Intergrated computer security management system and method

US 20080115204A1
Filed: 12/11/2007
Published: 05/15/2008
Est. Priority Date: 09/07/2001
Status: Active Grant

First Claim

Patent Images

1-26. -26. (canceled)

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is generally directed to a computer security management system that integrates a firewall with an intrusion detection system (IDS). In other words, the firewall and IDS of the present invention can be designed to communicate process or status information and packets with one another. The present invention can facilitate centralized control of the firewall and the IDS and can increase the speed at which packets are passed between a secured computer network and an external network. Increased packet processing speed can be achieved in several ways. For example, the firewall and IDS can process packets in series, in parallel, and sometimes singularly when one of the components is not permitted to process a packet. Alternatively, singular processing can also be performed when one component is permitted to pass a packet to the secured computer network without checking with the other component.

Citations

46 Claims

1-26. -26. (canceled)

27. A computer-implemented method for managing computer security information comprising the steps of:
- acquiring a packet from an information stream;
  
  evaluating the packet in parallel with a firewall and a computer security device;
  
  determining by the firewall whether the packet should be deemed as trusted;
  
  if the packet is deemed by the firewall as trusted, then sending the trusted packet irrespective of the evaluation made by the computer security device;
  
  evaluating the packet with the computer security device by comparing the packet with one or more rules;
  
  if the computer security device determines that the packet matches one or more rules, then generating an alert with the computer security device.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. The method of claim 27, wherein the computer security device comprises an intrusion detection system.
  - 29. The method of claim 27, wherein determining by the firewall whether the packet should be deemed trusted comprises comparing the packet with one or more firewall rules.
  - 30. The method of claim 27, further comprising the steps of:
    - copying the packet; and
      
      forwarding the copy of the packet to the computer security device.
  - 31. The method of claim 27, further comprising the steps of:
    - determining if the packet violates one or more rules of the firewall; and
      
      if the packet violates one or more rules, then dropping the packet.
  - 32. The method of claim 27, wherein determining by the firewall whether the packet should be deemed trusted comprises:
    - identifying a source of the packet;
      
      comparing the identified source to a predetermined list; and
      
      if the identified source matches a source on the list, sending the packet.
  - 33. The method of claim 27, further comprising the step of evaluating the packet with a virus scanning device.
  - 34. The method of claim 27, further comprising the steps of:
    - determining if the packet is destined for the secured computer network; and
      
      communicating the packet to the computer security device even if the packet is not destined for the secured computer network.
  - 35. The method of claim 27, further comprising the steps of:
    - determining whether the firewall has deemed a packet as rejected; and
      
      determining whether the firewall has deemed a packet as denied.

36. A computer-implemented method for managing computer security information comprising the steps of:
- acquiring a packet from an information stream;
  
  performing an evaluation of the packet with a firewall;
  
  performing an evaluation of the packet by determining whether the packet violates one or more rules with a computer security device in a simultaneous manner relative to the evaluation made by the firewall;
  
  if the packet violates one or more rules of the computer security device, then generating an alert with the computer security device.
- View Dependent Claims (37, 38, 39, 40, 41, 42)
- - 37. The method of claim 36, wherein performing the evaluation of the packet with the firewall further comprises determining whether to deem the packet as trusted with the firewall.
  - 38. The method of claim 37, wherein determining whether the packet should be deemed trusted comprises comparing the packet with one or more firewall rules.
  - 39. The method of claim 37, if the firewall deems the packet as trusted, then sending the packet.
  - 40. The method of claim 37, if the packet is deemed by the firewall as trusted, then sending the trusted packet irrespective of the evaluation made by the computer security device.
  - 41. The method of claim 36, wherein the computer security device comprises an intrusion detection system.
  - 42. The method of claim 36, further comprising the steps of:
    - copying the packet; and
      
      forwarding the copy of the packet to the computer security device.

43. An integrated computer security management system comprising:
- a secured computer network;
  
  a firewall for performing an evaluation of a packet with one or more rules in order to determine whether to send the packet to the secured computer network, wherein the firewall determines whether the packet should be deemed as trusted, and allows the packet to pass if the packet is deemed as trusted;
  
  a computer security device for performing another evaluation of the packet in parallel with the evaluation made by the firewall, for comparing the packet with one or more listed signatures, and for generating an alert if a match between the packet and one or more listed signatures exists; and
  
  a central controller coupled to the firewall and the intrusion detection system, for configuring at least one of the firewall and intrusion detection system.
- View Dependent Claims (44, 45, 46)
- - 44. The system of claim 43, wherein the computer security device comprises an intrusion detection system.
  - 45. The system of claim 43, wherein the central controller receives one or more alerts that are generated by the intrusion detection system.
  - 46. The system of claim 43, wherein the computer security device and firewall reside on a single computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jon Ramsey, Kevin Ketts, Steve Buer
Original Assignee
Jon Ramsey, Kevin Ketts, Steve Buer
Inventors
Ketts, Kevin, Ramsey, Jon, Buer, Steve

Granted Patent

US 8,122,495 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

Intergrated computer security management system and method

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Intergrated computer security management system and method

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links