Multi-level security network system
First Claim
1. A security device for connecting a host computer from a host bus to a computer network, the security device comprising a local bus, a network interface connecting said local bus to the computer network, and a two-port memory device connecting said local bus to the host bus.
16 Assignments
0 Petitions
Accused Products
Abstract
A network prevents unauthorized users from gaining access to confidential information. The network has various workstations and servers connected by a common medium and through a router to the Internet. The network has two major components, a Network Security Center (NSC) and security network interface cards or devices. The NSC is an administrative workstation through which the network security officer manages the network as a whole as well as the individual security devices. The security devices are interposed between each of workstation, including the NSC, and the common medium and operate at a network layer (layer 3) of the protocol hierarchy. The network allows trusted users to access outside information, including the Internet, while stopping outside attackers at their point of entry. At the same time, the network limits an unauthorized insider to information defined in their particular security profile. The user may select which virtual network to access at any given time. The result is trusted access to multiple secure Virtual Private Networks (VPN), all from a single desktop machine.
164 Citations
53 Claims
- 1. A security device for connecting a host computer from a host bus to a computer network, the security device comprising a local bus, a network interface connecting said local bus to the computer network, and a two-port memory device connecting said local bus to the host bus.
-
13. A method for controlling a sending computer to transmit information to a receiving computer over a computer network, the method comprising:
-
receiving the information to be transmitted to the receiving computer from the sending computer;
implementing security mechanisms to determine whether communication is authorized from the sending computer to the receiving computer and, if not, then terminating the transmission of information and, if so, then encrypting the information to be transmitted; and
,transmitting the encrypted information to the receiving computer over the computer network.
-
-
19. A method for controlling a receiving computer to receive information transmitted from a transmitting computer over a computer network, the method comprising:
-
receiving the information to be received by the receiving computer from the computer network;
implementing security mechanisms to determine whether communication is authorized from the sending computer to the receiving computer and, if not, then terminating the transmission of information and, if so, then decrypting the information to be received; and
,transmitting the decrypted information to the receiving computer for reception thereof.
-
-
25. A secure network having a plurality of host computers accessible to users and connected to a network medium that has access to an untrusted line, the secure network comprising:
-
a network security controller for enabling a security officer to generate at least one user profile for each user, each user profile defining at least one destination which the user is authorized to access; and
,security devices connected to the network medium for receiving the user profiles generated at the network security controller, each security device associated with one host computer, each security device having an authorization device for authorizing users at the associated host computer, the security device permitting the authorized user, via the associated host computer, to select a user'"'"'s profile associated with the user and for restricting access of the host computer to the at least one destination defined in the selected user'"'"'s profile.
-
-
38. A method for operating a network having a plurality of host computers accessible to users and connected to a network medium that has access to an untrusted line, the method comprising:
-
generating at least one user profile for each user, each user profile defining at least one destination which the user is authorized to access;
authorizing a user at a host computer;
determining, at the host computer, the at least one user is profile associated with the authorized user;
permitting, at the host computer, the authorized user to select a user'"'"'s profile associated with the user; and
restricting access of the host computer to the at least one destination defined in the selected user'"'"'s profile.
-
- 50. A multi-level secure network having a plurality of host computers accessible to users and connected to a network medium that has access to an untrusted line, the secure network comprising a security device coupled between at least one host computer and the network medium which operates at a network layer communications protocol and a network security controller for controlling the security device to establish connections to the network medium.
Specification