Firewall security method and apparatus
Abstract
A technique for the delivering a client-based firewall. A firewall security device is configured for connecting to individual clients, e.g., personal computers, for providing firewall security measures directly to the client. The firewall security device is configured as a electronic dongle which is attached to an external communications port of the client, e.g., the parallel communications port. The incoming communications stream to the client from, e.g., public networks, is passed through the firewall security device. In this way, the firewall security device applies and delivers a set of standard network security measures thereby protecting the client from security breaches triggered by the communications stream received from the public network. Advantageously, the firewall is delivered directly by the client without intervention, use, or connection to a separate firewall server.
Claims
exact text as granted — not AI-modifiedWe claim:
1. A computer security apparatus comprising:
a memory for storing a plurality of security routines, the plurality of security routines defining at least one security requirement;
a connector for connecting the computer security apparatus to a user terminal; and
a processor for applying at least one security routine to a communications stream of the user terminal, at least a portion of the communications stream being transmitted through the computer security apparatus.
2. The computer security apparatus of claim 1 wherein the communications stream is received by the user terminal from a public network.
3. The computer security apparatus of claim 2 wherein the connector is connected to a communications port of the user terminal.
4. The computer security apparatus of claim 2 further comprising:
a buffer for storing the communications stream received from the public network.
5. A firewall security device comprising:
a memory for storing a plurality of firewall security routines, the plurality of firewall security routines defining at least one security requirement;
a connector for connecting the firewall security device to a user terminal; and
a processor for applying at least one firewall security routine to a plurality of packets transmitted through the firewall security device and determining whether particular ones of the plurality of packets are in compliance with the at least one security requirement.
6. The firewall security device of claim 5 wherein the connecting the firewall security device to the user terminal is made through a parallel communications port of the user terminal.
7. The firewall security device of claim 6 wherein the memory further comprises a plurality of cryptography routines for use in the determining whether the particular ones of the plurality of packets are in compliance with the at least one security requirement.
8. A firewall security device for use with a computer having a communications port, the firewall security device comprising:
a memory for storing a firewall security application program, the firewall security application program containing a plurality of firewall security routines which define at least one level of security;
a connector for connecting the firewall security device to the communications port of the computer; and
a processor for executing the firewall security application program and determining whether a plurality of packets transmitted to the computer from a public network are in compliance with the level of security, the plurality of packets being transmitted through the firewall security device prior to any further processing by the computer.
9. The firewall security device of claim 8 further comprising a communications buffer for storing the plurality of packets and blocking particular ones of the plurality of packets, determined by the processor to be not in compliance with the level of security, from further processing by the computer.
10. The firewall security device of claim 8 wherein the communications port is a parallel communications port.
11. The firewall security device of claim 9 wherein the level of security is determined as a function of a private network configuration in which the computer is connected.
12. A dongle for providing a client-based firewall, the dongle comprising:
a memory for storing a plurality of firewall security routines, the plurality of firewall security routines defining at least one security level;
a connector for connecting the dongle to a client computer; and
a processor for applying at least one firewall security routine to a plurality of packets transmitted through the dongle and determining whether particular ones of the plurality of packets are in compliance with the at least one security level.
13. The dongle of claim 12 wherein the particular ones of the plurality of packets determined to be in compliance with the at least one security level are transmitted to the client computer for further processing.
14. The dongle of claim 13 wherein the plurality of packets are transmitted to the dongle upon receipt by the client computer.
15. A client-based firewall system comprising:
a computer having at least one communications port;
a firewall security dongle connected to the at least one communications port, the firewall security dongle including:
a memory for storing a plurality of firewall security routines, the plurality of firewall security routines defining at least one security level;
a processor for applying at least one firewall security routine to a data communications stream transmitted through the firewall security dongle and determining whether the data communications stream complies with the security level.
16. The client-based firewall system of claim 15 wherein the data communications stream includes a plurality of TCP/IP packets.
17. The client-based firewall system of claim 15 wherein the firewall security dongle blocks particular ones of the packets not complying with the security level.
18. The client-based firewall system of claim 16 wherein the level of security is determined as a function of a private network configuration in which the computer is connected.
19. A method for providing a client-based firewall, the method comprising:
receiving, in a firewall security dongle, a transmission of a communications stream, the firewall security dongle including a plurality of network security routines and being connected to a communications port of a particular client computer of a plurality of client computers in a private network;
applying at least one network security routine to the communications stream; and
determining whether the communications stream complies with a level of security defined by the at least one network security routine.
20. The method of claim 19 further comprising the steps of:
continuing the transmission of the communications stream from the firewall security dongle to the client computer if the communications stream complies with the level of security, otherwise, blocking the transmission of the communications stream from further processing by the client computer.
21. The method of claim 20 wherein the blocking the transmission of the communications stream further includes the step of generating a security alert.
22. The method of claim 20 wherein the transmission of the communications stream includes a plurality of packets transmitted from a public network to the private network.
23. The method of claim 22 wherein the level of security is determined as a function of a configuration of the private network.
24. A computer network security method, the method comprising the steps of:
connecting a security device to at least one computer of a plurality of computers being interconnected within a private network, the security device including at least one set of security routines which define at least one network security level;
transmitting a plurality of packets received by the at least one computer through the security device connected thereto; and
determining if the plurality of packets transmitted through the security device comply with the network security level.
25. The method of claim 24 further comprising the step of:
blocking a further transmission of the plurality packets by the computer if the determining step found that any packet of the plurality of packets did not comply with the network security level.
26. The method of claim 25 wherein the plurality of packets received by the computer are from a public network.
27. The method of claim 26 wherein the plurality of packets from the public network were transmitted as a function of a request from the private network for accessing a particular resource within the public network.
28. The method of claim 26 including the further step of:
updating the set of security routines from a central source.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.