Firewall for protecting electronic commerce databases from malicious hackers
First Claim
1. A method for intercepting a command sent to a manager program generated by a client program and determining whether said command is characteristic of a normal application program, the method comprising the steps of:
- intercepting said command;
preventing the direct sending of said command from said client program to said manager program;
performing an analysis upon said command;
sending said command to said manager program if said analysis determines that said command is characteristic of a normal application program; and
preventing said command from reaching said manager program if said analysis determines that said command is not characteristic of a normal application program;
whereby said manager program is protected from commands that are sent from a client program that is under control of an attacker.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method is described for protecting the core databases from being accessed by malicious hackers who have managed to compromise managers and infrastructure components that support an Internet web site. The system determines whether a particular database query has been generated by the e-commerce application system, or is likely to be part of an attack. The system decides whether to allow the query to proceed, or to reject the query, or to return false data. The system also determines whether to raise an alarm about this condition.
169 Citations
21 Claims
-
1. A method for intercepting a command sent to a manager program generated by a client program and determining whether said command is characteristic of a normal application program, the method comprising the steps of:
-
intercepting said command;
preventing the direct sending of said command from said client program to said manager program;
performing an analysis upon said command;
sending said command to said manager program if said analysis determines that said command is characteristic of a normal application program; and
preventing said command from reaching said manager program if said analysis determines that said command is not characteristic of a normal application program;
whereby said manager program is protected from commands that are sent from a client program that is under control of an attacker. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An application firewall program for intercepting a command sent from a client program to a manager program and determining whether said command is characteristic of a normal application program, comprising:
-
a preventor step to prevent the direct sending of said command from said client program to said manager program;
an analysis step whereby said command is analyzed to determine if it is characteristic of a normal application program; and
a forwarding step in which said command is sent to said manager program provided said analysis determines that said command is characteristic of a normal program; and
a prevention step in which commands that are not characteristic of a normal application program are prevented from reaching said manager program. - View Dependent Claims (9)
-
-
10. An application firewall machine comprising:
-
a first network interface coupling said firewall machine to a client computer via a first network segment;
a second network interface coupling said firewall machine to a manager computer via a second network segment;
a communications manager coupled to said first and second network interfaces, said communications manager being operable to read and write data to said first and second network segments via the corresponding first and second network interfaces, said communications manager being further operable to not permit direct passage of network communications across the network interfaces, and operable to send data to said manager computer when analysis determines that data coming from said client computer contains a command that is characteristic of a normal program; and
a command processor to process said data to identify commands that are being passed as requests from said client computer to said manager computer, and a command analyzer to analyze said commands to determine if said commands are characteristic of a normal application program. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification