-
公开(公告)号:US08370919B2
公开(公告)日:2013-02-05
申请号:US11821839
申请日:2007-06-26
申请人: David Abzarian , Michael R. Surkan , Salahuddin C. J. Khan , Amit A. Sehgal , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar
发明人: David Abzarian , Michael R. Surkan , Salahuddin C. J. Khan , Amit A. Sehgal , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar
IPC分类号: H04L29/06
CPC分类号: H04L63/029
摘要: A host firewall can determine and consider whether unsolicited traffic is inbound from beyond the edge of the network and allow or block such traffic based at least in part upon this characteristic. In one implementation, an edge traversal parameter can be set on a host firewall rule, which typically includes other parameters such as port, protocol, etc. If the unsolicited traffic received via an edge traversal interface matches a host firewall rule that has the edge traversal criterion, then the firewall does not block the traffic. On the other hand, if the unsolicited traffic received via an edge traversal interface fails to satisfy the edge traversal criterion on any firewall rule, then the firewall blocks the traffic.
-
公开(公告)号:US20090007251A1
公开(公告)日:2009-01-01
申请号:US11821839
申请日:2007-06-26
申请人: David Abzarian , Michael R. Surkan , Salahuddin C.J. Khan , Amit A. Sehgal , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar
发明人: David Abzarian , Michael R. Surkan , Salahuddin C.J. Khan , Amit A. Sehgal , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar
IPC分类号: G06F9/00
CPC分类号: H04L63/029
摘要: A host firewall can determine and consider whether unsolicited traffic is inbound from beyond the edge of the network and allow or block such traffic based at least in part upon this characteristic. In one implementation, an edge traversal parameter can be set on a host firewall rule, which typically includes other parameters such as port, protocol, etc. If the unsolicited traffic received via an edge traversal interface matches a host firewall rule that has the edge traversal criterion, then the firewall does not block the traffic. On the other hand, if the unsolicited traffic received via an edge traversal interface fails to satisfy the edge traversal criterion on any firewall rule, then the firewall blocks the traffic.
摘要翻译: 主机防火墙可以确定并考虑来自网络边缘的未经请求的流量是否入站,并且至少部分地基于该特性来允许或阻止该流量。 在一个实现中,可以在主机防火墙规则上设置边缘遍历参数,主机防火墙规则通常包括诸如端口,协议等的其他参数。如果通过边缘遍历接口接收的未经请求的流量与具有边缘遍历的主机防火墙规则匹配 标准,那么防火墙不会阻塞流量。 另一方面,如果通过边缘遍历接口接收的未经请求的流量无法满足任何防火墙规则的边缘遍历标准,则防火墙会阻塞流量。
-
公开(公告)号:US07707294B2
公开(公告)日:2010-04-27
申请号:US11823029
申请日:2007-06-26
IPC分类号: G06F15/16 , G06F15/177 , G06F15/173
CPC分类号: H04L63/029 , H04L69/16
摘要: A system maintains a dormant state in the host, in which no beacons (or “bubbles”) are transmitted from the host when no application or service (collectively, “processes”) of the host is accepting unsolicited traffic via the edge traversal service. When at least one application or service begins to accept unsolicited traffic via the edge traversal service, the host enters a qualified state and begins transmitting the beacons. As each additional application or service begins to accept such traffic, the number of accepting applications and services is maintained. As applications and services terminate acceptance of such traffic, the number of accepting applications and services is decremented. When the last application or service terminates acceptance of unsolicited traffic via the edge traversal service, the host re-enters the dormant state and ceases transmission of its beacons.
摘要翻译: 当主机的应用程序或服务(统称为“进程”)通过边缘遍历服务接受未经请求的流量时,系统将在主机中维护休眠状态,在主机中不发送信标(或“气泡”)。 当至少一个应用程序或服务通过边缘遍历服务开始接受未经请求的流量时,主机进入合格状态并开始发送信标。 随着每个附加应用程序或服务开始接受这种流量,维护接受的应用程序和服务的数量。 随着应用程序和服务终止这种流量的接受,接受申请和服务的数量减少了。 当最后一个应用程序或服务通过边缘遍历服务终止接受未经请求的流量时,主机重新进入休眠状态并停止其信标的传输。
-
公开(公告)号:US08838807B2
公开(公告)日:2014-09-16
申请号:US13211009
申请日:2011-08-16
CPC分类号: H04L63/029 , H04L69/16
摘要: A system maintains a dormant state in the host, in which no beacons (or “bubbles”) are transmitted from the host when no application or service (collectively, “processes”) of the host is accepting unsolicited traffic via the edge traversal service. When at least one application or service begins to accept unsolicited traffic via the edge traversal service, the host enters a qualified state and begins transmitting the beacons. As each additional application or service begins to accept such traffic, the number of accepting applications and services is maintained. As applications and services terminate acceptance of such traffic, the number of accepting applications and services is decremented. When the last application or service terminates acceptance of unsolicited traffic via the edge traversal service, the host re-enters the dormant state and ceases transmission of its beacons.
摘要翻译: 当主机的应用程序或服务(统称为“进程”)通过边缘遍历服务接受未经请求的流量时,系统将在主机中维护休眠状态,在主机中不发送信标(或“气泡”)。 当至少一个应用程序或服务通过边缘遍历服务开始接受未经请求的流量时,主机进入合格状态并开始发送信标。 随着每个附加应用程序或服务开始接受这种流量,维护接受的应用程序和服务的数量。 随着应用程序和服务终止这种流量的接受,接受申请和服务的数量减少了。 当最后一个应用程序或服务通过边缘遍历服务终止接受未经请求的流量时,主机重新进入休眠状态并停止其信标的传输。
-
公开(公告)号:US08028076B2
公开(公告)日:2011-09-27
申请号:US12632110
申请日:2009-12-07
IPC分类号: G06F15/16
CPC分类号: H04L63/029 , H04L69/16
摘要: A system maintains a dormant state in the host, in which no beacons (or “bubbles”) are transmitted from the host when no application or service (collectively, “processes”) of the host is accepting unsolicited traffic via the edge traversal service. When at least one application or service begins to accept unsolicited traffic via the edge traversal service, the host enters a qualified state and begins transmitting the beacons. As each additional application or service begins to accept such traffic, the number of accepting applications and services is maintained. As applications and services terminate acceptance of such traffic, the number of accepting applications and services is decremented. When the last application or service terminates acceptance of unsolicited traffic via the edge traversal service, the host re-enters the dormant state and ceases transmission of its beacons.
摘要翻译: 当主机的应用程序或服务(统称为“进程”)通过边缘遍历服务接受未经请求的流量时,系统将在主机中维护休眠状态,在主机中不发送信标(或“气泡”)。 当至少一个应用程序或服务通过边缘遍历服务开始接受未经请求的流量时,主机进入合格状态并开始发送信标。 随着每个附加应用程序或服务开始接受这种流量,维护接受的应用程序和服务的数量。 随着应用程序和服务终止这种流量的接受,接受申请和服务的数量减少了。 当最后一个应用程序或服务通过边缘遍历服务终止接受未经请求的流量时,主机重新进入休眠状态并停止其信标的传输。
-
公开(公告)号:US20090006595A1
公开(公告)日:2009-01-01
申请号:US11823029
申请日:2007-06-26
IPC分类号: G06F15/173
CPC分类号: H04L63/029 , H04L69/16
摘要: A system maintains a dormant state in the host, in which no beacons (or “bubbles”) are transmitted from the host when no application or service (collectively, “processes”) of the host is accepting unsolicited traffic via the edge traversal service. When at least one application or service begins to accept unsolicited traffic via the edge traversal service, the host enters a qualified state and begins transmitting the beacons. As each additional application or service begins to accept such traffic, the number of accepting applications and services is maintained. As applications and services terminate acceptance of such traffic, the number of accepting applications and services is decremented. When the last application or service terminates acceptance of unsolicited traffic via the edge traversal service, the host re-enters the dormant state and ceases transmission of its beacons.
摘要翻译: 当主机的应用程序或服务(统称为“进程”)通过边缘遍历服务接受未经请求的流量时,系统将在主机中维护休眠状态,在主机中不发送信标(或“气泡”)。 当至少一个应用程序或服务通过边缘遍历服务开始接受未经请求的流量时,主机进入合格状态并开始发送信标。 随着每个附加应用程序或服务开始接受这种流量,维护接受的应用程序和服务的数量。 随着应用程序和服务终止这种流量的接受,接受申请和服务的数量减少了。 当最后一个应用程序或服务通过边缘遍历服务终止接受未经请求的流量时,主机重新进入休眠状态并停止其信标的传输。
-
公开(公告)号:US08266685B2
公开(公告)日:2012-09-11
申请号:US11804409
申请日:2007-05-18
IPC分类号: H04L29/06
CPC分类号: H04L63/0263 , G06F8/61 , G06F9/44505 , G06F21/57 , H04L41/0806 , H04L41/082
摘要: Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online.
摘要翻译: 本发明的实施例涉及一种防火墙安装程序,其接收一组配置指令,用于以说明性格式配置防火墙,该声明性格式描述要由防火墙实现的一个或多个规则,并且自动配置防火墙。 提供能够基于声明性输入而不是过程性过程导向输入配置防火墙的防火墙安装程序,通过允许管理员以更高的声明级别指定所需的防火墙配置,从而有助于管理防火墙,并释放管理员不需要 指定在防火墙中实现配置更改的过程。 在本发明的一个实施例中,防火墙安装者可以接收和存储用于配置防火墙的输入,即使在防火墙未运行时,防火墙安装者也可以接收和存储用于配置防火墙的输入,使得防火墙在下一次联机时对这些配置更改执行。
-
公开(公告)号:US20080289026A1
公开(公告)日:2008-11-20
申请号:US11804409
申请日:2007-05-18
IPC分类号: G06F15/16
CPC分类号: H04L63/0263 , G06F8/61 , G06F9/44505 , G06F21/57 , H04L41/0806 , H04L41/082
摘要: Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online.
摘要翻译: 本发明的实施例涉及一种防火墙安装程序,其接收一组配置指令,用于以说明性格式配置防火墙,该声明性格式描述要由防火墙实现的一个或多个规则,并且自动配置防火墙。 提供能够基于声明性输入而不是过程性过程导向输入配置防火墙的防火墙安装程序,通过允许管理员以更高的声明级别指定所需的防火墙配置,从而有助于管理防火墙,并释放管理员不需要 指定在防火墙中实现配置更改的过程。 在本发明的一个实施例中,防火墙安装者可以接收和存储用于配置防火墙的输入,即使在防火墙未运行时,防火墙安装者也可以接收和存储用于配置防火墙的输入,使得防火墙在下一次联机时对这些配置更改执行。
-
公开(公告)号:US08201234B2
公开(公告)日:2012-06-12
申请号:US11746478
申请日:2007-05-09
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , H04L63/0428 , H04L63/08
摘要: Computer-readable medium having a data structure stored thereon for defining a schema for expressing a network security policy. The data structure includes a first data field including data defining a parameter to be applied based on the network security policy. The network security policy defines at least one of the following: a firewall rule and a connection security rule. The data structure also includes a second data field having data specifying restrictions of the parameter included in the first data field. The parameter in the first data field and the restrictions in the second data field form the schema for expressing the network security policy to be processed. The network security policy manages communications between a computing device and at least one other computing device.
摘要翻译: 计算机可读介质,其上存储有用于定义表示网络安全策略的模式的数据结构。 数据结构包括第一数据字段,包括基于网络安全策略定义要应用的参数的数据。 网络安全策略定义以下至少一个:防火墙规则和连接安全规则。 数据结构还包括具有指定包含在第一数据字段中的参数的限制的数据的第二数据字段。 第一数据字段中的参数和第二数据字段中的限制形成用于表示要处理的网络安全策略的模式。 网络安全策略管理计算设备与至少一个其他计算设备之间的通信。
-
公开(公告)号:US08099774B2
公开(公告)日:2012-01-17
申请号:US11589513
申请日:2006-10-30
申请人: David Abzarian , Gerardo Diaz Cuellar , Eran Yariv
发明人: David Abzarian , Gerardo Diaz Cuellar , Eran Yariv
CPC分类号: H04L63/0263
摘要: The dynamic updating of firewall parameters is described. One exemplary embodiment includes receiving a policy rule that includes a reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, receiving a firewall parameter value, and populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range, thereby updating the policy rule.
摘要翻译: 描述了防火墙参数的动态更新。 一个示例性实施例包括接收包括对预定义容器的引用的策略规则,其指定策略规则允许的至少一个防火墙参数的允许值范围,接收防火墙参数值,以及使用防火墙参数值填充预定义容器 如果防火墙参数值在允许的值范围内,则更新策略规则。
-
-
-
-
-
-
-
-
-
搜索结果
82 条记录 (耗时 0.061 秒)
