Firewall system for protecting network elements connected to a public network
DC
First Claim
1. A firewall system for protecting network elements comprising:
- a computing platform having a microprocessor and memory storage, wherein said computing platform provides access from a network connection to at least one network element, wherein said memory contains instructions causing said microprocessor to perform the steps of;
initializing a plurality of proxy agents, wherein each of said proxy agents is assigned a corresponding port number and protocol;
verifying that incoming connection requests are formatted in accordance with said corresponding protocol;
logging information associated with incoming connection requests; and
,processing received packets to determine the presence of executable commands nested within received packets, and if detected, discarding said received packets.
2 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
A firewall for isolating network elements from a publicly accessible network to which such network elements are attached. The firewall operates on a stand alone computer connected between the public network and the network elements to be protected such that all access to the protected network elements must go through the firewall. The firewall application running on the stand alone computer is preferably the only application running on that machine. The application includes a variety of proxy agents that are specifically assigned to an incoming request in accordance with the service protocol (i.e., port number) indicated in the incoming access request. An assigned proxy agent verifies the authority of an incoming request to access a network element indicated in the request. Once verified, the proxy agent completes the connection to the protected network element on behalf of the source of the incoming request.
444 Citations
1 Claim
-
1. A firewall system for protecting network elements comprising:
a computing platform having a microprocessor and memory storage, wherein said computing platform provides access from a network connection to at least one network element, wherein said memory contains instructions causing said microprocessor to perform the steps of; initializing a plurality of proxy agents, wherein each of said proxy agents is assigned a corresponding port number and protocol; verifying that incoming connection requests are formatted in accordance with said corresponding protocol; logging information associated with incoming connection requests; and
,processing received packets to determine the presence of executable commands nested within received packets, and if detected, discarding said received packets.
Specification
-
- Resources
-
Current AssigneeNetwork Engineering Software, Inc. (Hopto Inc.)
-
Original AssigneeNetwork Engineering Software, Inc. (Hopto Inc.)
-
InventorsColey, Christopher D., Wesinger, Jr., Ralph E.
-
Primary Examiner(s)Beausoliel, Jr., Robert W.
-
Assistant Examiner(s)ELMORE, STEPHEN C
-
Application NumberUS09/174,723Time in Patent Office568 DaysField of Search395/186, 395/187.01, 395/188.01, 395/200.55, 395/200.59, 395/726, 713/200, 713/201, 713/202, 340/825.31, 340/825.34, 364/222.5, 364/286.4, 364/286.5, 364/479.07, 380/3, 380/4, 380/24, 380/25, 380/30, 380/48US Class Current726/12CPC Class CodesG06Q 20/027 involving a payment switch ...H04L 63/02 for separating internal fro...H04L 63/0227 Filtering policies mail mes...H04L 63/0263 Rule managementH04L 63/0281 ProxiesH04L 63/0807 using tickets, e.g. Kerbero...H04L 63/083 using passwords cryptograph...H04L 63/1458 Denial of ServiceH04L 63/18 using different networks or...H04L 69/16 Implementation or adaptatio...H04L 9/40 Network security protocols
