Multi-method gateway-based network security systems and methods
First Claim
Patent Images
1. A method for detecting and preventing security breaches in network traffic, the method comprising:
- reassembling a plurality of TCP packets in the network traffic into a TCP stream;
inspecting the TCP stream to detect information indicative of security breaches;
dropping a TCP packet from the TCP stream if the TCP stream contains information indicative of security breaches; and
forwarding a TCP packet from the TCP stream to a network destination if the TCP stream does not contain information indicative of security breaches.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.
-
Citations
69 Claims
-
1. A method for detecting and preventing security breaches in network traffic, the method comprising:
-
reassembling a plurality of TCP packets in the network traffic into a TCP stream;
inspecting the TCP stream to detect information indicative of security breaches;
dropping a TCP packet from the TCP stream if the TCP stream contains information indicative of security breaches; and
forwarding a TCP packet from the TCP stream to a network destination if the TCP stream does not contain information indicative of security breaches. - View Dependent Claims (2, 3, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system for detecting and preventing security breaches in network traffic, the system comprising:
-
a TCP reassembly software module for reassembling a plurality of TCP packets in the network traffic into a TCP stream;
a software module for inspecting the TCP stream to detect information indicative of security breaches;
a software module for dropping a TCP packet from the TCP stream if the TCP stream contains information indicative of security breaches; and
a software module for forwarding a TCP packet from the TCP stream to a network destination if the TCP stream does not contain information indicative of security breaches. - View Dependent Claims (4, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A system for detecting and preventing security breaches in network traffic, the system comprising:
-
a network intrusion detection and prevention sensor placed in a network gateway, wherein the network intrusion detection and prevention sensor comprises;
a routine for reassembling a plurality of TCP packets into a TCP stream;
a software module for inspecting the TCP stream to detect information indicative of security breaches;
a software module for dropping a TCP packet from the TCP stream if the TCP stream contains information indicative of security breaches; and
a software module for forwarding a TCP packet from the TCP stream to a network destination if the TCP stream does not contain information indicative of security breaches;
a central management server to control the network intrusion detection and prevention sensor; and
a graphical user interface for configuring the network intrusion detection and prevention sensor. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A network intrusion detection and prevention sensor for detecting and preventing network security breaches at a network gateway, the network intrusion detection and prevention sensor comprising:
-
a flow manager software module for grouping a plurality of packets into packet flows and sessions;
a TCP reassembly software module for reassembling a plurality of TCP packets from the plurality of packets into a TCP stream;
a software module for inspecting the TCP stream according to the packet flows and sessions to detect information indicative of security breaches;
a software module for dropping a packet from the plurality of packets if the TCP stream contains information indicative of security breaches; and
a software module for forwarding a packet from the plurality of packets to a network destination if the TCP stream does not contain information indicative of security breaches. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
-
Specification