Security management system for monitoring firewall operation

US 8,925,063 B2
Filed: 02/14/2011
Issued: 12/30/2014
Est. Priority Date: 10/03/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a receiver, a session initiation signal to initiate a communications session through a firewall; and

determining, by a processor, a time between, first, receiving the session initiation signal and, second, opening a pinhole in the firewall for the communications session initiated by the session initiation signal.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A test method for Internet-Protocol packet networks that verifies the proper functioning of a dynamic pinhole filtering implementation as well as quantifying network vulnerability statistically, as pinholes are opened and closed is described. Specific potential security vulnerabilities that may be addressed through testing include: 1) excessive delay in opening pinholes, resulting in an unintentional denial of service; 2) excessive delay in closing pinholes, creating a closing delay window of vulnerability; 3) measurement of the length of various windows of vulnerability; 4) setting a threshold on a window of vulnerability such that it triggers an alert when a predetermined value is exceeded; 5) determination of incorrectly allocated pinholes, resulting in a denial of service; 6) determining the opening of extraneous pinhole/IP address combinations through a firewall which increase the network vulnerability through unrecognized backdoors; and 7) determining the inability to correlate call state information with dynamically established rules in the firewall.

87 Citations

20 Claims

1. A computer-implemented method comprising:
- receiving, by a receiver, a session initiation signal to initiate a communications session through a firewall; and
  
  determining, by a processor, a time between, first, receiving the session initiation signal and, second, opening a pinhole in the firewall for the communications session initiated by the session initiation signal.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, wherein the session initiation signal includes a 200 OK message, and wherein determining the time includes determining the time between receiving the 200 OK message and opening the pinhole in the firewall.
  - 3. The computer-implemented method of claim 2, wherein determining the time includes determining a speed with which the firewall correlates information from the 200 OK message and opens the pinhole in the firewall.
  - 4. The computer-implemented method of claim 1, wherein the session initiation signal includes an INVITE message, and wherein determining the time includes determining the time between receiving the INVITE message and opens the pinhole in the firewall.
  - 5. The computer-implemented method of claim 1, wherein determining the time includes determining a speed with which the firewall correlates information from the session initiation signal and opens the pinhole in the firewall, the method further comprising storing the determined time and calculating, by the processor, a firewall performance parameter based on the time.

6. A computer-implemented method comprising:
- transmitting, by a transmitter, a session termination signal used to terminate an established communications session through a firewall; and
  
  measuring, by a processor, a time period between transmitting the session termination signal and closing a pinhole in the firewall in response to the session termination signal used to terminate the established communications session.
- View Dependent Claims (7, 8, 9)
- - 7. The computer-implemented method of claim 6, wherein the session termination signal includes a BYE message and measuring the time period includes measuring the time period between transmitting the BYE message and closing the pinhole in the firewall.
  - 8. The computer-implemented method of claim 7, wherein measuring the time period includes measuring a time the firewall processes information from the BYE message.
  - 9. The computer-implemented method of claim 6, wherein measuring the time period includes measuring a time the pinhole remains open after the communications session has terminated.

10. A computer-implemented method of testing a network firewall, comprising:
- receiving, by a receiver, a session signal to initiate a communications session to be conducted through the firewall;
  
  transmitting, by a transmitter, test packets to at least one port on a first side of the firewall;
  
  determining, by a processor, a time when the test packets first pass through the at least one port, the at least one port being opened in response to the signal to initiate a communications session; and
  
  determining, by the processor, a time between the receiving the session signal to initiate the communications session and opening a port in the firewall for the communications session based on the time when the test packets first pass through the at least one port, wherein the session signal to initiate the communications session is received before the test packets first pass through the at least one port.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer-implemented method of testing a network firewall according to claim 10, further comprising blocking at least one of the test packets by the firewall.
  - 12. The computer-implemented method of claim 10, wherein determining the time includes determining a time period betweendetecting a signal used to cause the port for the communications session to open, anddetecting a signal passing through the port from the first side of the firewall to a second side of the firewall.
  - 13. The computer-implemented method according to claim 12, further comprising:
    - transmitting a session signal to terminate the communications session; and
      
      determining a time between transmitting the session signal to terminate the communications session and closing the port in the firewall in response to the session signal to terminate the communications session.
  - 14. The computer-implemented method of claim 13, wherein determining the time between transmitting the session signal to terminate the communications session and closing the port includes:
    - detecting a signal used to cause the closing of the port and detecting a time at which the port ceases to allow communications signals to pass through from the first side of the firewall to the second side of the firewall.

15. A device including:
- a receiver to receive a session initiation signal to initiate a communications session through a firewall; and
  
  a processor to determine a time between receiving the session initiation signal and opening a pinhole in the firewall for the communications session initiated by the session initiation signal.
- View Dependent Claims (16, 17)
- - 16. The device of claim 15, wherein the session initiation signal includes a 200 OK message, and wherein the processor is configured to determine the time between receiving the 200 OK message and opening the pinhole in the firewall.
  - 17. The device of claim 16, wherein the session initiation signal includes an INVITE message, and wherein the processor is configured to determine a time between the receiver receiving the INVITE message and the opening of the pinhole.

18. A device comprising:
- a transmitter to transmit a session termination signal to terminate an established communications session through a firewall; and
  
  a processor to determine a time between the transmitting of the session termination signal and closing a pinhole in the firewall in response to the session termination signal used to terminate the established communications session.
- View Dependent Claims (19, 20)
- - 19. The device of claim 18, wherein the session termination signal includes a BYE message, and wherein the processor determines the time by determining a time between the transmission of the BYE message and the closing of the pinhole.
  - 20. The device of claim 19, wherein determining the time includes determining a speed with which the firewall correlates information from the BYE message and closes the pinhole in the firewall.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Ormazabal, Gaston S., Harvey, Jr., Edward P., Sylvester, James E.
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
Johnson, Carlton

Application Number

US13/026,446
Publication Number

US 20110138456A1
Time in Patent Office

1,415 Days
Field of Search

None
US Class Current

726/11
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/22   comprising specially adapte...

H04L 43/06   Generation of reports

H04L 43/0852   Delays

H04L 43/0894   Packet rate

H04L 43/12   Network monitoring probes

H04L 43/50   Testing arrangements

H04L 63/02   for separating internal fro...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/1433   Vulnerability analysis

Security management system for monitoring firewall operation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security management system for monitoring firewall operation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links