System, Method and Process for Mitigating Advanced and Targeted Attacks with Authentication Error Injection
First Claim
Patent Images
1. A security device (SD) for monitoring authentication and authorization on a network Directory Services (DS) environment, the security device comprising:
- (a) a Behavioral Monitoring Module (BMM), configured to monitor traffic between network clients and the DS;
(b) a Dynamic Decision Module (DDM), configured to decide whether to block a client access request from a network client, said client access request being monitored by said BMM;
(c) an error message fabrication module, configured to synthesize an error message when a blocking decision has been made by said DDM; and
(d) a network interface, configured to send said synthesized error message to said network client that sent said client access request for which said DDM made said blocking decision.
3 Assignments
0 Petitions
Accused Products
Abstract
A method system and computer program product for protecting Directory Services (DS) by monitoring traffic to the DS; deciding to block a client access request in the monitored traffic originating from a network client; synthesizing an error message based at least in part on the client access request; and sending the synthesized error message to the network client, causing the network client to abort access request process such as an authentication process or an authorization process.
-
Citations
18 Claims
-
1. A security device (SD) for monitoring authentication and authorization on a network Directory Services (DS) environment, the security device comprising:
-
(a) a Behavioral Monitoring Module (BMM), configured to monitor traffic between network clients and the DS; (b) a Dynamic Decision Module (DDM), configured to decide whether to block a client access request from a network client, said client access request being monitored by said BMM; (c) an error message fabrication module, configured to synthesize an error message when a blocking decision has been made by said DDM; and (d) a network interface, configured to send said synthesized error message to said network client that sent said client access request for which said DDM made said blocking decision. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of protecting Directory Services (DS), the method comprising the steps of:
-
(a) monitoring traffic to the DS; (b) deciding to block a client access request in said monitored traffic originating from a network client; (c) synthesizing an error message based at least in part on said client access request; and (d) sending said synthesized error message to said network client, causing said network client to abort an access request process. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transient computer readable medium storing computer readable code that upon execution of the code by a computer processor, causes the computer processor to:
-
(a) monitor traffic to Directory Services (DS); (b) decide to block a client access request in said monitored traffic originating from a network client; (c) synthesizing an error message based at least in part on said client access request; and (d) sending said synthesized error message to said network client, causing said network client to abort an access request process.
-
Specification