Patent
1996-06-17
1998-11-10
Asta, Frank J.
39518701, 395186, 39520077, G06F 1336, G06F 15401
Patent
active
058357262
ABSTRACT:
The present invention discloses a novel system for controlling the inbound and outbound data packet flow in a computer network. By controlling the packet flow in a computer network, private networks can be secured from outside attacks in addition to controlling the flow of packets from within the private network to the outside world. A user generates a rule base which is then converted into a set of filter language instruction. Each rule in the rule base includes a source, destination, service, whether to accept or reject the packet and whether to log the event. The set of filter language instructions are installed and execute on inspection engines which are placed on computers acting as firewalls. The firewalls are positioned in the computer network such that all traffic to and from the network to be protected is forced to pass through the firewall. Thus, packets are filtered as they flow into and out of the network in accordance with the rules comprising the rule base. The inspection engine acts as a virtual packet filtering machine which determines on a packet by packet basis whether to reject or accept a packet. If a packet is rejected, it is dropped. If it is accepted, the packet may then be modified. Modification may include encryption, decryption, signature generation, signature verification or address translation. All modifications are performed in accordance with the contents of the rule base. The present invention provides additional security to a computer network by encrypting communications between two firewalls between a client and a firewall. This permits the use of insecure public networks in constructing a WAN that includes both private and public network segments, thus forming a virtual private network.
REFERENCES:
patent: 4315315 (1982-02-01), Kossiakoff
patent: 4736320 (1988-04-01), Bristol
patent: 5241599 (1993-08-01), Bellovin et al.
patent: 5247693 (1993-09-01), Bristol
patent: 5329623 (1994-07-01), Smith et al.
patent: 5442708 (1995-08-01), Adams, Jr. et al.
patent: 5444782 (1995-08-01), Adams, Jr. et al.
patent: 5473607 (1995-12-01), Hausman et al.
patent: 5485455 (1996-01-01), Dobbins et al.
patent: 5515376 (1996-05-01), Murthy et al.
patent: 5555346 (1996-09-01), Gross et al.
patent: 5606668 (1997-02-01), Shwed
Ranum M.J. "A Network Firewall" Digital Equipment Corp.
Chapman, D.D. "Network (in) Security . . . " Proceedings of the 3 UNSENIX UNIX Security Symposium; Baltimore, MD, Sep. 1992.
Safford, D.R. et al. "The TAMU Security Package . . . " Unix Security Symposium IV, Oct. 4-6, 1993.
Cheswick, B. "The Design of a Secure Internet . . . " AT&T Bell Laboratory, Jun. 1990.
Schauer, H. "An Internet Gate Keeper", Herve Schauer Consultants.
Ben-Reuven Ehud
Dogon Gil
Kramer Shlomo
Shwed Gil
Zuk Nir
Asta Frank J.
Check Point Software Technologies Ltd.
Patru Daniel
LandOfFree
System for securing the flow of and selectively modifying packet does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System for securing the flow of and selectively modifying packet, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System for securing the flow of and selectively modifying packet will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1526768