Detection of invalid port accesses in port-scrambling-based networks
First Claim
1. A system comprising:
- a plurality of computer devices connected to a network, wherein each computer device retaining a replica of a whitelist of programs, wherein each computer device is configured to selectively scramble ports of outgoing communications transmitted over the network, wherein the selective scrambling of ports is performed based on the whitelist, wherein each computer device is configured to descramble ports of incoming communications received from the network; and
a server device connected to the network, wherein said server device is configured to monitor for an invalid port access, wherein the invalid port access is a communication transmitted over the network being directed at a target port of a computer device and wherein an unscrambled port obtained after descrambling the target port is not assigned to any application program that is being executed by the computer device, wherein said server device is configured to log the invalid port access.
1 Assignment
0 Petitions
Accused Products
Abstract
Method, system and product for detection of invalid port accesses in port-scrambling-based networks. The network may comprise a plurality of computers, each of which is configured to selectively scramble port of outgoing communications transmitted over the network and to descramble ports of incoming communications received from the network. The selective scrambling of ports may be based on a whitelist of programs. Invalid port accesses are monitored for. Invalid port accesses may be a communication transmitted over the network directing at a port, wherein an unscrambled port obtained after descrambling the port, is an invalid port. Invalid port accesses may be logged and actions may be taken to mitigate potential security risk represented thereby.
-
Citations
20 Claims
-
1. A system comprising:
-
a plurality of computer devices connected to a network, wherein each computer device retaining a replica of a whitelist of programs, wherein each computer device is configured to selectively scramble ports of outgoing communications transmitted over the network, wherein the selective scrambling of ports is performed based on the whitelist, wherein each computer device is configured to descramble ports of incoming communications received from the network; and a server device connected to the network, wherein said server device is configured to monitor for an invalid port access, wherein the invalid port access is a communication transmitted over the network being directed at a target port of a computer device and wherein an unscrambled port obtained after descrambling the target port is not assigned to any application program that is being executed by the computer device, wherein said server device is configured to log the invalid port access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product comprising a non-transitory computer readable medium retaining program instructions which program instructions when read by a processor, cause the processor to perform a method carried out in a computer network environment comprising a plurality of computer devices, each of which being configured for selectively scrambling ports of outgoing communications and for descrambling ports of incoming communications, the method comprising:
-
monitoring communications in the network; identifying an invalid port access attempt, wherein the invalid port access attempt is a communication that is directed at a target port of a computer device and wherein an unscrambled port obtained after descrambling the target port, is not assigned to any application program that is being executed by the computer device; and logging the invalid port access attempt. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A server device comprising:
-
a processor and a coupled memory, wherein the server device is connected to a network, wherein a plurality of computer devices are connected to the network, wherein each computer device is configured to selectively scramble ports of outgoing communications transmitted over the network, wherein each computer device is configured to descramble ports of incoming communications received from the network, wherein each computer retaining a whitelist of programs, wherein the selective scrambling of ports is performed based on the whitelist; and wherein said server device is configured to monitor for an invalid port access, wherein the invalid port access is a communication transmitted over the network being directed at a target port of a computer device and wherein an unscrambled port obtained after descrambling the target port is not assigned to any application program that is being executed by the computer device, wherein said server device is configured to log the invalid port access. - View Dependent Claims (19, 20)
-
Specification