Security management system for monitoring firewall operation
First Claim
1. A computer-implemented method comprising:
- receiving, by a receiver, a session initiation signal to initiate a communications session through a firewall; and
determining, by a processor, a time between, first, receiving the session initiation signal and, second, opening a pinhole in the firewall for the communications session initiated by the session initiation signal.
3 Assignments
0 Petitions
Accused Products
Abstract
A test method for Internet-Protocol packet networks that verifies the proper functioning of a dynamic pinhole filtering implementation as well as quantifying network vulnerability statistically, as pinholes are opened and closed is described. Specific potential security vulnerabilities that may be addressed through testing include: 1) excessive delay in opening pinholes, resulting in an unintentional denial of service; 2) excessive delay in closing pinholes, creating a closing delay window of vulnerability; 3) measurement of the length of various windows of vulnerability; 4) setting a threshold on a window of vulnerability such that it triggers an alert when a predetermined value is exceeded; 5) determination of incorrectly allocated pinholes, resulting in a denial of service; 6) determining the opening of extraneous pinhole/IP address combinations through a firewall which increase the network vulnerability through unrecognized backdoors; and 7) determining the inability to correlate call state information with dynamically established rules in the firewall.
87 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a receiver, a session initiation signal to initiate a communications session through a firewall; and determining, by a processor, a time between, first, receiving the session initiation signal and, second, opening a pinhole in the firewall for the communications session initiated by the session initiation signal. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method comprising:
-
transmitting, by a transmitter, a session termination signal used to terminate an established communications session through a firewall; and measuring, by a processor, a time period between transmitting the session termination signal and closing a pinhole in the firewall in response to the session termination signal used to terminate the established communications session. - View Dependent Claims (7, 8, 9)
-
-
10. A computer-implemented method of testing a network firewall, comprising:
-
receiving, by a receiver, a session signal to initiate a communications session to be conducted through the firewall; transmitting, by a transmitter, test packets to at least one port on a first side of the firewall; determining, by a processor, a time when the test packets first pass through the at least one port, the at least one port being opened in response to the signal to initiate a communications session; and determining, by the processor, a time between the receiving the session signal to initiate the communications session and opening a port in the firewall for the communications session based on the time when the test packets first pass through the at least one port, wherein the session signal to initiate the communications session is received before the test packets first pass through the at least one port. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A device including:
-
a receiver to receive a session initiation signal to initiate a communications session through a firewall; and a processor to determine a time between receiving the session initiation signal and opening a pinhole in the firewall for the communications session initiated by the session initiation signal. - View Dependent Claims (16, 17)
-
-
18. A device comprising:
-
a transmitter to transmit a session termination signal to terminate an established communications session through a firewall; and a processor to determine a time between the transmitting of the session termination signal and closing a pinhole in the firewall in response to the session termination signal used to terminate the established communications session. - View Dependent Claims (19, 20)
-
Specification