Electrical computers and digital processing systems: multicomput – Network computer configuring – Reconfiguring
Reexamination Certificate
1997-12-24
2001-04-03
Follansbee, John A. (Department: 2154)
Electrical computers and digital processing systems: multicomput
Network computer configuring
Reconfiguring
C709S203000, C709S217000, C709S219000, C709S223000, C709S227000, C709S228000, C709S229000, C709S249000, C709S218000, C709S220000, C709S225000, C713S152000
Reexamination Certificate
active
06212558
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to configuring and managing network security devices. More specifically, the present invention relates to configuring of network firewalls and security devices at single administration points. Further the present invention relates to management of multi-platform firewalls using services such as VPN, Authentication Servers, etc.
Introduction
With the explosive growth of the Internet, computer users are now able to access many valuable sources of information, and, at the same time, users are now exposed to many new perils. Such perils include downloading of destructive computer viruses to sophisticated third-party, network attacks. In response to dangers lurking from “outside” computer networks, firewalls and other types of security devices have emerged as a preferred type of computer network security system.
As corporations and other organizations connect their networks to the public Internet, the risks of endangering information assets have risen dramatically. Not a day or a week passes without the popular press commenting on the latest episode of Internet-related fraud, information corruption, or other incidents that dramatically underscore the darker side of the communications revolution. Computer and communications security, a topic once the exclusive province of obscure firms catering mainly to the government defense, intelligence agencies, and to financial services companies, have become mainstream almost overnight.
The concern for network security has led to a need for more sophisticated security systems than most organizations have needed until now. At one time, these organizations were content with the security provided by their network operating systems, network directory services, routers, and gateways. However, these rudimentary systems are now no longer sufficient to resist the attacks of legions of determined Internet hackers, or from an organization's own employees.
Generally, a firewall is a security mechanism for controlling access between a private, trusted network and an untrusted outside network (which might be the public Internet or some other part of the corporate network within the intranet). Firewalls typically provide from one to three levels of security: packet filtering, circuit-level gateways, and application-level gateways. Firewalls are not all created alike for they often differ greatly in their architecture, the types platforms they run upon, their security capabilities, and their ability to support mixed protocol networks. For example, the mixed protocol network: TCP/IP is not, contrary to popular belief, the only network protocol still left standing—millions of IPX clients still need to get secure access to the Internet without going through the dreaded “forklift upgrade” to a whole new protocol stack.
Mixed Protocol Networks
Rumors of the death of NetWare as a network platform are exaggerated. Although WindowsNT is gaining market share, there are in excess of three million NetWare servers (and 55 million NetWare clients) currently in use. Thus, mixed networks at both the protocol and operating system platform level will be around for years to come as well as the need to securely and seamlessly access the Internet and its rich information resources.
Current solutions for providing security in mixed protocol networks are quite limited in scope. For example, IP/IPX gateways provide Internet connectivity for IPX clients, but the security is very basic. Application security, for example, is generally based only on TCP ports numbers alone, although some products also support ICMP or UDP port-based filtering. Further, the security focus of these gateway products is typically on controlling outbound access, and not on dealing with the more serious problem of inbound network access. More importantly, these gateways do not appear to provide security for IP clients.
Other mixed protocol network solutions such as filtering bridges or packet-level filtering by routers are partial solutions, and have major security limitations. Further, they typically do not support Internet services for IPX clients. IP firewalls (as long as they provide capabilities up to and including an application level gateway), provide some security for IP clients, but not for IPX clients and servers. Dual-protocol-stack clients can be implemented to get around the IP-only nature of the Internet and of IP firewalls, but this method is complex to implement and manage and is very difficult to administer.
The usefulness of firewalls has been limited, by their inability to work in hybrid network environments that employ multiple protocols and multiple platforms. What is needed are improved firewall configuration and management methods and apparatus for such hybrid network environments.
SUMMARY OF THE INVENTION
The present invention discloses methods and apparatus for configuring and managing firewalls.
According to one embodiment, a method for configuring a plurality of network security devices, includes the steps of providing a network directory services server providing network directory services to a plurality of network servers, each of the plurality of network servers coupled to one of the plurality of network security devices, and implementing a security policy for the plurality of network security devices on the network directory services server. The step of using the network directory services to provide configuration information for the plurality of network security devices, in response to the security policy is also disclosed.
According to another embodiment, a network of trusted network servers including a computer system for configuring security features in the network of trusted network servers is described, the computer system including a processor and a computer readable media. The computer readable media including software code that directs the processor to provide directory services to the network of trusted network servers and software code that directs the processor to receive security feature configuration data for the network of trusted network servers from a remote client. The computer readable media also includes software code that directs the processor to use the directory services to provide each of the network of trusted network servers with the security feature configuration data.
Further understanding of the nature and advantages of the invention may be realized by reference to the remaining portions of the specification, drawings, and attached documents
REFERENCES:
patent: 5577209 (1996-11-01), Boyle et al.
Antur Anand K.
Bisht Naveen S.
Puri Hemant
Sawhney Sanjay
Follansbee John A.
Townsend and Townsend / and Crew LLP
LandOfFree
Method and apparatus for configuring and managing firewalls... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for configuring and managing firewalls..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for configuring and managing firewalls... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2499333