WO2001091418A3 - Distributed firewall system and method - Google Patents

Distributed firewall system and method Download PDF

Info

Publication number
WO2001091418A3
WO2001091418A3 PCT/US2001/017153 US0117153W WO0191418A3 WO 2001091418 A3 WO2001091418 A3 WO 2001091418A3 US 0117153 W US0117153 W US 0117153W WO 0191418 A3 WO0191418 A3 WO 0191418A3
Authority
WO
WIPO (PCT)
Prior art keywords
packet
interface device
network interface
network
security server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2001/017153
Other languages
French (fr)
Other versions
WO2001091418A2 (en
Inventor
Thomas R Markham
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secure Computing LLC
Original Assignee
Secure Computing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secure Computing LLC filed Critical Secure Computing LLC
Priority to AU2001265035A priority Critical patent/AU2001265035A1/en
Priority to EP01939528A priority patent/EP1290852A2/en
Publication of WO2001091418A2 publication Critical patent/WO2001091418A2/en
Publication of WO2001091418A3 publication Critical patent/WO2001091418A3/en
Priority to US10/304,469 priority patent/US7536715B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system and method for restricting packet transfer to a computer across a network, wherein the computer includes a network interface device coupled to the network and wherein the network interface device includes a packet filter. A security server is connected to the network. A packet is received at the network interface device and the network interface device determines if the packet is an authorized transaction. If the packet is not an authorized transaction, the packet is routed to the security server, where the security server determines whether the packet is an authorized transaction. If the security server determines that the packet is an authorized transaction, the network interface device is configured to accept similar transactions.
PCT/US2001/017153 2000-05-25 2001-05-25 Distributed firewall system and method Ceased WO2001091418A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU2001265035A AU2001265035A1 (en) 2000-05-25 2001-05-25 Distributed firewall system and method
EP01939528A EP1290852A2 (en) 2000-05-25 2001-05-25 Distributed firewall system and method
US10/304,469 US7536715B2 (en) 2001-05-25 2002-11-25 Distributed firewall system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US57831400A 2000-05-25 2000-05-25
US09/578,314 2000-05-25

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US10/304,469 Continuation US7536715B2 (en) 2001-05-25 2002-11-25 Distributed firewall system and method

Publications (2)

Publication Number Publication Date
WO2001091418A2 WO2001091418A2 (en) 2001-11-29
WO2001091418A3 true WO2001091418A3 (en) 2002-08-08

Family

ID=24312336

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/017153 Ceased WO2001091418A2 (en) 2000-05-25 2001-05-25 Distributed firewall system and method

Country Status (3)

Country Link
EP (1) EP1290852A2 (en)
AU (1) AU2001265035A1 (en)
WO (1) WO2001091418A2 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7409714B2 (en) 2001-06-13 2008-08-05 Mcafee, Inc. Virtual intrusion detection system and method of using same
FI20021802L (en) * 2002-10-09 2004-04-10 Tycho Technologies Oy Distributed firewall management
US7475243B2 (en) * 2002-12-11 2009-01-06 Broadcom Corporation Preventing a non-head end based service provider from sending media to a media processing system
US7814543B2 (en) 2004-02-13 2010-10-12 Microsoft Corporation System and method for securing a computer system connected to a network from attacks
US7716726B2 (en) 2004-02-13 2010-05-11 Microsoft Corporation System and method for protecting a computing device from computer exploits delivered over a networked environment in a secured communication
US7353390B2 (en) 2004-08-20 2008-04-01 Microsoft Corporation Enabling network devices within a virtual network to communicate while the networks's communications are restricted due to security threats
US7716727B2 (en) 2004-10-29 2010-05-11 Microsoft Corporation Network security device and method for protecting a computing device in a networked environment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999067931A1 (en) * 1998-06-25 1999-12-29 Jacobson Family Holdings, Llc Network policy management and effectiveness system
EP1024627A2 (en) * 1999-01-29 2000-08-02 Lucent Technologies Inc. A method and apparatus for managing a firewall

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6253321B1 (en) * 1998-06-19 2001-06-26 Ssh Communications Security Ltd. Method and arrangement for implementing IPSEC policy management using filter code
CA2287258C (en) * 1998-10-22 2004-08-10 At&T Corp. System and method for demand-driven loading of rules in a firewall

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999067931A1 (en) * 1998-06-25 1999-12-29 Jacobson Family Holdings, Llc Network policy management and effectiveness system
EP1024627A2 (en) * 1999-01-29 2000-08-02 Lucent Technologies Inc. A method and apparatus for managing a firewall

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1290852A2 *

Also Published As

Publication number Publication date
AU2001265035A1 (en) 2001-12-03
EP1290852A2 (en) 2003-03-12
WO2001091418A2 (en) 2001-11-29

Similar Documents

Publication Publication Date Title
WO2002017587A3 (en) System and method for implementing an enhanced transport layer security protocol
WO2002012987A3 (en) Systems and methods for authenticating a user to a web server
WO2002009356A3 (en) Method and system for accessing a service available on a second network by a member of a first network
WO2002049315A3 (en) System and method for assisting in controlling real-time transport protocol flow through multiple networks via use of a cluster of session routers
IL139415A (en) Method for intercepting network packets in a computing device
WO2003036845A3 (en) System and method for controlling transmission of data packets over an information network
AU2001266580A1 (en) Method and system for detecting, tracking and blocking denial of service attacksover a computer network
WO2001037068A3 (en) Method and apparatus for providing secure communication in a network
WO2002049316A3 (en) System and method for assisting in controlling real-time transport protocol flow through multiple networks
AU4267999A (en) Preventing unauthorized use of service
WO2002019286A8 (en) Vending system
AU2002334371A1 (en) Device, method and system for authorizing transactions
WO2006050336A3 (en) Service processor gateway system and appliance
WO2001080093A3 (en) System and method for reformatting data traffic
AU3116702A (en) A method of improving the availability of a computer clustering system through the use of a network medium link state function
WO2002011422A3 (en) Communication account system
WO2002063898A8 (en) Presence and availability management system
WO2002045370A3 (en) Secure session management and authentication for web sites
AU3354900A (en) Methods, software, and apparatus for secure communication over a computer network
TWI256227B (en) Device, system and method to manage security credentials in a protected computer network domain
WO2001091444A3 (en) Cost control management in telecommunication systems
EP1187419A3 (en) User authentication system and method
WO2001091418A3 (en) Distributed firewall system and method
EP1150472A3 (en) Method and system for installing available network protocols
WO2001054347A3 (en) Creating an optical trail across an optical transport network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 10304469

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2001939528

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2001939528

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP