| 发明名称 |
FIREWALL WITH TWO-PHASE FILTERING |
| 摘要 |
Two-phase filtering for a firewall is disclosed. In the first, general phase, a request is filtered to verify one or more of: that the request is pursuant to a supported protocol, that a command of the request is allowed, that the length of the request does not exceed the allowed maximum for the command, and that characters of the request are of an allowable type. Upon first-phase verification, a second phase is invoked that is particular to the protocol of the request. In the second, specialized phase, the request is filtered to verify one or more of the source, the destination, and the content of the request. Upon second-phase verification, the request is allowed to pass. If either first- or second-phase verification fails, then the request is denied. |
| 申请公布号 |
US2017126624(A1) |
申请公布日期 |
2017.05.04 |
| 申请号 |
US201715405178 |
申请日期 |
2017.01.12 |
| 申请人 |
MICROSOFT TECHNOLOGY LICENSING, LLC |
发明人 |
Amit Neta;Harel Eran;Nathan Abraham;Basker Nevet |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method performed on at least one network security device that comprises a processor and memory, the method comprising:
receiving, by the at least one network security device from a source network, network traffic; first verifying, by the at least one network security device in response to a protocol of the received network traffic being supported by the at least one network security device, the protocol; and second verifying, by the at least one network security device in response to the verified protocol and further in response to content of the received network traffic conforming to the verified protocol, the content. |
| 地址 |
Redmond WA US |
