| Patent application number | Description | Published |
|---|
| 20080282313 | MULTI-PROFILE INTERFACE SPECIFIC NETWORK SECURITY POLICIES - Computer-readable medium having a data structure stored thereon for defining a schema for expressing a network security policy. The data structure includes a first data field including data defining a parameter to be applied based on the network security policy. The network security policy defines at least one of the following: a firewall rule and a connection security rule. The data structure also includes a second data field having data specifying restrictions of the parameter included in the first data field. The parameter in the first data field and the restrictions in the second data field form the schema for expressing the network security policy to be processed. The network security policy manages communications between a computing device and at least one other computing device. | 11-13-2008 |
| 20080282314 | Firewall with policy hints - A firewall helps a user make a decision regarding network access for an application executing on a computing device by providing “hints” to the user about an appropriate network access policy. If at least one previously set firewall policy for the application exists in a context different from a current context, the user may be presented with information based on a previously set firewall policy. The information may be prioritized based on a source of the previously set firewall policy and other factors, to provide the user with a hint that facilitates making the decision appropriate in the current context. A programming interface to the firewall allows third party applications to specify a format in which hints are provided to the user. | 11-13-2008 |
| 20080282335 | Software firewall control - A software firewall that may be simply configured using rules specified for types of network interfaces rather than individual network interfaces. The network types may be specified with type identifiers that have a readily understandable meaning to a user, facilitating ease of configuring the firewall. The network types could include, for example, wired, wireless and remote access. A rule specified based on a network type can be translated to firewall filters for network interfaces of that network type. The translation may be performed automatically and may be updated based on network location awareness information. | 11-13-2008 |
| 20080282336 | Firewall control with multiple profiles - A networked computer with a software firewall that may be configured for any of a number of network contexts may be quickly configured with an appropriate set of rules for a current network context. The computer has multiple profiles, each containing rules applicable to a different network context. When a change in network context is detected, a difference between the profile for the current context and the profile with which the firewall was previously configured is determined. These differences are applied to quickly reconfigure the firewall without blocking, even temporarily, communications that are allowed in the previously configured and current profiles. Additionally, when the networked computer is connected to multiple networks simultaneously, an appropriate profile may be selected. | 11-13-2008 |
| 20080289026 | Firewall installer - Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online. | 11-20-2008 |
| 20080289027 | Incorporating network connection security levels into firewall rules - Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts. | 11-20-2008 |
| 20090006847 | Filtering kernel-mode network communications - Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system. | 01-01-2009 |
| 20090007219 | Determining a merged security policy for a computer system - Embodiments of the invention described herein are directed to a mechanism for determining whether at least one operation will be effective in view of at least one security policy. In exemplary implementations, determining whether at least one operation will be effective in view of at least one security policy may comprise determining a merged security policy for a computer system by merging security policies for the computer system from two or more sources. The security policies may be security policies set by a user and/or an administrator of the computer system, may be security policies of a computer network to which the computer system is connected, or may be security policies of one or more other computer systems that are above the computer system in a computer network hierarchy. | 01-01-2009 |
| 20090007251 | Host firewall integration with edge traversal technology - A host firewall can determine and consider whether unsolicited traffic is inbound from beyond the edge of the network and allow or block such traffic based at least in part upon this characteristic. In one implementation, an edge traversal parameter can be set on a host firewall rule, which typically includes other parameters such as port, protocol, etc. If the unsolicited traffic received via an edge traversal interface matches a host firewall rule that has the edge traversal criterion, then the firewall does not block the traffic. On the other hand, if the unsolicited traffic received via an edge traversal interface fails to satisfy the edge traversal criterion on any firewall rule, then the firewall blocks the traffic. | 01-01-2009 |
| 20090063584 | Versioning management - Versioning management provides for efficient and effective handling of varying policy versions, client versions and client platform versions in one system. Software version negotiation provides for simplified, secure policy management in an environment supporting varying versions of the same software product. In conjunction with parameter stripping, which resolves differences among varying minor versions of a software policy, software version negotiation allows for management tools of one version to manage client software, clients and/or client platforms of another version. Policy schema translation, in conjunction with parameter stripping as needed, provides a mechanism for converting policies that normally would be impossible to interpret on varying clients and/or client platforms to policy versions that can be understood by these clients and/or client platforms. Version targeting allows an administrator to push a policy to specific clients and/or client platforms to, among other things, address identified security issues or to provide version specific application enablement or enhancement. Together, these various versioning management methodologies simplify administration of a system consisting of varying policy versions, client versions and/or client platform versions while enhancing the flexibility of the system to apply policy throughout the system or any portion thereof. | 03-05-2009 |
