Method and apparatus for managing internetwork and intranetwork activity
First Claim
1. A computer-readable medium having computer-executable components for managing communication of data packets between an intranetwork and an internetwork, the intranetwork connecting a plurality of computers via a communications medium, the internetwork connecting a plurality of intranetworks via communications media, the computer-readable medium having computer-executable components comprising:
- (a) a graphical user interface for allowing an administrator of a computer connected to the intranetwork to input;
(i) user information identifying each user of a computer connected to the intranetwork;
(ii) mapping information mapping each identified user to at least one computer connected to intranetwork; and
(ii) user policies for each identified user governing the communication of data packets between the identified user and the internetwork;
(b) a database for storing the user information, mapping information and user policies for each identified user provided by the administrator using the graphical user interface;
(c) a filter executive for optimizing the user policies for each identified user stored in the database into a set of rules for each identified user; and
(d) a filter engine for filtering data packets communicated between the intranetwork and the internetwork according to the set of rules for each identified user optimized by the filter executive and the mapping information for each identified user.
18 Assignments
0 Petitions
Accused Products
Abstract
In accordance with the present invention, a network management program (80) is provided that manages the communication of data packets between an intranetwork (44) and an internetwork (40). An operator of a computer connected to the intranetwork (44) inputs vital information regarding users of computers connected to the intranetwork (44), mapping information regarding computers connected to the intranetwork (44), and policies to be applied against those users and computers, using a graphical user interface (GUI 70). The GUI (70) communicates the vital user information, mapping information and policies to a database (72) which stores and organizes the vital user information, mapping information and policies. A filter executive (76) optimizes the policies stored in the database (72) into a set of rules for each user and passes the rules to a filter engine (78). The filter engine (78) filters all outbound data packets transmitted from the intranetwork (44) to the internetwork (40) and verifies all inbound data packets from the internetwork (40) according to the rules provided by the filter executive (76). The filter executive (76) also communicates the mapping information stored in the database (72) to a naming service manager (74) which further updates the mapping information and returns the updated mapping information to the filter executive (76). Consequently, the filter executive (78) filters the data packets according to the most recent mapping information.
23 Citations
91 Claims
-
1. A computer-readable medium having computer-executable components for managing communication of data packets between an intranetwork and an internetwork, the intranetwork connecting a plurality of computers via a communications medium, the internetwork connecting a plurality of intranetworks via communications media, the computer-readable medium having computer-executable components comprising:
-
(a) a graphical user interface for allowing an administrator of a computer connected to the intranetwork to input;
(i) user information identifying each user of a computer connected to the intranetwork;
(ii) mapping information mapping each identified user to at least one computer connected to intranetwork; and
(ii) user policies for each identified user governing the communication of data packets between the identified user and the internetwork;
(b) a database for storing the user information, mapping information and user policies for each identified user provided by the administrator using the graphical user interface;
(c) a filter executive for optimizing the user policies for each identified user stored in the database into a set of rules for each identified user; and
(d) a filter engine for filtering data packets communicated between the intranetwork and the internetwork according to the set of rules for each identified user optimized by the filter executive and the mapping information for each identified user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An apparatus for managing communication of data packets between an intranetwork and an internetwork, the intranetwork connecting a plurality of computers via a communications medium, the internetwork connecting a plurality of intranetworks via communications media, the apparatus comprising:
-
(a) a storage medium for storing;
(i) a database which includes user information, mapping information and policies for each user of a computer connected to the intranetwork, wherein the user information identifies each user, wherein the mapping information maps each user to a computer connected to the intranetwork, and wherein the policies govern the communication of data packets between each user and the internetwork;
(ii) a filter executive which optimizes the user policies for each user stored in the database into a set of rules for each user; and
(iii) a filter engine which filters data packets communicated between the intranetwork and the internetwork according to the set of rules for each user optimized by the filter executive and the mapping information for each user; and
(b) a processing unit electronically coupled to the storage medium for executing program instructions which maintain the database, implement the filter executive and implement the filter engine. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A method for managing communication of information between users of a plurality of computers connected to an intranetwork, and an internetwork, wherein the internetwork connects a plurality of intranetworks, the method comprising:
-
(a) establishing one or more policies for each user of the plurality of computers;
(b) optimizing the one or more policies so as to establish a set of user rules for each user, the user rules governing the communication of information between the user and the internetwork, wherein at least one of the user rules comprises a rule based on a usage quota for a user;
(c) identifying each user of the plurality of computers connected to the intranetwork;
(b)(d) mapping each user to at least one computer connected to the intranetwork;
(c) establishing a set of user rules for each user governing the communication of information between the user and the internetwork;
and(d)(e) filtering the information communicated between the users of the plurality of computers connected to the intranetwork and the internetwork according to the set of user rules for each user. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73)
-
-
74. A method of managing communication of information between users of a plurality of computers connected to an intranetwork, and an internetwork, wherein the internetwork connects a plurality of intranetworks, the method comprising:
-
establishing one or more policies for each user of the plurality of computers;
optimizing the one or more policies so as to establish a set of user rules for each user, the user rules governing the communication of information between the user and the internetwork;
identifying each user of the plurality of computers connected to the intranetwork;
mapping each user to at least one computer connected to the intranetwork, thereby defining mapping information for each user;
querying a NETBIOS server for an IP address of a computer operated by each user; and
filtering information communicated between the users of the plurality of computers connected to the intranetwork and the internetwork according to the set of user rules for each user and the mapping information for each user. - View Dependent Claims (75)
-
-
76. A system for managing communication of information between users of a plurality of computers connected to an intranetwork, and an internetwork, wherein the internetwork connects a plurality of intranetworks, the system comprising:
-
means for establishing one or more policies for each user of the plurality of computers;
means for optimizing the one or more policies so as to establish a set of user rules for each user, the user rules governing the communication of information between the user and the internetwork, wherein at least one of the user rules comprises a rule based on a usage quota for a user;
means for identifying each user of the plurality of computers connected to the intranetwork;
means for mapping each user to at least one computer connected to the intranetwork; and
means for filtering information communicated between the users of the plurality of computers connected to the intranetwork and the internetwork according to the set of user rules for each user.
-
-
77. A method of managing communication of information between a user of a computer and an intranetwork, wherein the intranetwork is coupled to an internetwork that connects a plurality of intranetworks, the method comprising:
-
establishing one or more policies for the user;
optimizing the one or more policies so as to establish a set of user rules for the user, the user rules governing the communication of information between the user and the internetwork;
identifying the user of the computer connected to the intranetwork;
mapping the user to the computer connected to the intranetwork as the user logs onto the intranetwork, thereby defining mapping information for each user; and
filtering the information communicated between the user and the internetwork according to the set of user rules for the user and the mapping information for each user. - View Dependent Claims (78, 79, 80, 81, 82)
-
-
83. An apparatus for managing communication of data packets between an intranetwork and an internetwork, the intranetwork connecting a plurality of computers via a communications medium, the internetwork connecting a plurality of intranetworks via communications media, the apparatus comprising:
-
(a) a storage medium for storing;
a database which includes user information, mapping information and policies for each user of a computer connected to the intranetwork, wherein the user information identifies each user, wherein the mapping information maps each user to an IP address of a computer connected to the intranetwork, and wherein the policies govern the communication of data packets between each user and the internetwork;
a filter executive which optimizes the user policies for each user stored in the database into a set of rules for each user; and
a filter engine which filters data packets communicated between the intranetwork and the internetwork according to the set of rules for each user optimized by the filter executive and the mapping information for each user; and
(b) a processing unit electronically coupled to the storage medium for executing program instructions which maintain the database, implement the filter executive and implement the filter engine.
-
-
84. A method of managing communication of information between users of a plurality of computers connected to an intranetwork, and an internetwork, wherein the internetwork connects a plurality of intranetworks, the method comprising:
-
identifying each user of the plurality of computers connected to the intranetwork;
mapping each user to at least one computer connected to the intranetwork;
establishing a set of user rules for each user governing the communication of information between the user and the internetwork, wherein at least one set of user rules comprises a usage quota rule; and
filtering the information communicated between the users of the plurality of computers connected to the intranetwork and the internetwork according to the set of user rules for each user.
-
-
85. A method of managing communication of information between users of a plurality of computers connected to an intranetwork, and an internetwork, wherein the internetwork connects a plurality of intranetworks, the method comprising:
-
(a) identifying each user of the plurality of computers connected to the intranetwork;
(b) mapping each user to at least one computer connected to the intranetwork;
(c) establishing a set of user rules for each user governing the communication of information between the user and the internetwork, wherein at least one set of user rules comprises a rule based on a usage quota for a user;
(d) storing in a database an identifier associated with each user, the at least one computer mapped to each identified user, and the set of user rules for each user; and
(e) filtering the information communicated between the users of the plurality of computers connected to the intranetwork and the internetwork according to the set of user rules for each user. - View Dependent Claims (86, 87)
-
-
88. A method of managing communication of information between users of a plurality of computers connected to an intranetwork, and an internetwork, wherein the internetwork connects a plurality of intranetworks, the method comprising:
-
(a) identifying each user of the plurality of computers connected to the intranetwork;
(b) mapping each user to at least one computer connected to the intranetwork;
(c) adding each user to a system hierarchy of groups including a root group and a plurality of subgroups, wherein the root group contains each user and wherein each subgroup contains at least one user;
(d) establishing a set of user rules for each user governing the communication of information between the user and the internetwork, wherein at least one of the sets of user rules comprises a rule based on a usage quota for a user;
(e) filtering the information communicated between the users of the plurality of computers connected to the intranetwork and the internetwork according to the set of user rules for each user, wherein the filtering comprises applying a set of global network policies against all users contained in the root group of the system hierarchy, wherein each global network policy indicates whether certain information may be communicated between any of the users contained in the root group and the internetwork using a particular network protocol. - View Dependent Claims (89, 90, 91)
-
Specification