SECURING A NETWORK WITH DATA FLOW PROCESSING
First Claim
1. A network apparatus for preventing denial of service attacks, comprising,at least one network processor module having at least one processor, at least one interface to receive and forward a stream of data packets in a network, and instructions to cause the at least one processor to recognize one or more data packets in the stream of data packets that contain data, including subscriber profile information, for processing by a denial of service security application executing on the network apparatus by applying a denial of service detection and/or prevention policy to the data, and directing the stream of data packets to at least one flow processor module for executing the denial of service security application based on the subscriber profile information and the denial of service detection and/or prevention policy;
- the at least one flow processor module having at least one processor and at least one memory for storing denial of service security applications for execution by the at least one flow processor module processor, the at least one flow processor module including instructions to receive the stream of data packets from the at least one network processor module and to apply the denial of service detection and/or prevention policy to the data in the one or more data packets with the denial of service security application; and
at least one control processor module in communication with the at least one flow processor module and the at least one network processor module, and having at least one control processor module processor, and instructions for causing the at least one control processor module processor to manage the denial of service security applications in the flow processor module memories.
12 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method to distribute applications and services in and throughout a network and to secure the network includes the functionality of a switch with the ability to apply applications and services to received data according to respective subscriber profiles. Front-end processors, or Network Processor Modules (NPMs), receive and recognize data flows from subscribers, extract profile information for the respective subscribers, utilize flow scheduling techniques to forward the data to applications processors, or Flow Processor Modules (FPMs). The FPMs utilize resident applications to process data received from the NPMs. A Control Processor Module (CPM) facilitates applications processing and maintains connections to the NPMs, FPMs, local and remote storage devices, and a Management Server (MS) module that can monitor the health and maintenance of the various modules.
357 Citations
20 Claims
-
1. A network apparatus for preventing denial of service attacks, comprising,
at least one network processor module having at least one processor, at least one interface to receive and forward a stream of data packets in a network, and instructions to cause the at least one processor to recognize one or more data packets in the stream of data packets that contain data, including subscriber profile information, for processing by a denial of service security application executing on the network apparatus by applying a denial of service detection and/or prevention policy to the data, and directing the stream of data packets to at least one flow processor module for executing the denial of service security application based on the subscriber profile information and the denial of service detection and/or prevention policy; -
the at least one flow processor module having at least one processor and at least one memory for storing denial of service security applications for execution by the at least one flow processor module processor, the at least one flow processor module including instructions to receive the stream of data packets from the at least one network processor module and to apply the denial of service detection and/or prevention policy to the data in the one or more data packets with the denial of service security application; and at least one control processor module in communication with the at least one flow processor module and the at least one network processor module, and having at least one control processor module processor, and instructions for causing the at least one control processor module processor to manage the denial of service security applications in the flow processor module memories. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for protecting a network with a denial of service security network apparatus, comprising,
receiving a stream of data packets that contain data, including subscriber profile information, from the network at the network apparatus; -
identifying at least one denial of service security application for executing on the network apparatus to apply to the stream of data packets; directing the stream of data packets to at least one processor in the network apparatus for executing the at least one identified denial of service security application based on the subscriber profile information and a denial of service detection/prevention policy; and processing the stream of data packets according to the at least one identified denial of service security application by applying the denial of service detection/prevention policy to the data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification