Intergrated computer security management system and method
11 Assignments
0 Petitions
Accused Products
Abstract
The present invention is generally directed to a computer security management system that integrates a firewall with an intrusion detection system (IDS). In other words, the firewall and IDS of the present invention can be designed to communicate process or status information and packets with one another. The present invention can facilitate centralized control of the firewall and the IDS and can increase the speed at which packets are passed between a secured computer network and an external network. Increased packet processing speed can be achieved in several ways. For example, the firewall and IDS can process packets in series, in parallel, and sometimes singularly when one of the components is not permitted to process a packet. Alternatively, singular processing can also be performed when one component is permitted to pass a packet to the secured computer network without checking with the other component.
-
Citations
46 Claims
-
1-26. -26. (canceled)
-
27. A computer-implemented method for managing computer security information comprising the steps of:
-
acquiring a packet from an information stream;
evaluating the packet in parallel with a firewall and a computer security device;
determining by the firewall whether the packet should be deemed as trusted;
if the packet is deemed by the firewall as trusted, then sending the trusted packet irrespective of the evaluation made by the computer security device;
evaluating the packet with the computer security device by comparing the packet with one or more rules;
if the computer security device determines that the packet matches one or more rules, then generating an alert with the computer security device. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A computer-implemented method for managing computer security information comprising the steps of:
-
acquiring a packet from an information stream;
performing an evaluation of the packet with a firewall;
performing an evaluation of the packet by determining whether the packet violates one or more rules with a computer security device in a simultaneous manner relative to the evaluation made by the firewall;
if the packet violates one or more rules of the computer security device, then generating an alert with the computer security device. - View Dependent Claims (37, 38, 39, 40, 41, 42)
-
-
43. An integrated computer security management system comprising:
-
a secured computer network;
a firewall for performing an evaluation of a packet with one or more rules in order to determine whether to send the packet to the secured computer network, wherein the firewall determines whether the packet should be deemed as trusted, and allows the packet to pass if the packet is deemed as trusted;
a computer security device for performing another evaluation of the packet in parallel with the evaluation made by the firewall, for comparing the packet with one or more listed signatures, and for generating an alert if a match between the packet and one or more listed signatures exists; and
a central controller coupled to the firewall and the intrusion detection system, for configuring at least one of the firewall and intrusion detection system. - View Dependent Claims (44, 45, 46)
-
Specification