System and Method for Remotely Securing a Network from Unauthorized Access

US 20100325730A1
Filed: 06/17/2009
Published: 12/23/2010
Est. Priority Date: 06/17/2009
Status: Active Grant

First Claim

Patent Images

1. A process for remotely securing a network from unauthorized access, the network including a plurality of workstations and a device for connection to the Internet comprising:

providing a firewall having at least two virtual routers at the network location;

connecting the firewall between the device and the workstations in a bridge-mode;

running a client application software locally on the network;

gathering data concerning the characteristics of the network and transmitting that information to a central computer;

retrieving the firewall logs to the central computer;

analyzing the data and firewall logs and transmitting firewall programming instructions to the client application software running on the network; and

programming the firewall internally from the network, thereby converting the firewall from a bridge-mode to a router mode.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention is an improved system and method of efficiently deploying a large scale roll out of secure networks, including a VPN, to clients with limited or non-existent technical staff. The invention allows for a person with minimal technical skills to install, and, if necessary, uninstall the solution. Through a series of automated and/or remotely-controlled steps provided through connections established from inside the site to a centralized system over an unprotected network, the site'"'"'s network can be secured, updated, and/or reconfigured, and returned to its previous state if errors should occur. Furthermore, a virtual private network (VPN) can be established that allows multiple hosts on the VPN but on different local networks to have the same IP address. Additionally, without any additional hardware and as part of the installation process, the invention protects the site from unauthorized local network devices either by preventing them from passing traffic off the local network or by generating notification of their existence.

19 Citations

View as Search Results

16 Claims

1. A process for remotely securing a network from unauthorized access, the network including a plurality of workstations and a device for connection to the Internet comprising:
- providing a firewall having at least two virtual routers at the network location;
  
  connecting the firewall between the device and the workstations in a bridge-mode;
  
  running a client application software locally on the network;
  
  gathering data concerning the characteristics of the network and transmitting that information to a central computer;
  
  retrieving the firewall logs to the central computer;
  
  analyzing the data and firewall logs and transmitting firewall programming instructions to the client application software running on the network; and
  
  programming the firewall internally from the network, thereby converting the firewall from a bridge-mode to a router mode.
- View Dependent Claims (2, 3, 4, 5, 16)
- - 2. The process of claim 1 wherein the IP addresses of the workstations are not changed.
  - 3. The process of claim 1 wherein the network includes a plurality of network connected devices and the IP addresses of the network connected devices and the workstations are not changed.
  - 4. The process according to claim 1 wherein the client application software includes instructions for testing for unauthorized access from within the protected network.
  - 5. The process according to claim 4 wherein the testing instructions for unauthorized access from within the protected network prevent rogue devices from passing traffic through the firewall.
  - 16. The process of claim 1 including automatically reverting the firewall back to its previous code by programming the firewall from the protected LAN side, if an error occurs.

6. A secured network comprising:
- a plurality of network connected components;
  
  a firewall having at least two virtual routers, the network components being connected to the firewall;
  
  a device for connecting to the Internet connected to the firewall;
  
  client application software loaded on one of the network'"'"'s components; and
  
  the client application software including network data gathering instructions and security programming instructions for the firewall.
- View Dependent Claims (7, 8)
- - 7. The secured network according to claim 6 wherein the client application software includes instructions for testing for unauthorized access from within the protected network.
  - 8. The secured network according to claim 7 wherein the testing instructions for unauthorized access from within the protected network prevent rogue devices from passing traffic through the firewall.

9. A computer product for use in a local network to protect the network from unauthorized access either remotely or from within, the network including a plurality of network devices, a firewall and an Internet access device, comprising:
- a) a computer readable medium;
  
  b) instructions stored in said computer readable medium which when executed will cause a host computer to;
  
  1) identify and store information concerning the identity of the network connected devices;
  
  2) send the information to a remote computer;
  
  3) receive programming information for a firewall to be installed in the local network; and
  
  4) program the security information into the firewall when installed from within the firewall.
- View Dependent Claims (10, 11)
- - 10. The computer product according to claim 9 wherein the instructions include instructions for testing for unauthorized access from within the protected network.
  - 11. The computer product according to claim 10 wherein the testing instructions for unauthorized access from within the protected network prevent rogue devices from passing traffic through the firewall.

12. A process for remotely establishing a virtual private network for a plurality of local networks, the local networks including a plurality of workstations, comprising:
- a) providing a firewall having at least two virtual routers at each network location;
  
  b) connecting each of the firewalls between an Internet connection device and the local network workstations in a bridge-mode;
  
  c) running a client application software locally on each local network, said software gathering and storing information concerning the characteristics of the local network;
  
  d) transmitting the stored information to a central computer from each local network;
  
  e) retrieving firewall logs to the central computer;
  
  f) analyzing the data and firewall logs and transmitting firewall programming instructions to the each network;
  
  g) programming each firewall internally from the local network thereby converting the firewall from a bridge-mode to a firewall router mode;
  
  h) establishing a backbone network;
  
  i) assigning a network segment to each local network in the form of 1.X.Y.0/24;
  
  j) providing each firewall with a network address translation file that will recognize the local network address and direct authorized transmissions to the appropriate local workstation; and
  
  k) connecting each local network to the backbone network via a backbone firewall.
- View Dependent Claims (13, 14, 15)
- - 13. The process according to claim 12, further including establishing domain naming system servers to respond to requests for records that belong to the Backbone Network.
  - 14. The process according to claim 12 wherein the client application software includes instructions for testing for unauthorized access from within the protected network.
  - 15. The process according to claim 14 wherein the instructions include creating fictitious address resolution protocols on the host computer and on the firewall to prevent rogue devices from accessing either one of them.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Netsurion LLC (Vendor Safe Technologies Holdings LLC)
Original Assignee
Vendor Safe Technologies LLC
Inventors
Cyprus, Mark E., Ferrill, Jay F.

Granted Patent

US 8,424,074 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/0272   Virtual private networks

H04L 63/20   for managing network securi...

System and Method for Remotely Securing a Network from Unauthorized Access

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

System and Method for Remotely Securing a Network from Unauthorized Access

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others