System for securing the flow of and selectively modifying packets in a computer network

Assignee

• Check Point Software Technologies Ltd. · IL

Inventors

• Gil Shwed · Nes Ziona, IL
• Shlomo Kramer · Nes Ziona, IL
• Nir Zuk · Menlo Park, US
• Gil Israel Dogon · Jerusalem, IL
• Ehud Ben-Reuven · Nes Ziona, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/126
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The present invention discloses a novel system for controlling the inbound and outbound data packet flow in a computer network. By controlling the packet flow in a computer network, private networks can be secured from outside attacks in addition to controlling the flow of packets from within the private network to the outside world. A user generates a rule base which is then converted into a set of filter language instruction. Each rule in the rule base includes a source, destination, service, whether to accept or reject the packet and whether to log the event. The set of filter language instructions are installed and execute on inspection engines which are placed on computers acting as firewalls. The firewalls are positioned in the computer network such that all traffic to and from the network to be protected is forced to pass through the firewall. Thus, packets are filtered as they flow into and out of the network in accordance with the rules comprising the rule base. The inspection engine acts as a virtual packet filtering machine which determines on a packet by packet basis whether to reject or accept a packet. If a packet is rejected, it is dropped. If it is accepted, the pac…