METHOD AND APPARATUS FOR PROVIDING SECURITY IN AN INTRANET NETWORK

US 20100037309A1
Filed: 08/07/2008
Published: 02/11/2010
Est. Priority Date: 08/07/2008
Status: Active Grant

First Claim

Patent Images

1. A method for providing security in an intranet network, comprising:

receiving a packet at a customer edge router;

applying an inbound access control list by said customer edge router to said packet if said packet is destined to a server in a protected server group, wherein said protected server group identifies one or more servers within the intranet network to be protected; and

applying an outbound access control list by said customer edge router to said packet if said packet is from a server in said protected server group.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus for providing security in an intranet network are disclosed. For example, the method receives a packet at a customer edge router, and applies an inbound access control list by the customer edge router to the packet if the packet is destined to a server in a protected server group, wherein said protected server group identifies one or more servers within the intranet network to be protected. The method applies an outbound access control list by the customer edge router to the packet if the packet is from a server in the protected server group.

38 Citations

View as Search Results

20 Claims

1. A method for providing security in an intranet network, comprising:
- receiving a packet at a customer edge router;
  
  applying an inbound access control list by said customer edge router to said packet if said packet is destined to a server in a protected server group, wherein said protected server group identifies one or more servers within the intranet network to be protected; and
  
  applying an outbound access control list by said customer edge router to said packet if said packet is from a server in said protected server group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - allowing said packet to proceed towards its destination if said packet is not to and/or from said one or more servers in said protected server group.
  - 3. The method of claim 1, further comprising:
    - determining if said packet is destined to one of said one or more servers in said protected server group; and
      
      creating a bypass entry in said outbound access control list to permit return traffic from said one or more servers in said protected server group.
  - 4. The method of claim 3, wherein said bypass entry is valid for a predetermined period of time for a stateless session.
  - 5. The method of claim 1, further comprising:
    - determining if said packet is from one of said one or more servers in said protected server group, where said packet is sent without being solicited; and
      
      blocking a transmission of said packet.
  - 6. The method of claim 1, wherein said packet comprises a ping message or a trace-route message which is allowed to proceed to said one or more servers in the protected server group.
  - 7. The method of claim 1, further comprising:
    - determining if one of said one or more servers in said protected server group has been compromised by monitoring a request from said one server for creating a session.
  - 8. The method of claim 1, further comprising:
    - detecting a denial of service attack by monitoring a number of half open sessions from one or more customer endpoint devices to said one or more servers in said protected server group.

9. A computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions including instructions which, when executed by a processor, cause the processor to perform the steps of a method for providing security in an intranet network, comprising:
- receiving a packet at a customer edge router;
  
  applying an inbound access control list by said customer edge router to said packet if said packet is destined to a server in a protected server group, wherein said protected server group identifies one or more servers within the intranet network to be protected; and
  
  applying an outbound access control list by said customer edge router to said packet if said packet is from a server in said protected server group.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-readable medium of claim 9, further comprising:
    - allowing said packet to proceed towards its destination if said packet is not to and/or from said one or more servers in said protected server group.
  - 11. The computer-readable medium of claim 9, further comprising:
    - determining if said packet is destined to one of said one or more servers in said protected server group; and
      
      creating a bypass entry in said outbound access control list to permit return traffic from said one or more servers in said protected server group.
  - 12. The computer-readable medium of claim 11, wherein said bypass entry is valid for a predetermined period of time for a stateless session.
  - 13. The computer-readable medium of claim 9, further comprising:
    - determining if said packet is from one of said one or more servers in said protected server group, where said packet is sent without being solicited; and
      
      blocking a transmission of said packet.
  - 14. The computer-readable medium of claim 9, wherein said packet comprises a ping message or a trace-route message which is allowed to proceed to said one or more servers in the protected server group.
  - 15. The computer-readable medium of claim 9, further comprising:
    - determining if one of said one or more servers in said protected server group has been compromised by monitoring a request from said one server for creating a session.
  - 16. The computer-readable medium of claim 9, further comprising:
    - detecting a denial of service attack by monitoring a number of half open sessions from one or more customer endpoint devices to said one or more servers in said protected server group.

17. An apparatus for providing security in an intranet network, comprising:
- means for receiving a packet at a customer edge router;
  
  means for applying an inbound access control list by said customer edge router to said packet if said packet is destined to a server in a protected server group, wherein said protected server group identifies one or more servers within the intranet network to be protected; and
  
  means for applying an outbound access control list by said customer edge router to said packet if said packet is from a server in said protected server group.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, further comprising:
    - means for allowing said packet to proceed towards its destination if said packet is not to and/or from said one or more servers in said protected server group.
  - 19. The apparatus of claim 17, further comprising:
    - means for determining if said packet is destined to one of said one or more servers in said protected server group; and
      
      means for creating a bypass entry in said outbound access control list to permit return traffic from said one or more servers in said protected server group.
  - 20. The apparatus of claim 19, wherein said bypass entry is valid for a predetermined period of time for a stateless session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
DARGIS, ANTHONY

Granted Patent

US 8,739,269 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/1458   Denial of Service

H04L 63/164   at the network layer

H04L 63/20   for managing network securi...

METHOD AND APPARATUS FOR PROVIDING SECURITY IN AN INTRANET NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND APPARATUS FOR PROVIDING SECURITY IN AN INTRANET NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others