Network security based on redirection of questionable network access
First Claim
Patent Images
1. A computing system for controlling network communication, comprising:
- a processor; and
a memory that stores a module that is configured to evaluate a network communication that comes from a source computing system and that is directed to a destination computing system, by;
receiving a predefined white list of trusted network addresses;
determining a first internet protocol (IP) address corresponding to the network communication;
determining a destination port corresponding to the network communication;
determining whether or not to allow the network communication based at least in part on whether the first IP address and the destination port are allowable according to the white list;
in response to determining not to allow the network communication, redirecting the network communication to a mock destination computing system that is not the same as the destination computing system; and
wherein the mock destination computing system is configured to track the network communication and to record that the network communication is associated with an attempt to gain unauthorized access to the destination computing system.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques for network security are disclosed. In some implementations, an evaluation module determines whether a network communication from a source computing system to a destination computing system is allowable. The allowability of the communication is determined based properties of the network communication, such as a source or destination address, a port number, a time of day, a geographic location, and the like. If the communication is disallowed, the evaluation module or a related component redirects the communication to an alternative computing system that masquerades as the destination communication system.
79 Citations
18 Claims
-
1. A computing system for controlling network communication, comprising:
-
a processor; and a memory that stores a module that is configured to evaluate a network communication that comes from a source computing system and that is directed to a destination computing system, by; receiving a predefined white list of trusted network addresses; determining a first internet protocol (IP) address corresponding to the network communication; determining a destination port corresponding to the network communication; determining whether or not to allow the network communication based at least in part on whether the first IP address and the destination port are allowable according to the white list; in response to determining not to allow the network communication, redirecting the network communication to a mock destination computing system that is not the same as the destination computing system; and wherein the mock destination computing system is configured to track the network communication and to record that the network communication is associated with an attempt to gain unauthorized access to the destination computing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for controlling network communication, the method comprising:
evaluating a network communication that comes from a source computing system and that is directed to a destination computing system, by; receiving a predefined white list of trusted network addresses; determining a first internet protocol (IP) address corresponding to the network communication; determining a destination port corresponding to the network communication; determining whether or not to allow the network communication based at least in part on whether the first IP address and the destination port are allowable according to the white list; in response to determining not to allow the network communication, redirecting the network communication to a mock destination computing system that is not the same as the destination computing system; and wherein the mock destination computing system is configured to track the network communication and to record that the network communication is associated with an attempt to gain unauthorized access to the destination computing system.
-
18. A non-transitory computer-readable medium storing contents that are configured, when executed by a computing system, to perform a method comprising:
evaluating a network communication that comes from a source computing system and that is directed to a destination computing system, by; receiving a predefined white list of trusted network addresses;
determining a first internet protocol (IP) address corresponding to the network communication;determining a destination port corresponding to the network communication; determining whether or not to allow the network communication based at least in part on whether the first IP address and the destination port are allowable according to the white list; in response to determining not to allow the network communication, redirecting the network communication to a mock destination computing system that is not the same as the destination computing system; and wherein the mock destination computing system is configured to track the network communication and to record that the network communication is associated with an attempt to gain unauthorized access to the destination computing system.
Specification