Method and device for monitoring data traffic and preventing unauthorized access to a network
First Claim
1. A method of protecting a network from potentially harmful data traffic traversing a plurality of data ports of the network, the data traffic comprising data packets, the method comprising the steps of:
- a. providing a means for monitoring attributes of data traffic traversing a plurality of data ports of a network;
b. providing a means for responding when an attack on said network is determined to occur;
c. defining a set of attack parameters from attributes of one or more data packets traversing a network, such that when said defined set of parameters are met an attack on said network is presumed to occur;
d. specifying a set of responses that may be taken in response to said attack, wherein said responses are defined by a set of response rules, said response rules being designed to select one or more of said responses from said set of specified responses based upon monitored attack parameters;
e. monitoring all the data packets traversing the data ports from a plurality of sources with said monitoring means to determine when said attack parameters have been met;
f. comparing and coordinating said attack parameters and said response rules to select one or more of said set of specified responses based upon said monitored attack parameters; and
g. providing said one or more selected responses through said response providing means to protect said network from said attack.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and device for protecting a network by monitoring both incoming and outgoing data traffic on multiple ports of the network, and preventing transmission of unauthorized data across the ports. The monitoring system is provided in an non-promiscuous mode and automatically denies access to data packets from a specific source based upon an associated rules table. All other packets from sources not violating the rules are allowed to use the same port. The monitoring system processes copies of the data packets resulting in minimal loss of throughput. The system is also highly adaptable and provides for dynamic writing and issuing of firewall rules by updating the rules table. Information regarding the data packets is captured sorted and cataloged to determine attack profiles and unauthorized data packets.
308 Citations
21 Claims
-
1. A method of protecting a network from potentially harmful data traffic traversing a plurality of data ports of the network, the data traffic comprising data packets, the method comprising the steps of:
-
a. providing a means for monitoring attributes of data traffic traversing a plurality of data ports of a network;
b. providing a means for responding when an attack on said network is determined to occur;
c. defining a set of attack parameters from attributes of one or more data packets traversing a network, such that when said defined set of parameters are met an attack on said network is presumed to occur;
d. specifying a set of responses that may be taken in response to said attack, wherein said responses are defined by a set of response rules, said response rules being designed to select one or more of said responses from said set of specified responses based upon monitored attack parameters;
e. monitoring all the data packets traversing the data ports from a plurality of sources with said monitoring means to determine when said attack parameters have been met;
f. comparing and coordinating said attack parameters and said response rules to select one or more of said set of specified responses based upon said monitored attack parameters; and
g. providing said one or more selected responses through said response providing means to protect said network from said attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 18, 19, 20, 21)
-
- 15. A system for protecting a network, the system comprising a data monitoring means programmed to sample data packets transmitted to and from the network, a memory for storing the sampled data packets and a processor for comparing and coordinating selected attack parameters based upon attributes of said data packets and a set of specified responses defined by one or more response rules to select one or more of said set of specified responses based upon said monitored attack parameters and provide said one or more selected responses to protect said network from said attack.
Specification