SECURE NETWORK SYSTEM AND ASSOCIATED METHOD OF USE
First Claim
1. A network computer system for providing security, wherein the network computer system comprises:
- a monitoring function for the network computer system;
at least one outside server for an untrusted computer network, wherein the monitoring function can read and execute data from the at least one outside server for the untrusted computer network;
at least one proxy server, wherein the at least one outside server for the untrusted computer network is able to read and write data to the at least one proxy server, wherein the monitoring function can read and execute data from the at least one proxy server;
at least one inside server, wherein the at least one proxy server is able to read and write data to the at least one inside server, wherein the monitoring function can read and execute data from the at least one inside server; and
a core operating system that is a portion of an operating system, wherein the at least one outside server, the at least one proxy server and the at least one inside server can read and execute data from the core operating system.
2 Assignments
0 Petitions
Accused Products
Abstract
A network computer system for providing security that includes a monitoring function for the network computer system utilizing compartments that can be logical or separate physical hardware, at least one outside server for an untrusted computer network, e.g., global computer system, at least one proxy server, at least one inside server, wherein the at least one outside server is able to read and write software code to the at least one proxy server and the at least one proxy server is able to read and write software code to the at least one inside server, wherein the monitoring function can read and execute software code from the at least one outside server, the at least one proxy server and the at least one inside server. There is a top/down security function to prevent access to higher compartments.
-
Citations
42 Claims
-
1. A network computer system for providing security, wherein the network computer system comprises:
-
a monitoring function for the network computer system;
at least one outside server for an untrusted computer network, wherein the monitoring function can read and execute data from the at least one outside server for the untrusted computer network;
at least one proxy server, wherein the at least one outside server for the untrusted computer network is able to read and write data to the at least one proxy server, wherein the monitoring function can read and execute data from the at least one proxy server;
at least one inside server, wherein the at least one proxy server is able to read and write data to the at least one inside server, wherein the monitoring function can read and execute data from the at least one inside server; and
a core operating system that is a portion of an operating system, wherein the at least one outside server, the at least one proxy server and the at least one inside server can read and execute data from the core operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A network computer system for providing security, wherein the network computer system comprises:
-
at least one system level auditing function, wherein the at least one system level auditing function resides within a first compartment and the at least one system level auditing function transports system log protocol events produced by an operating system through the network computer system;
at least one intrusion detection system, wherein the at least one intrusion detection system resides within a second compartment and a third compartment, wherein the second compartment monitors activity and makes comparisons to known patterns that may indicate an attack on the network computer system and the third compartment is where source code for the intrusion detection system resides, wherein the second compartment can read and execute data located in the third compartment without modification thereof;
at least one system health monitoring tool, wherein the at least one system health monitoring tool resides within a fourth compartment and a fifth compartment, wherein the fourth compartment monitors health and response time for the at least one outside server, the at least one proxy server and the at least one inside server and the fifth compartment is where source code for the system health monitoring tool resides, wherein the fourth compartment can read and execute data located in the fifth compartment without modification thereof;
at least one integrity check system, wherein the at least one integrity check system resides within a sixth compartment and a seventh compartment, wherein the sixth compartment will provide an integrity check function to monitor changes to a baseline configuration of the network computer system and the seventh compartment is where source code for the integrity check system resides, wherein the sixth compartment can read and execute the source code located in the seventh compartment without modification thereof;
at least one core operating system, residing within a fourteenth compartment;
at least one outside server for an untrusted computer system, wherein the outside server includes at least one eighth compartment where outside requests are received and processed and at least one ninth compartment where source code for the at least one outside server resides, wherein the at least one eighth compartment can read and execute data from the at least one ninth compartment and the at least one ninth compartment can read and execute data from the at least one core operating system that resides in the fourteenth compartment and the third compartment of the at least one intrusion detection function, the fifth compartment of the at least one system health monitoring tool and the seventh compartment of the at least one integrity check function can read and execute data from the at least one outside server;
at least one proxy server, wherein the at least one proxy server includes at least one tenth compartment where the at least one proxy server executes and filters requests from the at least one outside server and at least one eleventh compartment where source code for the at least one proxy server resides, wherein the at least one tenth compartment can read and execute data from the at least one eleventh compartment and the at least one eleventh compartment can read and execute data from the at least one core operating system, residing in the fourteenth compartment, and the third compartment of the at least one intrusion detection function, the fifth compartment of the at least one system health monitoring tool and the seventh compartment of the at least one integrity check function can read and execute data from the at least one proxy server; and
wherein the at least one inside server includes at least one twelfth compartment where the at least one inside server executes all and requests received from the unsecured computer network have been screened and deemed valid for further processing by the at least one proxy server and at least one thirteenth compartment where source code for the at least one inside server resides, wherein the at least one twelfth compartment can read and execute data from the at least one thirteenth compartment and the at least one thirteenth compartment can read and execute data from the at least one core operating system, residing in the fourteenth compartment, and the third compartment of the at least one intrusion detection function, the fifth compartment of the at least one system health monitoring tool and the seventh compartment of the at least one integrity check function can read and execute data from the at least one inside server. - View Dependent Claims (24, 25)
-
-
26. A process for providing security to a network computer system comprising:
-
reading and executing data from at least one outside server for an untrusted computer network with a monitoring function;
reading and executing data from at least one proxy server for an untrusted computer network with the monitoring function;
reading and executing data from at least one inside server for an untrusted computer network with the monitoring function;
reading and writing data from the at least one outside server to the at least one proxy server;
reading and writing data from the at least one proxy server to the at least one inside server; and
reading and executing data from a core operating system, which is at least a portion of an operating system, with the at least one outside server, the at least one proxy server and the at least one inside server. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A process for providing security for a network computer system comprising:
-
utilizing a system level auditing function, wherein the system level auditing function resides within a first compartment;
transporting system log protocol events produced by an operating system through the network computer system with the system level auditing function;
utilizing an intrusion detection system, wherein the intrusion detection system resides within a second compartment and a third compartment, wherein the third compartment includes source code for the intrusion detection system;
inspecting network activity and making comparisons to known patterns that may indicate an attack on the network computer system with the second compartment of the intrusion detection system;
reading and executing data located in the third compartment with the second compartment of the intrusion detection system;
utilizing a system health monitoring tool, wherein the system health monitoring tool resides within a fourth compartment and a fifth compartment, wherein the fifth compartment includes source code for the system health monitoring tool;
monitoring health and response time for the network computer system with the fourth compartment of the system health monitoring tool;
reading and executing data located in the fifth compartment with the fourth compartment of the system health monitoring tool;
utilizing an integrity check system, wherein the integrity check system resides within a sixth compartment and a seventh compartment;
monitoring changes to a baseline configuration of the network computer system with the sixth compartment;
reading and executing source code located in the seventh compartment with the sixth compartment;
providing a core operating system residing within a fourteenth compartment;
receiving a processing outside requests with at least one outside server for an untrusted computer network, wherein the at least one outside server includes at least one eighth compartment where outside requests are received and processed and at least one ninth compartment includes source code for the at least one outside server;
reading and executing data from the at least one ninth compartment with at least one eighth compartment;
reading and executing data from the fourteenth compartment with at least one ninth compartment;
reading and executing data from the at least one eighth compartment for the at least one outside server with the third compartment of the intrusion detection system, the fifth compartment of the system health monitoring tool and the seventh compartment of the check system;
executing and filtering requests from the at least one outside server to the at least one proxy server, wherein the at least one proxy server includes at least one tenth compartment where the at least one proxy server executes and filters requests from the at least one outside server and at least one eleventh compartment includes source code for the at least one proxy server;
reading and executing data from the fourteenth compartment with at least one eleventh compartment;
reading and executing data from the at least one tenth compartment for the at least one proxy server with the third compartment of the intrusion detection system, the fifth compartment of the system health monitoring tool and the seventh compartment of the check system;
executing requests received from the untrusted computer network have been screened and deemed valid for further processing by the at least one proxy server with at least one twelfth compartment for the at least one inside server and at least one thirteenth compartment includes source code for the at least one inside server;
reading and executing data from the fourteenth compartment with the at least one thirteenth compartment; and
reading and executing data from the at least one twelfth compartment for the at least one inside server with the third compartment of the intrusion detection system, fifth compartment of the system health monitoring tool and the seventh compartment of the check system. - View Dependent Claims (41, 42)
-
Specification