METHOD AND APPARATUS FOR INTERNET PROTOCOL (IP) LOGICAL WIRE SECURITY
First Claim
1. A method comprising:
- determining, by a processor, a logical configuration of a network comprising a plurality of links connecting a plurality of nodes;
determining, by the processor, a physical path corresponding to one of the links, the physical path including a plurality of switches of the network, wherein the processor is configured to determine whether data sent on one of the nodes to another one of the nodes by the one link is received at the other node;
receiving an error detection value computed by one of the switches; and
determining, by the processor, whether the error detection value corresponds with a value inaccessible to the one switch.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for improved approaches for detection of exploits and drift in a network is described. The method includes: determining, by a processor, a logical configuration of a network comprising a plurality of links connecting a plurality of nodes; determining, by the processor, a physical path corresponding to one of the links, the physical path including a plurality of switches of the network, wherein the processor is configured to determine whether data sent on one of the nodes to another one of the nodes by the one link is received at the other node; receiving an error detection value computed by one of the switches; and determining, by the processor, whether the error detection value corresponds with a value inaccessible to the one switch.
-
Citations
22 Claims
-
1. A method comprising:
-
determining, by a processor, a logical configuration of a network comprising a plurality of links connecting a plurality of nodes; determining, by the processor, a physical path corresponding to one of the links, the physical path including a plurality of switches of the network, wherein the processor is configured to determine whether data sent on one of the nodes to another one of the nodes by the one link is received at the other node; receiving an error detection value computed by one of the switches; and determining, by the processor, whether the error detection value corresponds with a value inaccessible to the one switch. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code for one or more programs, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following, determine a logical configuration of a network comprising a plurality of links connecting a plurality of nodes; determine a physical path corresponding to one of the links, the physical path including a plurality of switches of the network, wherein the apparatus is configured to determine whether data sent on one of the nodes to another one of the nodes by the one link is received at the other node; receive an error detection value computed by a first switch of the switches; and compare the error detection value with a value inaccessible to the first switch. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
receiving, at a switch, network traffic comprising datagrams; determining, by the switch, a header of one of the datagrams, the header indicating a destination address; selecting, by the switch, a physical link to transport the one datagram based on the destination address; determining, by the switch, a network node to forward the one datagram based on the destination address; forwarding, by the switch, the one datagram to the network node on the physical link; computing, at the switch, an error detection value for the switch; and forwarding the error detection value to a processing device to determine whether the error detection value corresponds to a value inaccessible to the switch. - View Dependent Claims (18, 19)
-
-
20. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code for one or more programs, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following, receive network traffic comprising datagrams; determine a header of one of the datagrams, the header indicating a destination address; select a physical link to transport the one datagram based on the destination address; determine a network node to forward the one datagram based on the destination address; forward the one datagram to the network node on the physical link; compute an error detection value for the apparatus; and forward the error detection value to a processing device to determine whether the error detection value corresponds to a value inaccessible to the apparatus. - View Dependent Claims (21, 22)
-
Specification