INTELLIGENT INTEGRATED NETWORK SECURITY DEVICE

US 20100132030A1
Filed: 10/08/2009
Published: 05/27/2010
Est. Priority Date: 02/08/2002
Status: Active Grant

First Claim

Patent Images

1-50. -50. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, computer program products and apparatus for processing data packets are described. Methods include receiving the data packet, examining the data packet, determining a single flow record associated with the packet and extracting flow instructions for two or more devices from the single flow record.

86 Citations

View as Search Results

76 Claims

1-50. -50. (canceled)

51. A method for inspecting data packets associated with a flow in a computer network, the computer network including two or more security devices for processing the data packets, each of the data packets having associated header data, the method comprising:
- receiving a data packet;
  
  examining the data packet;
  
  determining a single flow record associated with the data packets;
  
  extracting flow instructions, which determine whether the data packet should be forwarded, for the two or more security devices, from the single flow record and forwarding the flow instructions to the respective ones of the two or more security devices to facilitate processing of the data packet;
  
  receiving, from each of the two or more security devices, evaluation information, the evaluation information being generated by a respective one of the two or more security devices when processing the data packet; and
  
  processing the data packet using the evaluation information.
- View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 52. The method of claim 51, where examining the data packet includes inspecting associated header data to determine if the data packet should be forwarded.
  - 53. The method of claim 51, where determining the single flow record associated with the data packet includes locating a flow record using the associated header data.
  - 54. The method of claim 51, where the extracting flow instructions for the two or more security devices from the single flow record includes obtaining information for locating the data packet in memory, and information providing a relative position of the data packet within the flow.
  - 55. The method of claim 51, where determining the flow record associated with the data packet includes:
    - determining a packet identifier using at least the associated header data;
      
      evaluating a flow table, for a matching flow record entry, using the packet identifier, wherewhen there is a matching flow table entry, retrieving a flow record from the matching flow record entry;
      
      orwhen there is no matching flow table entry, creating a new flow record; and
      
      storing the new flow record in the flow table.
  - 56. The method of claim 55, where the extracting flow instructions from the matching flow record includes:
    - extracting a session ID and flow information from the matching flow record; and
      
      communicating the session ID and flow information to the two or more security devices.
  - 57. The method of claim 55, where creating the new flow record includes:
    - creating a new session ID;
      
      retrieving device specific flow information associated with the data packet from the two or more security devices; and
      
      associating the new session ID, and the device specific flow information with the new flow record.
  - 58. The method of claim 57, further comprising:
    - storing security device specific flow information for each of the two or more security devices, along with the new session ID in the new flow record.
  - 59. The method of claim 51, further comprising:
    - processing, using the extracted flow instructions, the data packet in each of the two or more security devices.
  - 60. The method of claim 51, where processing the data packet includes determining if the data packet is to be forwarded.

61. A memory device incorporating instructions for inspecting data packets associated with a flow in a computer network, the computer network including two or more security devices for processing the data packets, each data packet having associated header data, the instructions to:
- receive a data packet;
  
  examine the data packet;
  
  determine a single flow record associated with the data packet;
  
  extract flow instructions, which determine whether the data packet should be forwarded, for the two or more security devices, from the single flow record and forward the flow instructions to the respective ones of the two or more security devices to facilitate processing of the data packet;
  
  receive, from each of the two or more security devices, evaluation information, the evaluation information being generated by a respective one of the two or more security devices when processing the data packet; and
  
  process the data packet using the evaluation information.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70)
- - 62. The memory device of claim 61, where the instructions to examine the data packet further include:
    - instructions to inspect the associated header data to determine if the data packet should be allowed.
  - 63. The memory device of claim 61, where the instructions to determine the single flow record associated with the data packet further include:
    - instructions to locate a flow record using the associated header data.
  - 64. The memory device of claim 61, where the instructions to extract flow instructions for the two or more security devices from the single flow record further include:
    - instructions to obtain information for locating the data packet in memory, and information providing a relative position of the data packet within the flow.
  - 65. The memory device of claim 61, where the instructions to determine the flow record associated with the data packet include instructions to:
    - determine a packet identifier using at least the associated header data;
      
      evaluate a flow table using the packet identifier, wherewhen there is a matching flow table entry, retrieve a flow record from the matching flow record entry;
      
      orwhen there is no matching flow table entry, create a new flow record; and
      
      store the new flow record in the flow table.
  - 66. The memory device of claim 65, where the instructions to extract flow instructions from the matching flow record include instructions to:
    - extract a session ID and flow information from the matching flow record; and
      
      communicate the session ID and flow information to the two or more security devices.
  - 67. The memory device of claim 65, where instructions to create the new flow record includes instructions to:
    - create a new session ID;
      
      retrieve device specific flow information associated with the data packet from the two or more security devices; and
      
      associate the new session ID, and the device specific flow information with the new flow record.
  - 68. The memory device of claim 67, further comprising:
    - instructions to store security device specific flow information for each of the two or more security devices, along with the new session ID in the single flow record.
  - 69. The memory device of claim 61, further comprising:
    - instructions to process the data packet in each of the two or more security devices using the extracted flow instructions.
  - 70. The memory device of claim 61, where instructions to process the data packet include instructions to determine if the data packet is to be forwarded.

71. An apparatus for processing data packets comprising:
- a session module to determine flow information for each received data packet and evaluate packet information that identifies a particular flow associated with a given data packet;
  
  a flow table that includes flow records for each flow having information determined by the session module, each particular flow record including flow information for a plurality of security devices coupled to the apparatus;
  
  where the session module is further to;
  
  receive, from each of the plurality of security devices, evaluation information based on a session ID and flow information associated with the particular flow, the evaluation information being generated by a respective one of the plurality of security devices in processing the data packets, andprocess the data packets using the evaluation information.
- View Dependent Claims (72, 73, 74, 75, 76)
- - 72. The apparatus of claim 71, further comprising a session module to:
    - locate a flow record in the flow table associated with the identified flow,transmit device specific flow information to each of the processing devices.
  - 73. The apparatus of claim 72, where the session module is to:
    - further process the given data packet by one of dropping, logging, storing, or forwarding the given data packet.
  - 74. The apparatus of claim 71, where the flow table includes an index key, and device specific flow information for the plurality of security devices.
  - 75. The apparatus of claim 71, where the security devices are included in one of a firewall, a flow-based router, an intrusion detection system, or an intrusion prevention system.
  - 76. The apparatus of claim 71, where the flow table includes one or more flow records that include policy information for use by the plurality of security devices in processing the given data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
ZUK, Nir

Granted Patent

US 8,332,948 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0209   Architectural arrangements,...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

H04L 63/12   Applying verification of th...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 69/22   Parsing or analysis of headers

INTELLIGENT INTEGRATED NETWORK SECURITY DEVICE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

76 Claims

Specification

Use Cases

Quick Links

Others

INTELLIGENT INTEGRATED NETWORK SECURITY DEVICE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

76 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others