Auditing and policy control at SSH endpoints
First Claim
Patent Images
1. A method comprising:
- receiving, in a firewall from a policy server, policy information including instructions for interception of encrypted communications;
intercepting and decrypting, in the firewall at least a part of an encrypted communication, at a packets level, according to a first encrypted protocol in accordance with the policy information; and
sending at least a part of the decrypted communication from the firewall to an audit server using a network protocol,wherein the firewall is a device that performs stateful inspection of data packets, andwherein the audit server is not within the firewall.
1 Assignment
0 Petitions
Accused Products
Abstract
SSH sessions and other protocol sessions (e.g., RDP) may be audited using an interceptor embedded within an SSH server or other protocol server. Operations performed over an SSH connection may be controlled, including controlling what files are transferred.
-
Citations
17 Claims
-
1. A method comprising:
-
receiving, in a firewall from a policy server, policy information including instructions for interception of encrypted communications; intercepting and decrypting, in the firewall at least a part of an encrypted communication, at a packets level, according to a first encrypted protocol in accordance with the policy information; and sending at least a part of the decrypted communication from the firewall to an audit server using a network protocol, wherein the firewall is a device that performs stateful inspection of data packets, and wherein the audit server is not within the firewall. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A firewall comprising:
-
one or more processors; and at least one non-transitory memory comprising program code for causing, with the one or more processors, the firewall to; receive, from a policy server, policy information including instructions for interception of encrypted communications; intercept and decrypt at least a part of an encrypted communication, at a packets level, according to a first encrypted protocol in accordance with the policy information; and send at least a part of the decrypted communication to an audit server using a network protocol, wherein the firewall is a device that performs stateful inspection of data packets, and wherein the audit server is not within the firewall. - View Dependent Claims (8, 9, 10)
-
-
11. A computer program product for a firewall stored on a non-transitory computer-readable medium comprising program code operable to cause the firewall to:
-
receive, from a policy server, policy information including instructions for interception of encrypted communications; intercept and decrypt at least a part of an encrypted communication, at a packets level, according to a first encrypted protocol in accordance with the policy information; and send at least a part of the decrypted communication to an audit server using a network protocol, wherein the firewall is a device that performs stateful inspection of data packets, and wherein the audit server is not within the firewall. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification