System and method for preventing a first node from being emulated by another node
First Claim
1. A network security device configured to receive communications from a node to be secured and pass the received communications to a network, and configured to be connected between the node to be secured and the network, the node to be secured having a first network address and the security device having the same network address as the node to be secured, the security device comprising:
- (a) a permanent memory whose contents cannot be changed, and configured to store the first network address;
(b) a processor configured to;
(i) receive a communication from said node;
(ii) compare a network address in the received communication with the first network address stored in the permanent memory; and
(iii) not pass the communication to the network if the network address in the received communication is not the same as the first network address stored in the permanent memory.
9 Assignments
0 Petitions
Accused Products
Abstract
A network security device 10 is connected between a protected client 12 and a network 100. The network security device 10 negotiates a session key with any other protected client. Then, all communications between the two clients are encrypted. The inventive device is self-configuring and locks itself to the IP address of its client 12. Thus, the client 12 cannot change its IP address once set and therefore cannot emulate the IP address of another client. When a packet is transmitted from the protected host, the security device 10 translates the MAC address of the client to its own MAC address before transmitting the packet into the network. Packets addressed to the host, contain the MAC address of the security device. The security device 10 translates its MAC address to the client'"'"'s 12 MAC address before transmitting the packet to the client 12.
-
Citations
8 Claims
-
1. A network security device configured to receive communications from a node to be secured and pass the received communications to a network, and configured to be connected between the node to be secured and the network, the node to be secured having a first network address and the security device having the same network address as the node to be secured, the security device comprising:
-
(a) a permanent memory whose contents cannot be changed, and configured to store the first network address; (b) a processor configured to; (i) receive a communication from said node; (ii) compare a network address in the received communication with the first network address stored in the permanent memory; and (iii) not pass the communication to the network if the network address in the received communication is not the same as the first network address stored in the permanent memory. - View Dependent Claims (2, 3)
-
-
4. A network security device configured to be connected between a single node to be secured and a communications network, the security device comprising:
-
(a) a permanent memory configured to store a network address of the single node to be secured and the network address cannot be changed; (b) a processor configured to; (i) receive a communication from the single node to be secured; (ii) compare a network address in the received communication with the network address of the single node to be secured stored in the permanent memory; and (iii) not pass the communication to the network if the network address in the received communication is not the same as the network address stored in the permanent memory. - View Dependent Claims (5)
-
-
6. A method performed by a security device having a permanent memory, the method preventing a first node in a communications network from being emulated by another node, the method comprising the steps of:
-
(a) storing an address of the first node in the memory of the security device in a manner that cannot be changed; (b) when the security device receives a packet that is purportedly from the first node, comparing a source address in the packet with the address stored in the permanent memory; and (c) if the source address in the communication is not the same as the address stored in the permanent memory, not passing the packet to the communications network. - View Dependent Claims (7, 8)
-
Specification
-
- Resources
-
Current AssigneeBroadband Capital Corporation (CommScope Holding Company, Inc.)
-
Original AssigneeFortress Technologies Incorporated (General Dynamics Corporation)
-
InventorsFriedman, Aharon, Levy, Ben Zion
-
Primary Examiner(s)Laufer, Pinchus M.
-
Application NumberUS09/010,102Time in Patent Office1,035 DaysField of Search370/352, 370/389, 370/392, 370/401, 370/419, 379/90.01, 380/49, 380/21, 380/258, 380/283, 395/187.01, 713/151, 713/153, 713/154, 713/162, 713/164, 713/201, 709/229US Class Current726/3CPC Class CodesH04L 63/02 for separating internal fro...H04L 63/0428 wherein the data content is...H04L 63/0442 wherein the sending and rec...H04L 63/068 using time-dependent keys, ...H04L 63/164 at the network layerH04L 9/0841 involving Diffie-Hellman or...H04L 9/40 Network security protocols
