CA2226814A1 - System and method for providing peer level access control on a network - Google Patents

System and method for providing peer level access control on a network

Info

Publication number
CA2226814A1
CA2226814A1 CA002226814A CA2226814A CA2226814A1 CA 2226814 A1 CA2226814 A1 CA 2226814A1 CA 002226814 A CA002226814 A CA 002226814A CA 2226814 A CA2226814 A CA 2226814A CA 2226814 A1 CA2226814 A1 CA 2226814A1
Authority
CA
Canada
Prior art keywords
peer
tuple
rule
access control
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002226814A
Other languages
French (fr)
Other versions
CA2226814C (en
Inventor
Partha P. Dutta
Daniel N. Zenchelsky
Thomas B. London
Dalibor F. Vrsalovic
Karl A. Siil
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AT&T Corp
Original Assignee
At&T Corp.
Partha P. Dutta
Daniel N. Zenchelsky
Thomas B. London
Dalibor F. Vrsalovic
Karl A. Siil
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by At&T Corp., Partha P. Dutta, Daniel N. Zenchelsky, Thomas B. London, Dalibor F. Vrsalovic, Karl A. Siil filed Critical At&T Corp.
Publication of CA2226814A1 publication Critical patent/CA2226814A1/en
Application granted granted Critical
Publication of CA2226814C publication Critical patent/CA2226814C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

A system and method for providing peer-level access control on networks that carry packets of information, each packet having a 5-tuple having a source and destination address, a source and destination port, and a protocol identifier. The local rule base of a peer is dynamically loaded into a filter when the peer is authenticated, and ejected when the peer is loses authentication. The local rule base is efficiently searched through the use of hash tables wherein a hashed peer network address serves as a pointer the peer's local rules. Each rule comprises a 5-tuple and an action. The action of a rule is carried out on a packet when the 5-tuple of the rule corresponds to the 5-tuple of the packet.
CA002226814A 1997-01-17 1998-01-12 System and method for providing peer level access control on a network Expired - Fee Related CA2226814C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/785,501 US6233686B1 (en) 1997-01-17 1997-01-17 System and method for providing peer level access control on a network
US08/785,501 1997-01-17

Publications (2)

Publication Number Publication Date
CA2226814A1 true CA2226814A1 (en) 1998-07-17
CA2226814C CA2226814C (en) 2003-03-25

Family

ID=25135719

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002226814A Expired - Fee Related CA2226814C (en) 1997-01-17 1998-01-12 System and method for providing peer level access control on a network

Country Status (5)

Country Link
US (1) US6233686B1 (en)
EP (1) EP0854621B1 (en)
JP (1) JP3814068B2 (en)
CA (1) CA2226814C (en)
DE (1) DE69825801T2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6779118B1 (en) 1998-05-04 2004-08-17 Auriq Systems, Inc. User specific automatic data redirection system

Families Citing this family (104)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6160843A (en) * 1996-03-29 2000-12-12 Cisco Technology, Inc. Communication server apparatus providing XDSL services and method
EP0968596B1 (en) 1997-03-12 2007-07-18 Nomadix, Inc. Nomadic translator or router
JP3961060B2 (en) * 1997-03-19 2007-08-15 愛知機械工業株式会社 Manual transmission reverse idler gear mounting structure
US6070243A (en) * 1997-06-13 2000-05-30 Xylan Corporation Deterministic user authentication service for communication network
US6182228B1 (en) * 1998-08-17 2001-01-30 International Business Machines Corporation System and method for very fast IP packet filtering
US6574666B1 (en) * 1998-10-22 2003-06-03 At&T Corp. System and method for dynamic retrieval loading and deletion of packet rules in a network firewall
US6158010A (en) 1998-10-28 2000-12-05 Crosslogix, Inc. System and method for maintaining security in a distributed computer network
US7673323B1 (en) * 1998-10-28 2010-03-02 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
CA2287689C (en) * 1998-12-03 2003-09-30 P. Krishnan Adaptive re-ordering of data packet filter rules
US8266266B2 (en) 1998-12-08 2012-09-11 Nomadix, Inc. Systems and methods for providing dynamic network authorization, authentication and accounting
US7194554B1 (en) 1998-12-08 2007-03-20 Nomadix, Inc. Systems and methods for providing dynamic network authorization authentication and accounting
US8713641B1 (en) 1998-12-08 2014-04-29 Nomadix, Inc. Systems and methods for authorizing, authenticating and accounting users having transparent computer access to a network using a gateway device
US7136926B1 (en) * 1998-12-31 2006-11-14 Pmc-Sierrra Us, Inc. Method and apparatus for high-speed network rule processing
US7117532B1 (en) * 1999-07-14 2006-10-03 Symantec Corporation System and method for generating fictitious content for a computer
AU6218800A (en) * 1999-07-14 2001-01-30 Recourse Technologies, Inc. System and method for quickly authenticating messages using sequence numbers
US6981155B1 (en) * 1999-07-14 2005-12-27 Symantec Corporation System and method for computer security
US20030115246A1 (en) * 1999-08-24 2003-06-19 Hewlett-Packard Company And Intel Corporation Policy management for host name mapped to dynamically assigned network address
US6587876B1 (en) 1999-08-24 2003-07-01 Hewlett-Packard Development Company Grouping targets of management policies
US7203962B1 (en) * 1999-08-30 2007-04-10 Symantec Corporation System and method for using timestamps to detect attacks
US6971028B1 (en) * 1999-08-30 2005-11-29 Symantec Corporation System and method for tracking the source of a computer attack
AU1224201A (en) 1999-10-22 2001-05-08 Nomadix, Inc. Systems and methods for dynamic bandwidth management on a per subscriber basis in a communications network
WO2001031885A2 (en) 1999-10-22 2001-05-03 Nomadix, Inc. Gateway device having an xml interface and associated method
US6832321B1 (en) 1999-11-02 2004-12-14 America Online, Inc. Public network access server having a user-configurable firewall
EP1104142A1 (en) * 1999-11-29 2001-05-30 BRITISH TELECOMMUNICATIONS public limited company Network access system
US8074256B2 (en) 2000-01-07 2011-12-06 Mcafee, Inc. Pdstudio design system and method
US7143439B2 (en) 2000-01-07 2006-11-28 Security, Inc. Efficient evaluation of rules
US6684244B1 (en) 2000-01-07 2004-01-27 Hewlett-Packard Development Company, Lp. Aggregated policy deployment and status propagation in network management systems
US6606659B1 (en) 2000-01-28 2003-08-12 Websense, Inc. System and method for controlling access to internet sites
US6675223B1 (en) * 2000-04-10 2004-01-06 International Business Machines Corporation Method and apparatus for processing frames using static and dynamic classifiers
ATE339836T1 (en) * 2000-04-12 2006-10-15 Tenovis Gmbh & Co Kg FIRE WALL ARCHITECTURAL SAVERS FOR A GIVEN PROTOCOL
FR2810180B1 (en) * 2000-06-08 2005-04-29 Cit Alcatel METHOD FOR PROVIDING ACCESS CONTROL FOR AND / OR TO USERS ACCESSING TERMINALS TO THE INTERNET NETWORK, THROUGH A PRIVATE ACCESS NODE, AND ARRANGEMENTS FOR IMPLEMENTING A SUCH METHOD
US7917647B2 (en) 2000-06-16 2011-03-29 Mcafee, Inc. Method and apparatus for rate limiting
AU2001268492A1 (en) * 2000-06-16 2002-01-02 Securify, Inc. Efficient evaluation of rules
BR0111951A (en) * 2000-06-26 2003-07-29 Intel Corp Network Security Establishment Using Internet Protocol Security
GB2371186A (en) * 2001-01-11 2002-07-17 Marconi Comm Ltd Checking packets
US7467298B2 (en) * 2001-04-16 2008-12-16 Microsoft Corporation Methods and arrangements for selectively maintaining parental access consent in a network environment
US7003578B2 (en) * 2001-04-26 2006-02-21 Hewlett-Packard Development Company, L.P. Method and system for controlling a policy-based network
US6816455B2 (en) * 2001-05-09 2004-11-09 Telecom Italia S.P.A. Dynamic packet filter utilizing session tracking
US20020198994A1 (en) * 2001-05-15 2002-12-26 Charles Patton Method and system for enabling and controlling communication topology, access to resources, and document flow in a distributed networking environment
IL159264A0 (en) * 2001-06-11 2004-06-01 Bluefire Security Technology Packet filtering system and methods
US7107464B2 (en) * 2001-07-10 2006-09-12 Telecom Italia S.P.A. Virtual private network mechanism incorporating security association processor
US7027446B2 (en) * 2001-07-18 2006-04-11 P-Cube Ltd. Method and apparatus for set intersection rule matching
US7209962B2 (en) * 2001-07-30 2007-04-24 International Business Machines Corporation System and method for IP packet filtering based on non-IP packet traffic attributes
US20030115292A1 (en) * 2001-10-24 2003-06-19 Griffin Philip B. System and method for delegated administration
US7325248B2 (en) * 2001-11-19 2008-01-29 Stonesoft Corporation Personal firewall with location dependent functionality
US7360242B2 (en) * 2001-11-19 2008-04-15 Stonesoft Corporation Personal firewall with location detection
US20060036701A1 (en) * 2001-11-20 2006-02-16 Bulfer Andrew F Messaging system having message filtering and access control
US7194464B2 (en) 2001-12-07 2007-03-20 Websense, Inc. System and method for adapting an internet filter
US7350226B2 (en) 2001-12-13 2008-03-25 Bea Systems, Inc. System and method for analyzing security policies in a distributed computer network
DE60104876T2 (en) * 2001-12-18 2004-12-23 Stonesoft Corp. Checking the configuration of a firewall
US7130921B2 (en) 2002-03-15 2006-10-31 International Business Machines Corporation Centrally enhanced peer-to-peer resource sharing method and apparatus
US7120691B2 (en) 2002-03-15 2006-10-10 International Business Machines Corporation Secured and access controlled peer-to-peer resource sharing method and apparatus
US7185365B2 (en) * 2002-03-27 2007-02-27 Intel Corporation Security enabled network access control
US7209449B2 (en) * 2002-03-27 2007-04-24 Intel Corporation Systems and methods for updating routing and forwarding information
US20030212900A1 (en) * 2002-05-13 2003-11-13 Hsin-Yuo Liu Packet classifying network services
US20030212901A1 (en) * 2002-05-13 2003-11-13 Manav Mishra Security enabled network flow control
WO2004051947A1 (en) * 2002-11-29 2004-06-17 Freebit Co.,Ltd. Server for routing connection to client device
JP4120415B2 (en) * 2003-02-10 2008-07-16 株式会社日立製作所 Traffic control computer
US7490348B1 (en) 2003-03-17 2009-02-10 Harris Technology, Llc Wireless network having multiple communication allowances
US7325002B2 (en) * 2003-04-04 2008-01-29 Juniper Networks, Inc. Detection of network security breaches based on analysis of network record logs
EP1480406A1 (en) * 2003-05-19 2004-11-24 Sony International (Europe) GmbH Confinement of data transfers to a local area network
WO2004107134A2 (en) * 2003-05-28 2004-12-09 Caymas Systems, Inc. Method and system for identifying bidirectional packet flow
US7359983B1 (en) * 2003-06-24 2008-04-15 Nvidia Corporation Fragment processing utilizing cross-linked tables
US7594224B2 (en) 2003-10-10 2009-09-22 Bea Systems, Inc. Distributed enterprise security system
US20050257245A1 (en) * 2003-10-10 2005-11-17 Bea Systems, Inc. Distributed security system with dynamic roles
US7644432B2 (en) * 2003-10-10 2010-01-05 Bea Systems, Inc. Policy inheritance through nested groups
US7844731B1 (en) * 2003-11-14 2010-11-30 Symantec Corporation Systems and methods for address spacing in a firewall cluster
US7472185B2 (en) * 2004-01-05 2008-12-30 International Business Machines Corporation Method and apparatus for scaling a user interface adaptively to an object discovery/display system with policy driven filtering
US20050228848A1 (en) * 2004-03-22 2005-10-13 Thurston Stacy D Method and system for operating a peer network
JP2007534046A (en) * 2004-04-23 2007-11-22 松下電器産業株式会社 Server device, client device, and network system
FR2872983A1 (en) * 2004-07-09 2006-01-13 Thomson Licensing Sa FIREWALL PROTECTION SYSTEM FOR A COMMUNITY OF APPLIANCES, APPARATUS PARTICIPATING IN THE SYSTEM AND METHOD FOR UPDATING FIREWALL RULES WITHIN THE SYSTEM
GB2416879B (en) 2004-08-07 2007-04-04 Surfcontrol Plc Device resource access filtering system and method
GB2418999A (en) * 2004-09-09 2006-04-12 Surfcontrol Plc Categorizing uniform resource locators
GB2418108B (en) * 2004-09-09 2007-06-27 Surfcontrol Plc System, method and apparatus for use in monitoring or controlling internet access
GB2418037B (en) 2004-09-09 2007-02-28 Surfcontrol Plc System, method and apparatus for use in monitoring or controlling internet access
US8078707B1 (en) * 2004-11-12 2011-12-13 Juniper Networks, Inc. Network management using hierarchical domains
US7577151B2 (en) * 2005-04-01 2009-08-18 International Business Machines Corporation Method and apparatus for providing a network connection table
JP4168052B2 (en) * 2005-04-01 2008-10-22 株式会社日立製作所 Management server
US8250229B2 (en) * 2005-09-29 2012-08-21 International Business Machines Corporation Internet protocol security (IPSEC) packet processing for multiple clients sharing a single network address
KR100819036B1 (en) * 2005-12-08 2008-04-02 한국전자통신연구원 Traffic Authentication Equipment using Packet Header Information and Method thereof
WO2007072245A2 (en) * 2005-12-21 2007-06-28 Koninklijke Philips Electronics N.V. Dynamic firewall rule definition
US8615800B2 (en) 2006-07-10 2013-12-24 Websense, Inc. System and method for analyzing web content
US8020206B2 (en) 2006-07-10 2011-09-13 Websense, Inc. System and method of analyzing web content
WO2008042804A2 (en) 2006-09-29 2008-04-10 Nomadix, Inc. Systems and methods for injecting content
US10255445B1 (en) * 2006-11-03 2019-04-09 Jeffrey E. Brinskelle Identifying destinations of sensitive data
US8484733B2 (en) * 2006-11-28 2013-07-09 Cisco Technology, Inc. Messaging security device
US9654495B2 (en) 2006-12-01 2017-05-16 Websense, Llc System and method of analyzing web addresses
EP1931099A1 (en) * 2006-12-04 2008-06-11 Alcatel Lucent Method for managing a communication between a server device and a customer device
JP5424008B2 (en) * 2006-12-19 2014-02-26 日本電気株式会社 Shared information management method and system
GB2445764A (en) * 2007-01-22 2008-07-23 Surfcontrol Plc Resource access filtering system and database structure for use therewith
US8015174B2 (en) 2007-02-28 2011-09-06 Websense, Inc. System and method of controlling access to the internet
GB0709527D0 (en) 2007-05-18 2007-06-27 Surfcontrol Plc Electronic messaging system, message processing apparatus and message processing method
US8416773B2 (en) * 2007-07-11 2013-04-09 Hewlett-Packard Development Company, L.P. Packet monitoring
US8199916B2 (en) * 2007-12-26 2012-06-12 International Business Machines Corporation Selectively loading security enforcement points with security association information
US9648039B1 (en) * 2008-01-24 2017-05-09 RazorThreat, Inc. System and method for securing a network
CA2729158A1 (en) 2008-06-30 2010-01-07 Websense, Inc. System and method for dynamic and real-time categorization of webpages
EP2141858B1 (en) * 2008-06-30 2014-11-26 Alcatel Lucent Method for managing a communication between a server device and a customer device
US20100054128A1 (en) * 2008-08-29 2010-03-04 O'hern William Near Real-Time Alerting of IP Traffic Flow to Subscribers
US8103600B1 (en) * 2009-02-23 2012-01-24 The United States Of America As Represented By The Secretary Of The Navy Graphic user interface having menus for display of context and syntax useful in an artificial intelligence system
US9130972B2 (en) 2009-05-26 2015-09-08 Websense, Inc. Systems and methods for efficient detection of fingerprinted data and information
US20110030037A1 (en) 2009-07-07 2011-02-03 Vadim Olshansky Zone migration in network access
US9117054B2 (en) 2012-12-21 2015-08-25 Websense, Inc. Method and aparatus for presence based resource management
US10476674B2 (en) 2017-05-18 2019-11-12 Linden Research, Inc. Systems and methods to secure searchable data having personally identifiable information
US10410015B2 (en) 2017-05-18 2019-09-10 Linden Research, Inc. Systems and methods to secure personally identifiable information

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5473607A (en) * 1993-08-09 1995-12-05 Grand Junction Networks, Inc. Packet filtering for data networks
US5606668A (en) * 1993-12-15 1997-02-25 Checkpoint Software Technologies Ltd. System for securing inbound and outbound data packet flow in a computer network
WO1996000549A1 (en) * 1994-06-30 1996-01-11 The Procter & Gamble Company Fluid pervious web exhibiting a surface energy gradient
WO1996005549A1 (en) * 1994-08-09 1996-02-22 Shiva Corporation Apparatus and method for restricting access to a local computer network
US5623601A (en) * 1994-11-18 1997-04-22 Milkway Networks Corporation Apparatus and method for providing a secure gateway for communication and data exchanges between networks
SE504546C2 (en) * 1995-08-21 1997-03-03 Telia Ab Arrangement for network access via the telecommunications network through a remote controlled filter

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6779118B1 (en) 1998-05-04 2004-08-17 Auriq Systems, Inc. User specific automatic data redirection system
USRE46459E1 (en) 1998-05-04 2017-06-27 Linksmart Wireless Technology, Llc User specific automatic data redirection system

Also Published As

Publication number Publication date
JPH10229418A (en) 1998-08-25
EP0854621A1 (en) 1998-07-22
US6233686B1 (en) 2001-05-15
MX9800399A (en) 1998-10-31
CA2226814C (en) 2003-03-25
DE69825801T2 (en) 2005-09-01
DE69825801D1 (en) 2004-09-30
JP3814068B2 (en) 2006-08-23
EP0854621B1 (en) 2004-08-25

Similar Documents

Publication Publication Date Title
CA2226814A1 (en) System and method for providing peer level access control on a network
CA2246549A1 (en) Establishing communication in a packet data network
SE9802415D0 (en) Firewall apparatus and method of controlling network data packet traffic between internal and external networks
CA2249787A1 (en) Methods and apparatus for accelerating osi layer 3 routers
ATE307449T1 (en) METHOD FOR PACKET AUTHENTICATION IN THE PRESENCE OF NETWORK ADDRESS TRANSLATIONS AND PROTOCOL CONVERSIONS
WO1997040610A3 (en) Internet protocol filter
WO2003023638A3 (en) Topology discovery by partitioning multiple discovery techniques
CA2272054A1 (en) A method and apparatus for filtering packets using a dedicated processor
GB2394866B (en) Arrangements and method in mobile internet communications systems
ATE400121T1 (en) SYSTEM AND METHOD FOR SELF-CONFIGURATION AND DISCOVERY OF IP-TO-MAC ADDRESS MAP AND GATEWAY PRESENCE
WO1997002734A3 (en) Internet protocol (ip) work group routing
DE69328749D1 (en) Dynamic signal routing
WO2003073626A3 (en) Method and process for signaling, communication and administration of networked objects
CA2308949A1 (en) Method, devices and signals for multiplexing payload data for transport in a data network
CA2379630A1 (en) Method of communications routing
WO2000051290A3 (en) Multi-service network switch
CA2426609A1 (en) Method for geolocating logical network addresses
WO2002086715A3 (en) Integrated procedure for partitioning network data services among multiple subscribers
WO2004036831A3 (en) Determining a path through a managed network
CA2276577A1 (en) Method and apparatus for routing in a communication or data network, or a network comprising communication and data networks
AU6082199A (en) Intelligent data network router
Cisco VINES Commands
Cisco Banyan VINES Commands
CA2349825A1 (en) Signalling message transport mechanism
Cisco Banyan VINES Commands

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20170112