Flexible network security system and method for permitting trusted process
DC CAFCFirst Claim
1. A network security system controlling inbound traffic by using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:
- a port monitoring unit extracting information about a server port, wherein the server port is designated as a port of a network communication program;
an internal permitted program storage storing a list of programs permitted by the firewall, wherein the internal permitted program storage adds a program to the list by extracting information about the program for which communication is to be permitted by the firewall; and
a firewall flexible device determining whether the network communication program is registered in the list of programs stored in the internal permitted program storage;
wherein the firewall flexible device automatically stores the extracted information about the server port in an internal permitted port storage if the network communication program is registered in the list of programs stored in the internal permitted program storage; and
wherein the firewall flexible device further determines whether a port of a packet of inbound traffic matches with the server port and blocks the packet of inbound traffic if the port does not match with the server port.
2 Assignments
Litigations
2 Petitions
Accused Products
Abstract
A flexible network security system and method is provided for permitting a trusted process. The system includes a port monitoring unit for extracting information about a server port being used through a network communication program, an internal permitted program storage for extracting information about a program for which communication is permitted by the firewall and registering the extracted information, an internal permitted port storage registering the extracted information if the network communication program is registered in the internal permitted program storage; and a device for making the firewall flexible, determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage, and if the destination port has not been registered, transmitting the corresponding packet to the firewall, and if the destination port has been registered, allowing the corresponding packet to bypass the firewall.
10 Citations
25 Claims
-
1. A network security system controlling inbound traffic by using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:
-
a port monitoring unit extracting information about a server port, wherein the server port is designated as a port of a network communication program; an internal permitted program storage storing a list of programs permitted by the firewall, wherein the internal permitted program storage adds a program to the list by extracting information about the program for which communication is to be permitted by the firewall; and a firewall flexible device determining whether the network communication program is registered in the list of programs stored in the internal permitted program storage; wherein the firewall flexible device automatically stores the extracted information about the server port in an internal permitted port storage if the network communication program is registered in the list of programs stored in the internal permitted program storage; and wherein the firewall flexible device further determines whether a port of a packet of inbound traffic matches with the server port and blocks the packet of inbound traffic if the port does not match with the server port. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A network security method controlling inbound traffic by using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:
- storing in an internal permitted program storage a list of programs permitted by the firewall;
adding a network communication program to the list of programs by extracting information about the network communication program for which communication is to be permitted by the firewall;
extracting information about a server port, wherein the server port is designated as a port of the network communication program;
automatically storing, by the firewall, the extracted information about the server port in an internal permitted port storage if the network communication program is registered in the list of programs stored in the internal permitted program storage;
determining whether the network communication program is registered in the list of programs stored in the internal permitted program storage;
determining whether a port of a packet of inbound traffic matches with the server port; and
blocking the packet of inbound traffic if the port does not match with the server port. - View Dependent Claims (8, 9, 10, 11, 12)
- storing in an internal permitted program storage a list of programs permitted by the firewall;
-
13. A computer recordable device storing a program for performing a network security method which, when executed by one or more processors, causes the one or more processors to control inbound traffic the method comprising:
- storing in an internal permitted program storage a list of programs permitted by a firewall;
adding a network communication program to the list of programs by extracting information about the network communication program for which communication is to be permitted by the firewall;
extracting information about a server port, wherein the server port is designated as a port of the network communication program;
automatically storing, by the firewall, the extracted information about the server port in an internal permitted port storage if the network communication program is registered in the list of programs stored in the internal permitted program storage;
determining whether the network communication program is registered in the list of programs stored in the internal permitted program storage;
determining whether a port of a packet of inbound traffic matches with the server port; and
blocking the packet of inbound traffic if the port does not match with the server port. - View Dependent Claims (14, 15)
- storing in an internal permitted program storage a list of programs permitted by a firewall;
-
16. A network security system controlling inbound traffic by using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:
-
a port monitoring unit extracting information about a server port, wherein the server port is designated as a port of a network communication program; an internal permitted program storage storing a list of programs permitted by the firewall, wherein the internal permitted program storage adds a program to the list by extracting information about the program for which communication is to be permitted by the firewall; and a firewall flexible device determining whether the server port is opened or closed and whether the network communication program is registered in the list of programs stored in the internal permitted program storage; wherein the firewall flexible device automatically stores the extracted information about the server port in an internal permitted port storage if the server port is opened and the network communication program is registered in the list of programs stored in the internal permitted program storage; wherein the firewall flexible device determines whether a port of a packet of inbound traffic matches with the server port and blocks the packet of inbound traffic if the port does not match with the server port. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A network security method controlling inbound traffic by using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:
- storing in an internal permitted program storage a list of programs permitted by the firewall;
adding a network communication program to the list of programs by extracting information about the network communication program for which communication is to be permitted by the firewall;
extracting information about a server port, wherein the server port is designated as a port of the network communication program;
determining whether the network communication program is registered in the list of programs stored in the internal permitted program storage and whether the server port is opened or closed;
automatically storing, by the firewall, the extracted information about the server port in an internal permitted port storage if the network communication program is registered in the list of programs stored in the internal permitted program storage and the server port is opened;
determining whether a port of a packet of inbound traffic matches with the server port; and
blocking the packet of inbound traffic if the port does not match with the server port. - View Dependent Claims (22, 23, 24, 25)
- storing in an internal permitted program storage a list of programs permitted by the firewall;
Specification