(12) United States Patent ao) Patent No.: us 6,925,572 Bi
Amit et al. (45) Date of Patent: Aug. 2,2005
(54) FIREWALL WITH TWO-PHASE FILTERING
(75) Inventors: Neta Amit, Haifa (IL); Eran Harel, Kiriat Haim (IL); Abraham Nathan, Haifa (IL); Nevet Basker, Redmond, WA (US)
(73) Assignee: Microsoft Corporation, Redmond, WA (US)
( * ) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 0 days.
(21) Appl. No.: 09/514,461
(22) Filed: Feb. 28, 2000
(51) Int. CI.7 G06F 15/16; G06F 15/177;
G06F 11/30; G06F 12/14; H04L 9/00; H04L 9/32
(52) U.S. CI 713/201; 713/151; 713/152;
713/162; 713/166; 709/222; 709/230
(58) Field of Search 713/201, 151,
713/152, 162, 166, 701; 709/230, 229
(56) References Cited
U.S. PATENT DOCUMENTS
4,754,420 A * 6/1988 Jensen 708/300
Two-phase filtering for a firewall is disclosed. In the first, general phase, a request is filtered to verify one or more of: that the request is pursuant to a supported protocol, that a command of the request is allowed, that the length of the request does not exceed the allowed maximum for the command, and that characters of the request are of an allowable type. Upon first-phase verification, a second phase is invoked that is particular to the protocol of the request. In the second, specialized phase, the request is filtered to verify one or more of the source, the destination, and the content of the request. Upon second-phase verification, the request is allowed to pass. If either first-or second-phase verification fails, then the request is denied.
4 Claims, 3 Drawing Sheets
