Flexible network security system and method for permitting trusted process
First Claim
1. A network security system for permitting a trusted process using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:
- a port monitoring unit for extracting information about a server port being used through a network communication program;
an internal permitted program storage for extracting information about a program for which communication is permitted by the firewall, and registering the extracted information;
an internal permitted port storage, if the port monitoring unit extracts the information about the server port being used using the program registered in the internal permitted program storage, registering the extracted information about the server port; and
a device for making the firewall flexible, determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage, and if the destination port has not been registered, transmitting the corresponding packet to the firewall, and if the destination port has been registered, allowing the corresponding packet to bypass the firewall.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein is a flexible network security system and method for permitting a trusted process. The system includes a port monitoring unit for extracting information about a server port being used through a network communication program, an internal permitted program storage for extracting information about a program for which communication is permitted by the firewall, and registering the extracted information, an internal permitted by the firewall, and registering the extracted information, an internal permitted port storage, if the port monitoring unit extracts the information about the server port being used using the program registered in the internal permitted program storage, registering the extracted information about the server port; and a device for making the firewall flexible, determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage, and if the destination port has not been registered, transmitting the corresponding packet to the firewall, and if the destination port has been registered, allowing the corresponding packet to bypass the firewall.
17 Citations
10 Claims
-
1. A network security system for permitting a trusted process using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:
-
a port monitoring unit for extracting information about a server port being used through a network communication program;
an internal permitted program storage for extracting information about a program for which communication is permitted by the firewall, and registering the extracted information;
an internal permitted port storage, if the port monitoring unit extracts the information about the server port being used using the program registered in the internal permitted program storage, registering the extracted information about the server port; and
a device for making the firewall flexible, determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage, and if the destination port has not been registered, transmitting the corresponding packet to the firewall, and if the destination port has been registered, allowing the corresponding packet to bypass the firewall. - View Dependent Claims (2, 3)
-
-
4. A network security method of permitting a trusted process using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:
-
the first step of extracting information about a server port being used through a network communication program;
the second step of extracting information about a program for which communication is permitted by the firewall, and registering the extracted information in an internal permitted program storage;
the third step of, if information about the server port being used is extracted using the program registered in the internal permitted program storage at the first step, registering the information about the extracted server port in internal permitted port storage;
the fourth step of determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage;
the fifth step of, if, as a result of the determination at the fourth step, the destination port has not been registered, transmitting the packet of inbound traffic to the firewall; and
the sixth step of, if, as a result of the determination at the fourth step, the destination port has been registered, allowing the corresponding packet to bypass the firewall. - View Dependent Claims (8, 9)
-
-
5. (canceled)
-
6. (canceled)
-
7. (canceled)
-
10. A computer-readable recording medium for performing a network security method using a firewall, the medium storing a program for executing the method, the method comprising:
-
the first step of extracting information about a server port being used through a network communication program;
the second step of extracting information about a program for which communication is permitted by the firewall, and registering the extracted information in an internal permitted program storage;
the third step of, if information about the server port being used is extracted using the program registered in the internal permitted program storage at the first step, registering the information about the extracted server port in an internal permitted port storage;
the fourth step of determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage;
the fifth step of, if, as a result of the determination at the fourth step, the destination port has not been registered, transmitting the packet of inbound traffic to the firewall; and
the sixth step of, if, as a result of the determination at the fourth step, the destination port has been registered, allowing the corresponding packet to bypass the firewall.
-
Specification