processing configuration schemes with a firewall policy; receiving an incoming network connection, at a networking subsystem of a firewall device, the incoming connection being characterized by a source network address, a destination network address and a network service protocol; determining, by the networking subsystem, whether to allow or deny the incoming by identifying a matching firewall policy based on the source network address, the destination network address and the network service protocol and applying packet-layer firewall rules associated with the matching firewall policy; if the incoming connection is allowed, then; redirecting the incoming network connection, by the networking subsystem, to a proxy module of one or more proxy modules within the firewall device that is configured to support the network service protocol; retrieving, by the proxy module, one or more content processing configuration schemes associated with the matching firewall policy; and processing, by the proxy module, application-level content of a packet stream associated with the incoming network connection by reconstructing the application-level content, including extracting and buffering content from a plurality of packets of the packet stream; and scanning the application-level content based on the retrieved one or more content processing configuration schemes. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification