METHODS AND SYSTEMS FOR PROTECTING A SECURED NETWORK
First Claim
Patent Images
1. A method, comprising:
- receiving, by each of a plurality of packet security gateways associated with a security policy management server and from the security policy management server, a dynamic security policy that includes at least one rule specifying application-layer packet-header information and a packet transformation function to be performed on packets comprising the application-layer packet-header information;
receiving, by a packet security gateway of the plurality of packet security gateways, packets associated with a network protected by the packet security gateway;
identifying, by the packet security gateway, from amongst the packets associated with the network protected by the packet security gateway, and on a packet-by-packet basis, one or more packets comprising the application-layer packet-header information; and
performing, by the packet security gateway and on a packet-by-packet basis, the packet transformation function on each of the one or more packets comprising the application-layer packet-header information.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets.
-
Citations
20 Claims
-
1. A method, comprising:
-
receiving, by each of a plurality of packet security gateways associated with a security policy management server and from the security policy management server, a dynamic security policy that includes at least one rule specifying application-layer packet-header information and a packet transformation function to be performed on packets comprising the application-layer packet-header information; receiving, by a packet security gateway of the plurality of packet security gateways, packets associated with a network protected by the packet security gateway; identifying, by the packet security gateway, from amongst the packets associated with the network protected by the packet security gateway, and on a packet-by-packet basis, one or more packets comprising the application-layer packet-header information; and performing, by the packet security gateway and on a packet-by-packet basis, the packet transformation function on each of the one or more packets comprising the application-layer packet-header information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
receiving, by each of a plurality of packet security gateways associated with a security policy management server and from the security policy management server, a dynamic security policy that includes at least one rule specifying packet-identification criteria and a packet transformation function comprising a packet digest logging function to be performed on packets corresponding to the packet-identification criteria; receiving, by a packet security gateway of the plurality of packet security gateways, packets associated with a network protected by the packet security gateway; identifying, by the packet security gateway, from amongst the packets associated with the network protected by the packet security gateway, and on a packet-by-packet basis, one or more packets corresponding to the packet-identification criteria; and performing, by the packet security gateway and on a packet-by-packet basis, the packet digest logging function on each of the one or more packets corresponding to the packet-identification criteria. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method, comprising:
-
receiving, by a security policy management server and from a computing device, a security update comprising a set of network addresses; updating, by the security policy management server, one or more rules stored in a memory of the security policy management server to include the set of network addresses; receiving, by the security policy management server and from a different computing device, a security update comprising a different set of network addresses; determining, by the security policy management server, that the different set of network addresses includes at least a portion of network addresses included in the set of network addresses; and responsive to determining that the different set of network addresses includes the at least a portion of network addresses included in the set of network addresses; identifying, by the security policy management server, the at least a portion of network addresses included in the set of network addresses; identifying, by the security policy management server, at least one of the one or more rules stored in the memory of the security policy management server that specifies a range of network addresses comprising the at least a portion of network addresses; and updating, by the security policy management server, the at least one of the one or more rules to include one or more other network addresses included in the different set of network addresses. - View Dependent Claims (20)
-
Specification