Distributed firewall implementation and control

US 20070261111A1
Filed: 05/05/2006
Published: 11/08/2007
Est. Priority Date: 05/05/2006
Status: Active Grant

First Claim

Patent Images

1. A method of configuring firewall services in a network having a plurality of devices comprising:

determining a firewall capability for a first device in the network;

determining a firewall service requirement for a second device in the network; and

configuring the first device to provide firewall service for itself and for the second device according to the firewall service requirement of the second device and the firewall capability of the first device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more devices on a network may be configured to provide firewall services for other devices on the network. Each of the firewall service suppliers may publish its capability with respect to firewall services and the service receivers may publish their requirements for firewall services. A manager function may broker the requests and offers to match services and requirements. A default firewall service may be provided to devices not publishing their requirements. Network topologies may be re-configured to first route traffic addressed to a device to its corresponding firewall service provider.

100 Citations

View as Search Results

20 Claims

1. A method of configuring firewall services in a network having a plurality of devices comprising:
- determining a firewall capability for a first device in the network;
  
  determining a firewall service requirement for a second device in the network; and
  
  configuring the first device to provide firewall service for itself and for the second device according to the firewall service requirement of the second device and the firewall capability of the first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising configuring a router to logically place the second device behind the first device.
  - 3. The method of claim 1, wherein determining the firewall capability for the first device comprises monitoring published information corresponding to the firewall capability of the first device.
  - 4. The method of claim 1, wherein determining the firewall service requirement comprises monitoring a published request for firewall services from the second device.
  - 5. The method of claim 4, wherein an administrative setting requires the firewall service more restrictive than the published request for firewall services from the second device.
  - 6. The method of claim 1, wherein determining the firewall service requirement comprises selecting a default firewall service for the second device when no published information is available from the second device.
  - 7. The method of claim 1, wherein an upstream device sets open access for its firewall service when a downstream device has a firewall capability that meets a minimum firewall capability.

8. A network having a plurality of devices adapted for configurable firewall protection comprising:
- a router with an upstream side and a downstream side for directing data traffic with devices on the network;
  
  a first device coupled to the downstream side of the router, the first device having an ability to supply at least one firewall capability; and
  
  a second device coupled to the downstream side of the router, the second device adapted to publish a request for a firewall service, wherein the first device supplies the at least one firewall capability responsive to the request from the second device when the at least one firewall capability of the first device meets a requirement of the request for the firewall service.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The network of claim 8, wherein the requirement is implicit in the request.
  - 10. The network of claim 8, wherein the router accepts a signal to direct incoming traffic addressed to the second device to the first device for fulfilling the request for the firewall service.
  - 11. The network of claim 8, wherein the first device shares out a network connection to the second device.
  - 12. The network of claim 8, wherein the first device publishes the ability to supply the at least one firewall capability.
  - 13. The network of claim 12, wherein the second device receives from the first device the published ability to supply the at least one firewall capability and directs the request for the firewall service to the first device.
  - 14. The network of claim 8, further comprising a controller for monitoring a firewall capability and a firewall service requirement for each of the plurality of devices adapted for configurable firewall protection.
  - 15. The network of claim 14, wherein the controller is incorporated in one of the first device and the router.
  - 16. The network of claim 14, wherein the controller has a communication function for publishing a firewall service requirement to each of the plurality of devices.
  - 17. The network of claim 16, wherein the first device supplies the at least one firewall capability to be more restrictive than the request for firewall service from the second device when the published firewall service requirement is more restrictive than the request for firewall service from the second device.
  - 18. The network of claim 14, wherein the controller assigns a default firewall service for a third device that does not publish a request for firewall service.

19. A computer arranged and adapted to provide firewall services to an other electronic device comprising:
- a network connection supporting bidirectional data traffic with an upstream network;
  
  a manager coupled to the network connection operable to monitor published requests for firewall services from the other electronic device, and, responsive to the request, configure the network connection to place the other electronic device logically downstream of the computer, and determine a level of firewall service to provide to the other electronic device; and
  
  a firewall service provider coupled to the manager and the network connection, wherein the firewall service provider supports firewall service for itself and provides firewall service for data traffic addressed to the other electronic device according to the level determined by the manager.
- View Dependent Claims (20)
- - 20. The computer of claim 19, further comprising a second network connection wherein data traffic on the network connection addressed to the other electronic device is filtered according to the level of firewall service and routed via the second network connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Roberts, David

Granted Patent

US 8,079,073 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0218 Distributed architectures, ...

H04L 63/1441 Countermeasures against mal...

Distributed firewall implementation and control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

100 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Distributed firewall implementation and control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others