Method, apparatus, and program for identifying, restricting, and monitoring data sent from client computers
First Claim
1. A method, in a computer system, for monitoring data sent from a computer, comprising:
- detecting a request for an outgoing transfer of data from a program in the computer system to a destination;
determining whether the destination is a trusted site; and
performing a corrective action if the destination is not a trusted site.
1 Assignment
0 Petitions
Accused Products
Abstract
A monitoring tool operates just before packets are sent out from a client computer. The monitoring tool identifies the destination of data being sent and determines whether the destination is a trusted site. The monitoring tool may also check the data itself. If the data is unencrypted, the tool may perform a string or binary pattern search on the data. However, if the data is encrypted the monitoring tool may check for the amount of data being sent. The monitoring tool may then warn the user or an administrator if the data being sent appears to be uncharacteristically high. The monitoring tool may also take corrective action, such as blocking the transmission or disabling the offending program. Alternatively, the monitoring tool may attempt to alter the final destination of the data to the client computer itself. If the program still works, the program may continue to operate.
68 Citations
50 Claims
-
1. A method, in a computer system, for monitoring data sent from a computer, comprising:
-
detecting a request for an outgoing transfer of data from a program in the computer system to a destination;
determining whether the destination is a trusted site; and
performing a corrective action if the destination is not a trusted site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, in a computer system, for monitoring data sent from a computer, comprising:
-
detecting a request for an outgoing transfer of data from a program in the computer system to a destination;
determining whether the amount of the data is uncharacteristically high; and
performing a corrective action if the amount of the data is uncharacteristically high. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. An apparatus for monitoring data sent from a computer system, comprising:
-
detection means for detecting a request for an outgoing transfer of data from a program in the computer system to a destination;
determination means for determining whether the destination is a trusted site; and
correction means for performing a corrective action if the destination is not a trusted site. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. An apparatus for monitoring data sent from a computer system, comprising:
-
detection means for detecting a request for an outgoing transfer of data from a program in the computer system to a destination;
determination means for determining whether the amount of the data is uncharacteristically high; and
correction means for performing a corrective action if the amount of the data is uncharacteristically high. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46)
-
- 48. The apparatus of claim 48, further comprising means for transferring the log to a remote computer.
-
49. A computer program product, in a computer readable medium, for monitoring data sent from a computer system, comprising:
-
instructions for detecting a request for an outgoing transfer of data from a program in the computer system to a destination;
instructions for determining whether the destination is a trusted site; and
instructions for performing a corrective action if the destination is not a trusted site.
-
-
50. A computer program product, in a computer readable medium, for monitoring data sent from a computer system, comprising:
-
instructions for detecting a request for an outgoing transfer of data from a program in the computer system to a destination;
instructions for determining whether the amount of the data is uncharacteristically high; and
instructions for performing a corrective action if the amount of the data is uncharacteristically high.
-
Specification