Firewall providing enhanced network security and user transparen

Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer

Patent

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

713200, 714 4, 714 18, 380 4, 380 25, G06F 1300

Patent

active

060527889

ABSTRACT:
The present invention, generally speaking, provides a firewall that achieves maximum network security and maximum user convenience. The firewall employs "envoys" that exhibit the security robustness of prior-art proxies and the transparency and ease-of-use of prior-art packet filters, combining the best of both worlds. No traffic can pass through the firewall unless the firewall has established an envoy for that traffic. Both connection-oriented (e.g., TCP) and connectionless (e.g., UDP-based) services may be handled using envoys. Establishment of an envoy may be subjected to a myriad of tests to "qualify" the user, the requested communication, or both. Therefore, a high level of security may be achieved. The usual added burden of prior-art proxy systems is avoided in such a way as to achieve full transparency--the user can use standard applications and need not even know of the existence of the firewall. To achieve full transparency, the firewall is configured as two or more sets of virtual hosts. The firewall is, therefore, "multi-homed," each home being independently configurable. One set of hosts responds to addresses on a first network interface of the firewall. Another set of hosts responds to addresses on a second network interface of the firewall. In one aspect, programmable transparency is achieved by establishing DNS mappings between remote hosts to be accessed through one of the network interfaces and respective virtual hosts on that interface. In another aspect, automatic transparency may be achieved using code for dynamically mapping remote hosts to virtual hosts in accordance with a technique referred to herein as dynamic DNS, or DDNS.

REFERENCES:
patent: 5617540 (1997-04-01), Civanlar et al.
patent: 5633371 (1997-06-01), Yu
patent: 5671279 (1997-09-01), Elgamal
patent: 5673322 (1997-09-01), Pepe et al.
patent: 5734865 (1998-03-01), Yu
patent: 5864683 (1999-01-01), Boebart et al.
patent: 5870550 (1999-02-01), Wesinger, Jr. et al.
patent: 5878212 (1999-03-01), Civanlar et al.
patent: 5898830 (1999-04-01), Wesinger, Jr. et al.
patent: 5935245 (1999-08-01), Sherer

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Firewall providing enhanced network security and user transparen does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Firewall providing enhanced network security and user transparen, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Firewall providing enhanced network security and user transparen will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-2345565

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.