System and method for securing computer stations and/or communication networks

US 20090172821A1
Filed: 06/30/2005
Published: 07/02/2009
Est. Priority Date: 06/30/2004
Status: Abandoned Application

First Claim

Patent Images

1. Method of securing computer equipment that are client workstations connected to each other by means of a computer network or a communication network and forming at least one information system, said system comprising at least one computer server, characterised in that the method comprises two steps of correlating digital data relating to security of the network and of the system or systems, the first step being implemented in the client workstation(s), combining system data and data obtained from the network by scanning entire layers, known as OSI model, from a transport layer to an application layer;

the second step being executed in the server by combining “

history”

data obtained from digital databases, other “

history”

data stored in memory, and correlation data obtained from said first step,and in that the method also comprises, following each of said two correlation steps, a step of comparing said correlation data with security policy rules and a step of activating countermeasures according to a result of the comparison.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for securing computer equipment (client stations) connected by a computer network or communication network and forming at least on information system, said system comprising at least on computer server, characterized in that it comprises two stages wherein digital data relating to the security of the network and/or system(s) is correlated. The invention also relates to a system for securing wireless digital communication networks.

Citations

21 Claims

1. Method of securing computer equipment that are client workstations connected to each other by means of a computer network or a communication network and forming at least one information system, said system comprising at least one computer server, characterised in that the method comprises two steps of correlating digital data relating to security of the network and of the system or systems, the first step being implemented in the client workstation(s), combining system data and data obtained from the network by scanning entire layers, known as OSI model, from a transport layer to an application layer;
- the second step being executed in the server by combining “
  
  history”
  
  data obtained from digital databases, other “
  
  history”
  
  data stored in memory, and correlation data obtained from said first step,and in that the method also comprises, following each of said two correlation steps, a step of comparing said correlation data with security policy rules and a step of activating countermeasures according to a result of the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. Method of securing computer equipment according to claim 1, characterised in that it also comprises a step of correlation with user events at the client workstation level, such events being considered as executables
  - 3. Method of securing computer equipment according to claim 1, characterised in that it implements XML (eXtended Markup Language) technology.
  - 4. Method of managing computer attacks implementing the security method according to claim 1, characterised in that one of said countermeasures consists of sending at least one blocking command.
  - 5. Method of managing computer attacks according to claim 4, characterised in that the blocking command is sent to a router.
  - 6. Method of managing computer attacks according to claim 4, characterised in that the blocking command is sent to a terminal or an access point.
  - 7. Method of managing computer attacks according to claim 4, characterised in that the blocking command is sent to a firewall.
  - 8. Method of managing computer attacks according to claim 4, characterised in that the blocking command is sent to one or more of said client workstations.
  - 9. Method of managing computer attacks according to claim 4, characterised in that the blocking command is sent to one or more computer applications
  - 10. Method of managing computer attacks according to claim 4, characterised in that the (at least one) blocking command is limited in the time domain by means of a network management console.
  - 11. Method of managing computer attacks according to claim 4, characterised in that the (at least one) blocking command is sent when an event that fulfils a specific criterion occurs, said specific criterion being a port, an application, services, frames or packets.
  - 12. Method of managing an attack according to claim 1, characterised in that at least a part of said system data from said first step is defined following a step of learning about the behaviour of the system.
  - 13. Method of managing an attack according to claim 1, characterised in that it comprises, in addition, a step of an administrator qualifying the decisions made by the system, and characterised in that at least part of said “
    - history”
      
      data from said second step is defined following a step of learning step about said administrator qualifications.

14. System for securing digital communication networks, comprising:
- at least one computer server;
  
  at least one digital database;
  
  at least one network management console implemented on a client workstation;
  
  at least one user workstation on which a specific application is installed, in particular one which has “
  
  probe”
  
  type functions;
  
  said (at least one) server being connected to said (at least one) digital database, and to said (at least one) network management console by a first cabled communication network (fixed) comprising a private part and a DMZ-type semi-public part (. . . );
  
  said first network being connected to a wireless network or to a plurality of networks by means of equipment;
  
  said user workstation being connected to said network;
  
  characterised in thatsaid specific application emits, periodically and/or according to the performance of a specific event, digital data relating to the client workstation comprising indicators relating to at least one of the following parameters;
  
  i. attacks/security;
  
  ii. network reception quality;
  
  iii. malfunctions of the specific application;
  
  the server comprises means for correlating, on the one hand, said digital data relating to the client workstation and the data obtained from said database and/or data relating to one or more other client workstation(s), these means supplying correlation indices as their output;
  
  means for identifying and categorising possible attacks on the network;
  
  means for assessing and grading the relevance of possible risks relating to the data received based on a plurality of criteria.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. System for securing networks according to claim 14, characterised in that said network is a wireless network.
  - 16. System for securing networks according to claim 14, characterised in that said network is a Personal Area Network (PAN).
  - 17. System for securing networks according to claim 15, characterised in that said wireless network is a Wireless Local Area Network (WLAN).
  - 18. System for securing networks according to claim 15, characterised in that said wireless network is a Wireless Metropolitan Area Network (W-MAN).
  - 19. System for securing networks according to claim 15, characterised in that said wireless network is a digital mobile telecommunications network.
  - 20. System for securing networks according to claim 14, characterised in that said digital database is a relational DBMS (DataBase Management System).
  - 21. System for securing networks according to claim 14, characterised in that said network management console is capable of managing different types of equipment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyrecon Systems
Original Assignee
Skyrecon Systems
Inventors
Daira, Faycal, Buge, Alexandre, Dequidt, Romain

Application Number

US11/631,120
Publication Number

US 20090172821A1
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/552   involving long-term monitor...

H04L 63/1408   by monitoring network traff...

H04W 12/122   Counter-measures against at...

System and method for securing computer stations and/or communication networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing computer stations and/or communication networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links