Method and apparatus for a distributed firewall

a distributed firewall and distributed technology, applied in the field of communication, can solve the problems of end-to-end encryption, threat to the traditional notion of firewalls, and inconvenient use of conventional firewalls to deal with these types of problems,

Inactive Publication Date: 2006-03-30
RPX CORP
View PDF2 Cites 106 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Other trends are also threatening the traditional notion of firewalls.
Conventional firewalls are not suited to deal with these types of problems, especially as internally assigned Internet Protocol (IP) addresses change.
End-to-end encryption is another threat, since the firewall generally does not have the necessary codes (or keys) to peer through the encryption.
Conventional distributed firewalls, such as the one disclosed in the '668 patent, however, are less than satisfactory for a number of reasons.
For example, the distributed firewall described in the '668 patent is not capable to preventing “spoofing.” Spoofing refers to a technique wherein a packet sender attempts to access a firewall by impersonating another sender's address.
In other words, there is no technique for authenticating the identity of the sender.
In another example, the '668 patent fails to address the telecommuting situation where a user often connects a computer to a corporate network via an unsecured link, e.g., the Internet.
In such a case, there is no mechanism for protecting communications between the corporate network and the telecommuters' computer.
Part of the problem with telecommuters is triangle routing, plus lack of protection for their machines when on the outside Internet.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for a distributed firewall
  • Method and apparatus for a distributed firewall
  • Method and apparatus for a distributed firewall

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0012] The embodiments of the invention include a distributed firewall that utilizes the following principles: a) a policy language that states what sort of connections are permitted or prohibited, b) an encryption mechanism; and c) any of a number of system management tools, such as Microsoft's Systems Management Server (SMS) or Automatic Software Distribution (ASD) to manage the distributed firewall. ASD is described in a paper authored by Andrew Koenig entitled “Automatic Software Distribution,” USENIX Conference Proceedings, Pages 312-322, Salt Lake City, Utah, Summer, 1984, and is incorporated by reference herein.

[0013] In one embodiment of the invention, a compiler translates the policy language into some internal format. The system management software distributes this policy file to all hosts that are protected by the firewall. Any incoming packets are accepted or rejected by each “inside” host, according to both the policy and the cryptographically-verified identity of each...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method and apparatus for implementing a distributed firewall is described. A packet filter processor receives a packet sent from a first device to a second device. The packet filter processor authenticates an identifier for the packet. For example, authentication could be performed using a cryptographically-verifiable identifier. The packet filter processor determines whether to send the packet to the second device, based on the authentication and a set of policy rules. The packet filter processor sends the packet to the second device in accordance with the determination

Description

FIELD OF THE INVENTION [0001] The invention relates to communications in general. More particularly, the invention relates to a method and apparatus for creating a distributed firewall using cryptographic techniques. BACKGROUND OF THE INVENTION [0002] Conventional firewalls rely on the notions of restricted topology and control entry points to function. More precisely, they rely on the assumption that everyone on one side of the firewall is to be trusted, while those on the other side are not. The vastly expanded Internet connectivity in recent years has called that assumption into question. So-called “extranets” can allow outsiders to reach the “inside” of the firewall. Conversely, telecommuters' machines that traditionally do not have the protection of a firewall use the Internet for connectivity. These machines in particular need protection when encrypted tunnels are not in place. Other trends are also threatening the traditional notion of firewalls. For example, some machines ne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(United States)
IPC IPC(8): G06F15/16G06F17/00G06F9/00
CPCH04L63/0218H04L63/08H04L63/0236
Inventor BELLOVIN, STEVEN MICHAEL
Owner RPX CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap