Integration of social network information and network firewalls
First Claim
1. A method of operating a firewall embodied as a standalone hardware device, the method comprising:
- providing the firewall operatively coupled to one or more internal endpoints and configured to provide firewall services to the one or more internal endpoints for traffic arriving through a network connection from one or more external endpoints;
monitoring, at the firewall, an invitation to join in peer-to-peer activity sent from a first internal endpoint to a first external endpoint, wherein the first internal endpoint, the first external endpoint, and the firewall are separate devices;
extracting, at the firewall, information from the invitation in transit between the first internal endpoint and the first external endpoint;
comparing, at the firewall, the information extracted from the invitation to a list of entities for which the first internal endpoint requires an authenticated connection;
determining, at the firewall, that the first internal endpoint requires an authenticated connection with the first external endpoint;
determining, at the firewall, whether the information extracted from the invitation includes cryptographic matter to support establishment of the authenticated connection with the first external endpoint;
storing, at the firewall, a firewall setting specific to the first external endpoint that blocks incoming traffic from the first external endpoint destined for the first internal endpoint;
dynamically programming, at the firewall, a firewall exception for the firewall setting specific to the first external endpoint when the information extracted from the invitation includes the cryptographic matter, wherein the firewall exception sets a limited duration period for the first external endpoint to attempt to establish the authenticated connection with the first internal endpoint over the network connection; and
configuring, at the firewall, the network connection for receiving incoming traffic from the first external endpoint destined for the first internal endpoint in accordance with the firewall setting specific to the first external endpoint.
2 Assignments
0 Petitions
Accused Products
Abstract
A firewall functions normally to pass data on open ports to a respective service or endpoint associated with an open port. Invitations may sent to from an internal endpoint to an external peer-to-peer network endpoint inviting a connection back to the internal endpoint. Rather than leave ports open in a firewall for such connections, an invitation manager analyzes the invitation and in real time programs an exception in the firewall based on the invitation. The exceptions may be programmed for a limited duration, based on the nature of the internal endpoint. When an authenticated connection is required, a public key or handle to a public key for the external endpoint may be passed to the firewall for use in establishing the connection.
86 Citations
20 Claims
-
1. A method of operating a firewall embodied as a standalone hardware device, the method comprising:
-
providing the firewall operatively coupled to one or more internal endpoints and configured to provide firewall services to the one or more internal endpoints for traffic arriving through a network connection from one or more external endpoints; monitoring, at the firewall, an invitation to join in peer-to-peer activity sent from a first internal endpoint to a first external endpoint, wherein the first internal endpoint, the first external endpoint, and the firewall are separate devices; extracting, at the firewall, information from the invitation in transit between the first internal endpoint and the first external endpoint; comparing, at the firewall, the information extracted from the invitation to a list of entities for which the first internal endpoint requires an authenticated connection; determining, at the firewall, that the first internal endpoint requires an authenticated connection with the first external endpoint; determining, at the firewall, whether the information extracted from the invitation includes cryptographic matter to support establishment of the authenticated connection with the first external endpoint; storing, at the firewall, a firewall setting specific to the first external endpoint that blocks incoming traffic from the first external endpoint destined for the first internal endpoint; dynamically programming, at the firewall, a firewall exception for the firewall setting specific to the first external endpoint when the information extracted from the invitation includes the cryptographic matter, wherein the firewall exception sets a limited duration period for the first external endpoint to attempt to establish the authenticated connection with the first internal endpoint over the network connection; and configuring, at the firewall, the network connection for receiving incoming traffic from the first external endpoint destined for the first internal endpoint in accordance with the firewall setting specific to the first external endpoint. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing device comprising:
-
a processor for executing computer-executable instructions; and memory storing computer-executable instructions for providing firewall services to one or more internal endpoints for traffic arriving through a network connection from one or more external endpoints, the computer-executable instructions comprising instructions for; monitoring an invitation to join in peer-to-peer activity sent from a first internal endpoint to a first external endpoint, wherein the first internal endpoint, the first external endpoint, and the firewall are separate devices; extracting information from the invitation in transit between the first internal endpoint and the first external endpoint; comparing the information extracted from the invitation to a list of entities for which the first internal endpoint requires an authenticated connection; determining that the first internal endpoint requires an authenticated connection with the first external endpoint; determining whether the information extracted from the invitation includes cryptographic matter to support establishment of the authenticated connection with the first external endpoint; storing a firewall setting specific to the first external endpoint that blocks incoming traffic from the first external endpoint destined for the first internal endpoint; dynamically programming a firewall exception for the firewall setting specific to the first external endpoint when the information extracted from the invitation includes the cryptographic matter, wherein the firewall exception sets a limited duration period for the first external endpoint to attempt to establish the authenticated connection with the first internal endpoint over the network connection; and configuring the network connection for receiving incoming traffic from the first external endpoint destined for the first internal endpoint in accordance with the firewall setting specific to the first external endpoint. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer storage medium that does not consist of a signal, the computer storage medium storing computer-executable instructions that, when executed, cause a computing device to perform steps for providing firewall services to one or more internal endpoints for traffic arriving through a network connection from one or more external endpoints, the computer-executable instructions comprising instructions for:
-
monitoring an invitation to join in peer-to-peer activity sent from a first internal endpoint to a first external endpoint, wherein the first internal endpoint, the first external endpoint, and the firewall are separate devices; extracting information from the invitation in transit between the first internal endpoint and the first external endpoint; comparing the information extracted from the invitation to a list of entities for which the first internal endpoint requires an authenticated connection; determining that the first internal endpoint requires an authenticated connection with the first external endpoint; determining whether the information extracted from the invitation includes cryptographic matter to support establishment of the authenticated connection with the first external endpoint; storing a firewall setting specific to the first external endpoint that blocks incoming traffic from the first external endpoint destined for the first internal endpoint; dynamically programming a firewall exception for the firewall setting specific to the first external endpoint when the information extracted from the invitation includes the cryptographic matter, wherein the firewall exception sets a limited duration period for the first external endpoint to attempt to establish the authenticated connection with the first internal endpoint over the network connection; and configuring the network connection for receiving incoming traffic from the first external endpoint destined for the first internal endpoint in accordance with the firewall setting specific to the first external endpoint. - View Dependent Claims (20)
-
Specification