专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08099774B2 Dynamic updating of firewall parameters 有权
标题翻译：动态更新防火墙参数
公开(公告)号：US08099774B2
公开(公告)日：2012-01-17
申请号：US11589513
申请日：2006-10-30
申请人： David Abzarian , Gerardo Diaz Cuellar , Eran Yariv
发明人： David Abzarian , Gerardo Diaz Cuellar , Eran Yariv
IPC分类号： G06F9/00 , H04L29/06
CPC分类号： H04L63/0263
摘要： The dynamic updating of firewall parameters is described. One exemplary embodiment includes receiving a policy rule that includes a reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, receiving a firewall parameter value, and populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range, thereby updating the policy rule.
摘要翻译：描述了防火墙参数的动态更新。一个示例性实施例包括接收包括对预定义容器的引用的策略规则，其指定策略规则允许的至少一个防火墙参数的允许值范围，接收防火墙参数值，以及使用防火墙参数值填充预定义容器如果防火墙参数值在允许的值范围内，则更新策略规则。

2. 发明申请

US20090006847A1 Filtering kernel-mode network communications 有权
标题翻译：过滤内核模式网络通信
公开(公告)号：US20090006847A1
公开(公告)日：2009-01-01
申请号：US11823861
申请日：2007-06-28
申请人： David Abzarian , Salahuddin Khan , Eran Yariv , Gerardo Diaz Cuellar
发明人： David Abzarian , Salahuddin Khan , Eran Yariv , Gerardo Diaz Cuellar
IPC分类号： H04L9/00 , G06F17/00 , G06F21/00
CPC分类号： H04L63/10 , G06F21/74 , H04L63/02 , H04L63/0227 , H04L63/0263 , H04L63/04 , H04L63/0428 , H04L63/20
摘要： Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system.
摘要翻译：本发明的一些实施例涉及用于确定计算机系统上正在发送或接收数据或正试图与另一计算机系统发送或接收数据的过程在内核模式或用户模式下执行的技术，并提供指示符对安全引擎的这种决定。在一些实施例中，这样的指示被提供给至少部分地基于发送或接收进程是处于内核模式还是用户模式来实现安全策略的安全引擎（例如，防火墙），以及基于过程“操作模式。这使安全引擎能够保持更高特异性的安全策略，从而提高计算机系统的安全性。

3. 发明授权

US08266685B2 Firewall installer 有权
标题翻译：防火墙安装程序
公开(公告)号：US08266685B2
公开(公告)日：2012-09-11
申请号：US11804409
申请日：2007-05-18
申请人： David Abzarian , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar , Ian Carbaugh
发明人： David Abzarian , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar , Ian Carbaugh
IPC分类号： H04L29/06
CPC分类号： H04L63/0263 , G06F8/61 , G06F9/44505 , G06F21/57 , H04L41/0806 , H04L41/082
摘要： Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online.
摘要翻译：本发明的实施例涉及一种防火墙安装程序，其接收一组配置指令，用于以说明性格式配置防火墙，该声明性格式描述要由防火墙实现的一个或多个规则，并且自动配置防火墙。提供能够基于声明性输入而不是过程性过程导向输入配置防火墙的防火墙安装程序，通过允许管理员以更高的声明级别指定所需的防火墙配置，从而有助于管理防火墙，并释放管理员不需要指定在防火墙中实现配置更改的过程。在本发明的一个实施例中，防火墙安装者可以接收和存储用于配置防火墙的输入，即使在防火墙未运行时，防火墙安装者也可以接收和存储用于配置防火墙的输入，使得防火墙在下一次联机时对这些配置更改执行。

4. 发明申请

US20090007219A1 Determining a merged security policy for a computer system 有权
标题翻译：确定计算机系统的合并安全策略
公开(公告)号：US20090007219A1
公开(公告)日：2009-01-01
申请号：US11823837
申请日：2007-06-28
申请人： David Abzarian , Gerardo Diaz Cuellar , Mark Vayman , Eran Yariv
发明人： David Abzarian , Gerardo Diaz Cuellar , Mark Vayman , Eran Yariv
IPC分类号： G06F17/00
CPC分类号： H04L63/20 , G06F21/577 , H04L63/0263
摘要： Embodiments of the invention described herein are directed to a mechanism for determining whether at least one operation will be effective in view of at least one security policy. In exemplary implementations, determining whether at least one operation will be effective in view of at least one security policy may comprise determining a merged security policy for a computer system by merging security policies for the computer system from two or more sources. The security policies may be security policies set by a user and/or an administrator of the computer system, may be security policies of a computer network to which the computer system is connected, or may be security policies of one or more other computer systems that are above the computer system in a computer network hierarchy.
摘要翻译：本文描述的本发明的实施例涉及用于根据至少一个安全策略来确定至少一个操作是否有效的机制。在示例性实现中，鉴于至少一个安全策略确定至少一个操作是否有效可以包括通过从两个或更多个源合并计算机系统的安全策略来确定计算机系统的合并安全策略。安全策略可以是由用户和/或计算机系统的管理员设置的安全策略，可以是计算机系统连接到的计算机网络的安全策略，或者可以是一个或多个其他计算机系统的安全策略，在计算机网络层次结构中的计算机系统之上。

5. 发明授权

US08341723B2 Filtering kernel-mode network communications 有权
标题翻译：过滤内核模式网络通信
公开(公告)号：US08341723B2
公开(公告)日：2012-12-25
申请号：US11823861
申请日：2007-06-28
申请人： David Abzarian , Salahuddin Khan , Eran Yariv , Gerardo Diaz Cuellar
发明人： David Abzarian , Salahuddin Khan , Eran Yariv , Gerardo Diaz Cuellar
IPC分类号： H04L29/06
CPC分类号： H04L63/10 , G06F21/74 , H04L63/02 , H04L63/0227 , H04L63/0263 , H04L63/04 , H04L63/0428 , H04L63/20
摘要： Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system.
摘要翻译：本发明的一些实施例涉及用于确定计算机系统上正在发送或接收数据或正试图与另一计算机系统发送或接收数据的过程在内核模式或用户模式下执行的技术，并提供指示符对安全引擎的这种决定。在一些实施例中，这样的指示被提供给至少部分地基于发送或接收进程是处于内核模式还是用户模式来实现安全策略的安全引擎（例如，防火墙），以及基于过程“操作模式。这使安全引擎能够保持更高特异性的安全策略，从而提高计算机系统的安全性。

6. 发明授权

US08166534B2 Incorporating network connection security levels into firewall rules 有权
标题翻译：将网络连接安全级别纳入防火墙规则
公开(公告)号：US08166534B2
公开(公告)日：2012-04-24
申请号：US11804423
申请日：2007-05-18
申请人： Eran Yariv , Gerardo Diaz Cuellar , David Abzarian
发明人： Eran Yariv , Gerardo Diaz Cuellar , David Abzarian
IPC分类号： H04L29/06
CPC分类号： H04L63/0227 , H04L63/126
摘要： Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts.
摘要翻译：本发明的实施例涉及建立和/或实施防火墙规则，其可以基于用于设备之间的连接的连接安全级别来采用参数。因此，防火墙可以提供更大的安全性粒度，并与其他安全方法更紧密地集成，以更少的冲突提供更好的整体安全性。

7. 发明授权

US08443433B2 Determining a merged security policy for a computer system 有权
公开(公告)号：US08443433B2
公开(公告)日：2013-05-14
申请号：US11823837
申请日：2007-06-28
申请人： David Abzarian , Gerardo Diaz Cuellar , Mark Vayman , Eran Yariv
发明人： David Abzarian , Gerardo Diaz Cuellar , Mark Vayman , Eran Yariv
IPC分类号： H04L29/06
CPC分类号： H04L63/20 , G06F21/577 , H04L63/0263
摘要： Embodiments of the invention described herein are directed to a mechanism for determining whether at least one operation will be effective in view of at least one security policy. In exemplary implementations, determining whether at least one operation will be effective in view of at least one security policy may comprise determining a merged security policy for a computer system by merging security policies for the computer system from two or more sources. The security policies may be security policies set by a user and/or an administrator of the computer system, may be security policies of a computer network to which the computer system is connected, or may be security policies of one or more other computer systems that are above the computer system in a computer network hierarchy.

8. 发明授权

US08370919B2 Host firewall integration with edge traversal technology 有权
公开(公告)号：US08370919B2
公开(公告)日：2013-02-05
申请号：US11821839
申请日：2007-06-26
申请人： David Abzarian , Michael R. Surkan , Salahuddin C. J. Khan , Amit A. Sehgal , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar
发明人： David Abzarian , Michael R. Surkan , Salahuddin C. J. Khan , Amit A. Sehgal , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar
IPC分类号： H04L29/06
CPC分类号： H04L63/029
摘要： A host firewall can determine and consider whether unsolicited traffic is inbound from beyond the edge of the network and allow or block such traffic based at least in part upon this characteristic. In one implementation, an edge traversal parameter can be set on a host firewall rule, which typically includes other parameters such as port, protocol, etc. If the unsolicited traffic received via an edge traversal interface matches a host firewall rule that has the edge traversal criterion, then the firewall does not block the traffic. On the other hand, if the unsolicited traffic received via an edge traversal interface fails to satisfy the edge traversal criterion on any firewall rule, then the firewall blocks the traffic.

9. 发明申请

US20090007251A1 Host firewall integration with edge traversal technology 有权
标题翻译：主机防火墙与边缘遍历技术集成
公开(公告)号：US20090007251A1
公开(公告)日：2009-01-01
申请号：US11821839
申请日：2007-06-26
申请人： David Abzarian , Michael R. Surkan , Salahuddin C.J. Khan , Amit A. Sehgal , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar
发明人： David Abzarian , Michael R. Surkan , Salahuddin C.J. Khan , Amit A. Sehgal , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar
IPC分类号： G06F9/00
CPC分类号： H04L63/029
摘要： A host firewall can determine and consider whether unsolicited traffic is inbound from beyond the edge of the network and allow or block such traffic based at least in part upon this characteristic. In one implementation, an edge traversal parameter can be set on a host firewall rule, which typically includes other parameters such as port, protocol, etc. If the unsolicited traffic received via an edge traversal interface matches a host firewall rule that has the edge traversal criterion, then the firewall does not block the traffic. On the other hand, if the unsolicited traffic received via an edge traversal interface fails to satisfy the edge traversal criterion on any firewall rule, then the firewall blocks the traffic.
摘要翻译：主机防火墙可以确定并考虑来自网络边缘的未经请求的流量是否入站，并且至少部分地基于该特性来允许或阻止该流量。在一个实现中，可以在主机防火墙规则上设置边缘遍历参数，主机防火墙规则通常包括诸如端口，协议等的其他参数。如果通过边缘遍历接口接收的未经请求的流量与具有边缘遍历的主机防火墙规则匹配标准，那么防火墙不会阻塞流量。另一方面，如果通过边缘遍历接口接收的未经请求的流量无法满足任何防火墙规则的边缘遍历标准，则防火墙会阻塞流量。

10. 发明申请

US20080289027A1 Incorporating network connection security levels into firewall rules 有权
标题翻译：将网络连接安全级别纳入防火墙规则
公开(公告)号：US20080289027A1
公开(公告)日：2008-11-20
申请号：US11804423
申请日：2007-05-18
申请人： Eran Yariv , Gerardo Diaz Cuellar , David Abzarian
发明人： Eran Yariv , Gerardo Diaz Cuellar , David Abzarian
IPC分类号： G06F15/16
CPC分类号： H04L63/0227 , H04L63/126
摘要： Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts.
摘要翻译：本发明的实施例涉及建立和/或实施防火墙规则，其可以基于用于设备之间的连接的连接安全级别来采用参数。因此，防火墙可以提供更大的安全性粒度，并与其他安全方法更紧密地集成，以更少的冲突提供更好的整体安全性。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式