Dynamic updating of firewall parameters
First Claim
Patent Images
1. A computing device configured to execute a firewall for implementing security policy for controlling network traffic, the computing device comprising:
- an electronic processor; and
code executable by the electronic processor to;
receive a policy rule at a policy level interface, the policy rule comprising a keyword reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, the keyword reference being an identifier associated with the predefined container;
receive at a non-policy level interface a request from a program protected by the firewall to populate the predefined container referenced by the keyword with a firewall parameter value;
identify the program from which the request is received and determine whether the program is authorized to populate the predefined container referenced by the keyword; and
populate the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range and if the program is authorized to populate the firewall parameter.
2 Assignments
0 Petitions
Accused Products
Abstract
The dynamic updating of firewall parameters is described. One exemplary embodiment includes receiving a policy rule that includes a reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, receiving a firewall parameter value, and populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range, thereby updating the policy rule.
38 Citations
14 Claims
-
1. A computing device configured to execute a firewall for implementing security policy for controlling network traffic, the computing device comprising:
an electronic processor; and
code executable by the electronic processor to;receive a policy rule at a policy level interface, the policy rule comprising a keyword reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, the keyword reference being an identifier associated with the predefined container; receive at a non-policy level interface a request from a program protected by the firewall to populate the predefined container referenced by the keyword with a firewall parameter value; identify the program from which the request is received and determine whether the program is authorized to populate the predefined container referenced by the keyword; and populate the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range and if the program is authorized to populate the firewall parameter. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A computing device configured to execute a firewall for implementing security policy for controlling network traffic, the computing device comprising:
an electronic processor; and
code executable by the electronic processor to;present a policy level interface at which the firewall can receive an input of a policy rule including a keyword referencing a predefined container that specifies a permissible value range of port numbers to open allowable under the policy rule, the keyword being an identifier associated with the predefined container; present a non-policy level interface at which the firewall can receive the keyword and a request from a program protected by the firewall to open a port number; populate the predefined container referenced by the keyword with the port number if the port number is within the permissible value range and the program is authorized to populate the predefined container; and enforce the policy rule. - View Dependent Claims (8, 9, 10)
-
11. A method for dynamically updating a firewall parameter of a firewall located between a first program and a network, the first program protected by the firewall, the method comprising:
-
presenting a policy level interface to a second program having administrative rights; receiving a policy rule from the second program at the policy level interface, the policy rule comprising a keyword reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, the keyword reference being an identifier associated with the predefined container; presenting a non-policy level interface to the first program, the first program not having administrative rights; receiving a request from the first program at the non-policy level interface to populate the predefined container referenced by the keyword with a firewall parameter value; identifying the first program; determining whether the first program is authorized to populate the predefined container referenced by the keyword; populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range and if the first program is authorized to populate the firewall parameter; and opening a port to communicate with a remote device connected to the network on a far side of the firewall, the port opened according to the firewall parameter value. - View Dependent Claims (12, 13, 14)
-
Specification