Network attached device with dedicated firewall security
DCFirst Claim
Patent Images
1. A network arrangement comprising:
- a network client and at least one network attached device (NAD) residing on a same network;
a NAD server disposed between the network client and the NAD, the NAD server being configured to electronically communicate with the NAD over a connection, the NAD server being further configured to receive request contained in a data packet for network access to the NAD, the NAD server including computer executable instructions that, upon execution, cause the NAD server to;
determine whether the header of a received data packet containing the request for network access includes at least one of an IP address of a network source, an IP address of a network destination, and a route of the data packet, the NAD being further configured to filter the data packet based at least on an IP address in a header of the data packet and to;
determine whether the received request for network access to the NAD is authorized; and
provide the network client with network access to the NAD only if the request for network access is authorized, such that the NAD is protected from unauthorized access requests from the network client and other devices in a manner that is in addition to any protection afforded by a firewall.
11 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Dedicated firewall security for a network attached device (NAD) is provided by a firewall management system integrated directly into the NAD or into a NAD server. A local area network arrangement includes a network client and the NAD and the firewall management system includes computer readable medium having computer-executable instructions that perform the steps of receiving a request for network access to the NAD from the network client, determining whether the request for network access to the NAD is authorized, and only if the request for network access is authorized, providing the network client with network access to the NAD.
52 Citations
30 Claims
-
1. A network arrangement comprising:
-
a network client and at least one network attached device (NAD) residing on a same network; a NAD server disposed between the network client and the NAD, the NAD server being configured to electronically communicate with the NAD over a connection, the NAD server being further configured to receive request contained in a data packet for network access to the NAD, the NAD server including computer executable instructions that, upon execution, cause the NAD server to; determine whether the header of a received data packet containing the request for network access includes at least one of an IP address of a network source, an IP address of a network destination, and a route of the data packet, the NAD being further configured to filter the data packet based at least on an IP address in a header of the data packet and to; determine whether the received request for network access to the NAD is authorized; and provide the network client with network access to the NAD only if the request for network access is authorized, such that the NAD is protected from unauthorized access requests from the network client and other devices in a manner that is in addition to any protection afforded by a firewall. - View Dependent Claims (2, 3, 4)
-
-
5. A local area network arrangement comprising a network client and at least one network attached device (NAD) disposed in electronic communication with each other over a same network, the NAD comprising;
-
a data management component, and an internal firewall management component, the internal firewall management component being configured to receive a plurality of requests for network access to the NAD from the network client and, for each of the plurality of requests, to determine, independently of a firewall external to the NAD, whether the request for network access to the NAD is authorized, wherein the data packet includes a header and wherein the internal firewall management component of the NAD is configured to determine whether each of the plurality of requests for network access to the NAD is authorized by filtering the data packet based at least on IP addresses contained in the header, and wherein the request for network access to the NAD is determined to be authorized by determining whether the header includes at least information relating to a network source, a destination, and a route of the data packet, wherein the data management component is configured to provide the network client with access to the NAD only if the request for network access is determined to be authorized by the internal firewall management component, and wherein at least some of the plurality of requests originate from within the network without passing through the firewall. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A system for managing access from outside of a network running a bastion firewall to at least one network attached device (NAD) operatively connected to the network, the apparatus comprising:
-
means for receiving at least one request for network access to the NAD and for determining whether the received at least one request for network access to the NAD should be authorized by determining whether the header of a received data packet containing the request for network access includes at least one of an IP address of a network source, an IP address of a network destination, and a route of the data packet, the NAD being further configured to filter the data packet based at least on an IP address in a header of the data packet; and means for providing network access to the NAD when the at least one request is authorized and for denying network access to the NAD when the at least one request is unauthorized, wherein the at least one request originates one of within the network and external to the network and wherein at least one request passed into the network through a firewall. - View Dependent Claims (11)
-
-
12. An apparatus, comprising:
-
a processing unit; a network interface coupled to the processing unit and to a network; an attached device interface coupled to the processing unit and configured to provide a communication path to a directly attached device; and a memory coupled to the processing unit and storing instructions that, upon execution, cause the processing unit to; determine whether requests for access to the directly attached device received from the network interface should be authorized or unauthorized wherein each of the requests for access to the directly attached device is contained in a packet and determine whether the header of a received data packet containing the request for network access includes at least one of an IP address of a network source, an IP address of a network destination, and a route of the data packet, the NAD being further configured to filter the data packet based at least on an IP address in a header of the data packet; deny requests for access to the directly attached device that are determined to be unauthorized; allow requests for access to the directly attached device that are determined to be authorized, wherein each of the requests originates one of within and external to the network and wherein at least one of the requests for access has passed into the network through a firewall. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. An apparatus, comprising:
-
means for receiving requests over a network for access to a network attached device (NAD), the requests originating one of within the network and external thereto, at least one of the requests having passed into the network through a firewall; means for filtering each of the requests for access to the NAD to prevent unauthorized access to the NAD wherein each of the requests includes a packet having a header and wherein the means for filtering comprises means for examining the header of a packet received in connection with the request to determine whether the header includes at least one of an IP address of a network source, an IP address of a network destination, and a route of the data packet, the NAD being further configured to filter the data packet based at least on an IP address in a header of the data packet; and means for allowing access to the NAD for each request that the filtering means determines is authorized such that the NAD is protected from unauthorized access requests from network clients and other devices in a manner that is in addition to any protection afforded by a firewall. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
Specification