Method and system for internet hosting and security

US 20020073337A1
Filed: 08/30/2001
Published: 06/13/2002
Est. Priority Date: 08/30/2000
Status: Active Grant

First Claim

Patent Images

1. A system for providing an electronically secured web site of a private network on the Internet, comprising:

means for routing an external access request from the Internet to the web site and for limiting the external access request to the web site based on a type of the external access;

means for providing an electronic wall between the Internet and the private network of the web site, for receiving the routed external access request from the means for routing and limiting, and for rejecting or passing the routed external access request;

means for detecting the routed external access request and for determining whether the routed external access request is an attack on the private network of the web site;

means for controlling a routing of the routed external access request within the private network to a particular area of the private network based on a location address of the particular area; and

means for recording the routing of the routed external access request within the private network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a system and method for providing security to Internet hosting sites and mitigating electronic attacks against such sites. The system and method of the present invention provide: adequate Internet connections to the site to prevent connection floodings from intruders; implementation of different types of firewalls and an intrusion detection system to monitor and guard the site from electronic attacks; routing protocols to limit access to Internet hosting sites; continuous transfer of a hosting site from one geographic location to another in the event of an electronic attack against the hosting site or a disaster situation.

206 Citations

19 Claims

1. A system for providing an electronically secured web site of a private network on the Internet, comprising:
- means for routing an external access request from the Internet to the web site and for limiting the external access request to the web site based on a type of the external access;
  
  means for providing an electronic wall between the Internet and the private network of the web site, for receiving the routed external access request from the means for routing and limiting, and for rejecting or passing the routed external access request;
  
  means for detecting the routed external access request and for determining whether the routed external access request is an attack on the private network of the web site;
  
  means for controlling a routing of the routed external access request within the private network to a particular area of the private network based on a location address of the particular area; and
  
  means for recording the routing of the routed external access request within the private network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the means for detecting the routed external access request detects the routed external access request at the means for providing the electric wall.
  - 3. The system of claim 1, wherein the means for recording also provide recording of all events happening in the system.
  - 4. The system of claim 1, wherein the means for recording also provide recording of the routing of the external access request by the means for routing and the receiving of the routed external access request at the means for providing an electronic wall.
  - 5. The system of claim 2, wherein the means for detecting and determining comprises first means for detecting the routed external access request prior to its receipt at the means for providing the electronic wall and second means for detecting the routed external access request after it is received and passed by the means for providing the electronic wall.
  - 6. The system of claim 1, wherein the means for routing the external access request comprises:
    - primary means for routing the external access request; and
      
      secondary means as backup for the primary means for routing external access request when the primary means for routing becomes unavailable.
  - 7. The system of claim 1, wherein the means for providing the electronic wall comprises:
    - primary means for providing the electronic wall; and
      
      secondary means for providing the electronic wall when the primary means for providing the electronic wall becomes unavailable.

8. A system for providing security to a plurality of hosting sites on the Internet comprising:
- a first level of security that provides a first screening of requests from the Internet for access to the plurality of Internet hosting sites;
  
  a second level of security that detects and prevents unauthorized access to the plurality of Internet hosting sites by the access requests that are screened and passed by the first level of security;
  
  a third level of security that provides a second screening of the access requests that are authorized by the second level of security; and
  
  a fourth level of security that provides recording of all events happening in the plurality of Internet hosting sites.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 9. The system of claim 8, wherein the first level of security comprises a plurality of routers that screen the access requests based on a type of each of the access requests and route the passed access requests to the second level of security.
  - 10. The system of claim 8, wherein the second level of security comprises a plurality of firewall systems, each associated with a corresponding one of the Internet hosting sites.
  - 11. The system of claim 10, further comprising at least one load balancer for load balancing the passed access requests from the first level of security across the plurality of firewall systems.
  - 12. The system of claim 10, wherein the second level of security further comprises an intrusion detection system (IDS) for detecting unauthorized entry of one of the passed access requests into at least one of the plurality of firewall systems;
    - wherein the intrusion detection system comprises a first intrusion detection engine arranged in front of the at least one firewall system and a second intrusion detection engine arranged behind the at least one firewall system.
  - 13. The system of claim 10, wherein the second level of security further comprises a plurality of IDS'"'"'s, each associated with a corresponding one of the plurality of firewall systems for detecting and preventing unauthorized entry of any one of the passed access requests into any one of the plurality of firewall systems.
  - 14. The system of claim 8, wherein the third level of security comprises switches that manage sub-networks within a network for each of the Internet hosting sites.
  - 15. The system of claim 14, wherein the switches maintain lists of addresses of the sub-networks and provide the second screening of the access requests authorized by the second level of security based on the lists of addresses.
  - 16. The system of claim 8, wherein the third level of security comprises at least one switch for a corresponding one of the Internet hosting sites, wherein the at least one switch manages a plurality of sub-networks within a network of the corresponding Internet hosting site.
  - 17. The system of claim 16, wherein the at least one switch maintains addresses of the sub-networks of the corresponding hosting site and provides the second screening based on the address list of any one the access requests authorized by the second level of security and routed to the corresponding hosting site.
  - 18. The system of claim 17, wherein the at least one switch comprises a two duplicate switches with a primary switch and a secondary switch, wherein the secondary switch provides backup to the primary switch.
  - 19. The method of claim 8, wherein the fourth level of security comprises an at least one event log manager maintained in a server that connects throughout a network of at least one of the plurality of Internet hosting sites and records all events happening to the at least one Internet hosting site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Original Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Inventors
Clancy, Mark, Samchuck, Gerald M., Ioele, Anthony, Morgasen, Howard, Jafri, Syed Hasan

Granted Patent

US 7,007,299 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/10   Active monitoring, e.g. hea...

H04L 63/0209   Architectural arrangements,...

H04L 63/0218   Distributed architectures, ...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

H04L 67/1001   for accessing one among a p...

H04L 67/10015   Access to distributed or re...

H04L 67/1008   based on parameters of serv...

H04L 67/1029   using data related to the s...

H04L 9/40   Network security protocols

Method and system for internet hosting and security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

206 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Method and system for internet hosting and security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

206 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others