Network service zone locking
First Claim
Patent Images
1. A method for determining unauthorized network usage, comprising the steps of:
- receiving internal zone data by classification of internal hosts into internal zones;
receiving unauthorized zone data, the unauthorized zone data specifies which designated internal zones are not authorized to communicate with associated unauthorized internal zones;
receiving override service data, the override service data specifies particular network services in which designated internal zones are authorized to participate with the associated unauthorized internal zones;
monitoring network communications;
capturing header information from monitored network communications;
determining which internal hosts are participating in the monitored network communications based on captured header information;
determining the internal zones participating in the monitored zone communications based upon the zone data;
determining unauthorized network usage based upon the unauthorized internal zone data and the override service data; and
generating an alarm upon detection of unauthorized network usage.
13 Assignments
0 Petitions
Accused Products
Abstract
A zone locking system detects unauthorized network usage internal to a firewall. The system determines unauthorized network usage by classifying internal hosts inside a firewall into zones. Certain specified zones are unauthorized to initiate client communications with other selected zones. However, zone override services can be designated for each associated internal zone, and thus, authorizing selected network services. An alarm or other appropriate action is taken upon the detection of unauthorized network usage.
-
Citations
20 Claims
-
1. A method for determining unauthorized network usage, comprising the steps of:
-
receiving internal zone data by classification of internal hosts into internal zones;
receiving unauthorized zone data, the unauthorized zone data specifies which designated internal zones are not authorized to communicate with associated unauthorized internal zones;
receiving override service data, the override service data specifies particular network services in which designated internal zones are authorized to participate with the associated unauthorized internal zones;
monitoring network communications;
capturing header information from monitored network communications;
determining which internal hosts are participating in the monitored network communications based on captured header information;
determining the internal zones participating in the monitored zone communications based upon the zone data;
determining unauthorized network usage based upon the unauthorized internal zone data and the override service data; and
generating an alarm upon detection of unauthorized network usage. - View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 17)
-
-
7. A method for determining unauthorized network usage, comprising the steps of:
-
receiving zone data by classification of hosts into zones;
receiving unauthorized zone data, the unauthorized zone data specifies which designated zones are not authorized to communicate with associated unauthorized zones;
receiving override service data, the override service data specifies particular network services in which designated zones are authorized to participate in communications with the associated unauthorized zones acting as a client;
monitoring network communications;
capturing header information from monitored network communications;
determining which hosts are participating in the monitored network communications based on captured header information;
determining a client host for each monitored network communication;
determining the zones participating in the monitored zone communications based upon the zone data;
determining unauthorized network usage based upon the unauthorized zone data and the override service data; and
generating an alarm upon detection of unauthorized network usage.
-
-
11. A system for determining unauthorized network usage, comprising:
-
a computer system operable to receive internal zone data by classification of internal hosts into internal zones;
the computer system operable to receive unauthorized zone data, the unauthorized zone data specifies which associated unauthorized zones are not authorized to initiate client communications to designated internal zones;
the computer system operable to receive override service data, the override service data specifies particular network services in which designated internal zones are authorized to receive from the associated unauthorized zones;
the computer system operable to capture header information from monitored network communications;
the computer system operable to determine which internal hosts are participating in the monitored network communications based on captured header information;
the computer system operable to determine the internal zones participating in the monitored zone communications based upon the internal zone data;
the computer system operable to determine unauthorized network usage based upon the unauthorized zone data and the override service data; and
a communication mechanism coupled to the computer system operable to provide an alarm upon detection of unauthorized network usage.
-
-
13. The system of claim 12, wherein the internal zones are classified by user functions.
-
14. The system of claim 12, wherein the internal zones are classified by subnet.
-
15. The system of claim 12, wherein the internal zone data includes an additional zone for outside hosts.
-
16. The system of claim 12, wherein the particular network services are based upon the client network services utilized by the internal hosts classified in the associated unauthorized zone.
-
18. A system for determining unauthorized network usage, comprising:
-
a computer system operable to zone data by classification of hosts into zones;
the computer system operable to receive unauthorized zone data, the unauthorized zone data specifies which designated zones are not authorized to communicate with associated unauthorized zones;
the computer system operable to receive override service data, the override service data specifies particular network services in which designated zones are authorized to participate in communications with the associated unauthorized zones acting as a client;
the computer system operable to monitor network communications;
the computer system operable to capture header information from monitored network communications;
the computer system operable to determine which hosts are participating in the monitored network communications based on captured header information;
the computer system operable to determine a client host for each monitored network communication;
the computer system operable to determine the zones participating in the monitored zone communications based upon the zone data;
the computer system operable to determine unauthorized network usage based upon the unauthorized zone data and the override service data; and
a communication mechanism coupled to the computer system operable to provide an alarm upon detection of unauthorized network usage. - View Dependent Claims (19, 20)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeLancope, Inc. (Cisco Systems, Inc.)
-
InventorsJerrim, John, Copeland, John A.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/201
-
CPC Class CodesG06F 21/1012 to domainsG06F 21/552 involving long-term monitor...H04L 2101/663 Transport layer addresses, ...H04L 43/026 using flow identificationH04L 63/02 for separating internal fro...H04L 63/0263 Rule managementH04L 63/1408 by monitoring network traff...H04L 63/1416 Event detection, e.g. attac...
