Managed network device security method and apparatus

US 5,905,859 A
Filed: 01/09/1997
Issued: 05/18/1999
Est. Priority Date: 01/09/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing security against intrusion in a managed device of a computer network having at least one interconnect device, said method comprising the steps of:

discovering each of said interconnect devices that is enabled to provide network security;

detecting an unauthorized address on a first port of said managed device and disabling said first port;

notifying each of said security-enabled interconnect devices that the unauthorized address has been detected on said first port; and

reenabling said first port after each of said security-enabled interconnect devices has notified said managed device that a filter has been set to prevent frames with the unauthorized address from flowing through said each security-enabled interconnect device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for providing security against intrusion in the managed devices of a campus LAN network is provided. A managed hub discovers each interconnect device in the network that supports the security feature and maintains an interconnect device list of such devices, which may include token ring switches, Ethernet switches, bridges and routers. The managed hub detects an intrusion by an unauthorized address on one of its ports and notifies the interconnect devices of the intrusion by transmitting a security breach detected frame. After each interconnect device sets a filter on its respective ports against the intruding unauthorized address and sends a filter set frame to the managed hub, the port in the managed hub where the security intrusion occurred is reenabled.

320 Citations

35 Claims

1. A method for providing security against intrusion in a managed device of a computer network having at least one interconnect device, said method comprising the steps of:
- discovering each of said interconnect devices that is enabled to provide network security;
  
  detecting an unauthorized address on a first port of said managed device and disabling said first port;
  
  notifying each of said security-enabled interconnect devices that the unauthorized address has been detected on said first port; and
  
  reenabling said first port after each of said security-enabled interconnect devices has notified said managed device that a filter has been set to prevent frames with the unauthorized address from flowing through said each security-enabled interconnect device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method for providing security against intrusion of claim 1 wherein said managed device is a managed hub.
  - 3. The method for providing security against intrusion of claim 1 wherein said managed device is a switch.
  - 4. The method for providing security against intrusion of claim 1 wherein said computer network includes a local area network.
  - 5. The method for providing security against intrusion of claim 1 further comprising the steps of building and maintaining an authorized address list of addresses that are allowed to connect to each port in said managed device.
  - 6. The method for providing security against intrusion of claim 5 wherein each entry in said authorized address list includes a port number and an authorized address.
  - 7. The method for providing security against intrusion of claim 1 wherein said discovering step includes the steps of:
    - transmitting a discovery request frame, said discovery request frame having a security feature group address;
      
      receiving a discovery response frame from each of said security-enabled interconnect devices;
      
      building and maintaining an interconnect device list of said security-enabled interconnect devices that transmitted said discovery response frame back to said managed device.
  - 8. The method for providing security against intrusion of claim 7 wherein each entry in said interconnect device list includes an address of the security-enabled interconnect device that sent the discovery response frame and a time stamp extracted from said discovery response frame.
  - 9. The method for providing security against intrusion of claim 6 wherein said detecting step includes the steps of:
    - comparing, for each port, a source address of a station attempting to connect to said port with the authorized address list of addresses for said port and determining whether said source address is on said authorized address list.
  - 10. The method for providing security against intrusion of claim 7 wherein following said disabling step said method further includes:
    - sending a trap frame to a network management station indicating that an intrusion has been detected on said first port; and
      
      transmitting a security breach detected frame having said security feature group address to said security-enabled interconnect devices that have entries in said interconnect device list.
  - 11. The method for providing security against intrusion of claim 10 wherein said security breach detected frame includes a source address of an unauthorized station, the port number at which the intrusion occurred, and a time stamp representing the time at which the unauthorized station was detected.
  - 12. The method for providing security against intrusion of claim 11 wherein each of said security-enabled interconnect devices transmits a filter set frame to said managed device that includes the address of said each security-enabled interconnect device sending said filter set frame, the source address of said unauthorized station, the port number at which the intrusion occurred, and a time stamp representing the time at which the unauthorized station was detected.
  - 13. The method for providing security against intrusion of claim 1 wherein following said reenabling step said managed device sends a trap frame to a network management station indicating that said filtering step has been completed.

14. An apparatus for providing security against intrusion in a managed device of a computer network having at least one interconnect device, said apparatus comprising:
- means for discovering each of said interconnect devices that is enabled to provide network security;
  
  means for detecting an unauthorized address on a first port of said managed device and means for disabling said first port;
  
  means for notifying each of said security-enabled interconnect devices that the unauthorized address has been detected on said first port; and
  
  means for reenabling said first port after each of said security-enabled interconnect devices has notified said managed device that a filter has been set to prevent frames having the unauthorized address from flowing through said each security-enabled interconnect device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The apparatus for providing security against intrusion of claim 14 wherein said managed device is a managed hub.
  - 16. The apparatus for providing security against intrusion of claim 14 wherein said managed device is a switch.
  - 17. The apparatus for providing security against intrusion of claim 14 further comprising means for building and maintaining an authorized address list of addresses that are allowed to connect to each port in said managed device.
  - 18. The apparatus for providing security against intrusion of claim 17 wherein each entry in said authorized address list includes a port number and an authorized address.
  - 19. The apparatus for providing security against intrusion of claim 14 wherein said means for discovering includes:
    - means for transmitting a discovery request frame, said discovery request frame having a security feature group address;
      
      means for receiving a discovery response frame from each of said security-enabled interconnect devices;
      
      means for building and maintaining an interconnect device list of said security-enabled interconnect devices that transmitted said discovery response frame back to said managed device.
  - 20. The apparatus for providing security against intrusion of claim 19 wherein each entry in said interconnect device list includes an address of the security-enabled interconnect device that sent the discovery response frame and a time stamp extracted from said discovery response frame.
  - 21. The apparatus for providing security against intrusion of claim 18 wherein said means for detecting includes:
    - means for comparing, for each port, a source address of a station attempting to connect to said port with the authorized address list of addresses for said port and means for determining whether said source address is on said authorized address list.
  - 22. The apparatus for providing security against intrusion of claim 19 further including:
    - means for sending a trap frame to a network management station indicating that an intrusion has been detected on said first port; and
      
      means for transmitting a security breach detected frame having said security feature group address to said security-enabled interconnect devices that have entries in said interconnect device list.
  - 23. The apparatus for providing security against intrusion of claim 22 wherein said security breach detected frame includes a source address of an unauthorized station, the port number at which the intrusion occurred, and a time stamp representing the time at which the unauthorized station was detected.
  - 24. The apparatus for providing security against intrusion of claim 23 wherein each of said security-enabled interconnect devices transmits a filter set frame to said managed device that includes the address of said each security-enabled interconnect device sending said filter set frame, the source address of said unauthorized station, the port number at which the intrusion occurred, and a time stamp representing the time at which the unauthorized station was detected.
  - 25. The apparatus for providing security against intrusion of claim 14 wherein said managed device further comprises means for sending a trap frame to a network management station indicating that said filter has been set at each of said security-enabled interconnect devices.

26. A method for providing security against intrusion in a managed hub of a computer network having at least one interconnect device, said method comprising the steps of:
- building and maintaining an authorized address list of addresses that are allowed to connect to each port;
  
  discovering each interconnect device that is enabled to provide network security;
  
  detecting an unauthorized address on a first port and disabling said first port;
  
  notifying each security-enabled interconnect device that the unauthorized address has been detected on said first port; and
  
  reenabling said first port after each security-enabled interconnect device has notified said managed hub that a filter has been set to prevent frames with the unauthorized address from flowing through each security-enabled interconnect device.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The method for providing security against intrusion of claim 26 wherein said discovering step includes the steps of:
    - transmitting a discovery request frame, said discovery request frame having a security feature group address;
      
      receiving a discovery response frame from each security-enabled interconnect device;
      
      building and maintaining an interconnect device list of each security-enabled interconnect device that transmitted said discovery response frame back to said managed hub.
  - 28. The method for providing security against intrusion of claim 27 wherein said detecting step includes the steps of:
    - comparing, for each port, a source address of a station attempting to connect to said port with an authorized address list of addresses for said port and determining whether said source address is on said authorized address list.
  - 29. The method for providing security against intrusion of claim 27 wherein following said disabling step said method further includes:
    - sending a trap frame to a network management station indicating that an intrusion has been detected on said first port; and
      
      transmitting a security breach detected frame having said security feature group address to each security-enabled interconnect device that has an entry in said interconnect device list.
  - 30. The method for providing security against intrusion of claim 26 wherein following said reenabling step said managed hub sends a trap frame to a network management station indicating that said filtering step has been completed.

31. An apparatus for providing security against intrusion in a managed hub of a computer network having at least one interconnect device, said apparatus comprising:
- means for building and maintaining an authorized address list of addresses that are allowed to connect to each port;
  
  means for discovering each interconnect device that is enabled to provide network security;
  
  means for detecting an unauthorized address on a first port and means for disabling said first port;
  
  means for notifying each security-enabled interconnect device that the unauthorized address has been detected on said first port; and
  
  means for reenabling said first port after each security-enabled interconnect device has notified said managed hub that a filter has been set to prevent frames with the unauthorized address from flowing through each security-enabled interconnect device.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The apparatus for providing security against intrusion of claim 31 wherein said means for discovering includes:
    - means for transmitting a discovery request frame, said discovery request frame having a security feature group address;
      
      means for receiving a discovery response frame from each security-enabled interconnect device;
      
      means for building and maintaining an interconnect device list of each security-enabled interconnect device that transmitted said discovery response frame back to said managed hub.
  - 33. The apparatus for providing security against intrusion of claim 32 wherein said means for detecting includes:
    - means for comparing, for each port, a source address of a station attempting to connect to said port with an authorized address list of addresses for said port and means for determining whether said source address is on said authorized address list.
  - 34. The apparatus for providing security against intrusion of claim 32 further including:
    - means for sending a trap frame to a network management station indicating that an intrusion has been detected on said first port; and
      
      means for transmitting a security breach detected frame having said security feature group address to each security-enabled interconnect device that has an entry in said interconnect device list.
  - 35. The apparatus for providing security against intrusion of claim 31 wherein said managed hub further comprises means for sending a trap frame to a network management station indicating that said filter has been set at each security-enabled interconnect device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Holloway, Malcolm H., Prorock, Thomas Joseph
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Baderman, Scott T.

Application Number

US08/775,536
Time in Patent Office

859 Days
Field of Search

395/187.01, 395/186, 395/185.09, 395/200.53, 395/200.54, 395/200.59, 395/200.55, 380/3, 380/25
US Class Current

726/22
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 9/40   Network security protocols

Managed network device security method and apparatus

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

320 Citations

35 Claims

Specification

Use Cases

Quick Links

Others

Managed network device security method and apparatus

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

320 Citations

35 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others