REAL TIME ACTIVE NETWORK COMPARTMENTALIZATION
First Claim
1. A method of operating a digital communication network having a plurality of nodes which have a locally hierarchical relationship, comprising the steps of:
- supplying identification information at a first node to a transmission received from the network even if a sender of the transmission is not identified;
tracking network transmissions at the first node using the identification information and logging the identification information and a characteristic of the network transmission as traffic log information;
communicating the traffic log information to another node;
detecting a condition at the first node and communicating the condition to a trusted second node locally higher in said hierarchical relationship;
disconnecting one or more nodes in the network to test for the origin and scope of a potential attack and reconnecting disconnected nodes not associated with the potential attack; and
controlling a response at said first node in response to said information, wherein the controlling step includes switching a critical segment of the network to a secure mode when a threat is detected, and wherein the hierarchical relationship of the plurality of nodes is hidden to users of the network.
0 Assignments
0 Petitions
Accused Products
Abstract
Security policy manager devices are leveraged by manager objects to use highly secure user transparent communications to provide detection of questionable activities at every node, automatic collection of information related to any potential attack, isolation of the offending object with arbitrary flexibility of response (e.g. flexibly determining the level of certainty of an attack for initiation of a response in accordance with the number of nodes to be partitioned that is determined by the collected data concerning the potential attack), changing trust relationships between security domains, limiting the attack and launching offensive information warfare capabilities (e.g. outbound from the compromised node while limiting or eliminating inbound communications) in log time and simultaneously and/or concurrently in different but possibly overlapping sections or segments of a digital network of arbitrary configuration.
106 Citations
20 Claims
-
1. A method of operating a digital communication network having a plurality of nodes which have a locally hierarchical relationship, comprising the steps of:
-
supplying identification information at a first node to a transmission received from the network even if a sender of the transmission is not identified;
tracking network transmissions at the first node using the identification information and logging the identification information and a characteristic of the network transmission as traffic log information;
communicating the traffic log information to another node;
detecting a condition at the first node and communicating the condition to a trusted second node locally higher in said hierarchical relationship;
disconnecting one or more nodes in the network to test for the origin and scope of a potential attack and reconnecting disconnected nodes not associated with the potential attack; and
controlling a response at said first node in response to said information, wherein the controlling step includes switching a critical segment of the network to a secure mode when a threat is detected, and wherein the hierarchical relationship of the plurality of nodes is hidden to users of the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a plurality of nodes arranged to form a hierarchical tiered network;
wherein each said node is associated with an assigned tier and is connected, by two or more redundant communication links, to another node assigned to an adjacent tier; and
wherein each said node further comprises a manager object configured to control a response to a communications service attack at another node when said node is not under attack and in response to a signal received from said another node assigned to a higher network tier. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer readable medium upon which is embodied a sequence of programmable instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
assigning each of a plurality of nodes of a hierarchical tiered network to a tier of said hierarchical tiered network;
connecting, using two or more redundant communication links, each said node to at least one other of said nodes assigned to an adjacent tier of said hierarchical tiered network;
outputting a signal from a first node assigned to a first tier to a second node assigned to a second tier, said second tier having a higher hierarchical relationship in said hierarchical tiered network with respect to said first tier; and
controlling, at said second node, a response to a communications service attack occurring at a third node assigned to said second tier;
wherein said first and second nodes are not experiencing a communications service attack.
-
Specification