Network attached device with dedicated firewall security
DCFirst Claim
Patent Images
1. A system comprising:
- a first computing device coupled to an internal network; and
a second computing device in communication with the first computing device, wherein the second computing device has at least one attached device and the second computing device is isolated from the internal network;
wherein the first computing device comprises a memory having stored thereon instructions that, in response to execution on the first computing device, cause the first computing device to at least;
receive data packets over the internal network, wherein at least some of the data packets are sent to the internal network from an external network;
examine the data packets to determine whether the data packets contain an IP address associated with the at least one attached device;
filter data packets containing a valid IP address in a header of the data packet to determine whether to authorize data packets requesting access to the at least one attached device;
reformulate the data packets for communication to the second computing device; and
transmit the reformulated packets to the second computing device in response to determining that the request for access is authorized.
7 Assignments
Litigations
1 Petition
Accused Products
Abstract
Dedicated firewall security for a network attached device (NAD) is provided by a firewall management system integrated directly into the NAD or into a NAD server. A local area network arrangement includes a network client and the NAD and the firewall management system includes computer readable medium having computer-executable instructions that perform the steps of receiving a request for network access to the NAD from the network client, determining whether the request for network access to the NAD is authorized, and only if the request for network access is authorized, providing the network client with network access to the NAD.
-
Citations
23 Claims
-
1. A system comprising:
-
a first computing device coupled to an internal network; and a second computing device in communication with the first computing device, wherein the second computing device has at least one attached device and the second computing device is isolated from the internal network; wherein the first computing device comprises a memory having stored thereon instructions that, in response to execution on the first computing device, cause the first computing device to at least; receive data packets over the internal network, wherein at least some of the data packets are sent to the internal network from an external network; examine the data packets to determine whether the data packets contain an IP address associated with the at least one attached device; filter data packets containing a valid IP address in a header of the data packet to determine whether to authorize data packets requesting access to the at least one attached device; reformulate the data packets for communication to the second computing device; and transmit the reformulated packets to the second computing device in response to determining that the request for access is authorized. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method comprising:
-
receiving, by a first computing device coupled to an internal network, data packets over the internal network, wherein at least some of the data packets are sent to the internal network from an external network; examining, by the first computing device, the data packets to determine whether the data packets contain an IP address associated with an attached device coupled to a second computing device, wherein the second computing device is in communication with the first computing device and the second computing device is isolated from the internal network; filtering, by the first computing device, data packets by determining whether the IP address in a header of the data packets is valid to determine whether to authorize data packets containing information indicative of a request for access to the attached device; and reformulating, by the first computing device, the data packets for communication to the second computing device coupled to the attached device in response to authorizing the data packets containing the information indicative of the request for access to the attached device. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium comprising computer instructions that, in response to execution by a first computing device, cause the first computing device to at least:
-
receive data packets over an internal network, the first computing device coupled to the internal network, wherein at least some of the data packets are sent to the internal network from an external network; examine the data packets to determine whether the data packets contain an IP address associated with an attached device coupled to a second computing device, wherein the second computing device is in communication with the first computing device and the second computing device is isolated from the internal network; filter data packets containing a valid IP address in a header of the data packets to determine whether to authorize data packets requesting access to the attached device; and generate new data packets, based at least in part on information contained within the data packets, for communication to the second computing device in response to determining that the request for access is authorized, wherein the attached device is coupled to the second computing device by way of a communications interface. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification