Computer security using virus probing
First Claim
1. A computer network security method, the method comprising the steps of:
- monitoring a communications traffic stream of the computer network, the communications traffic stream including a plurality of files;
inserting a probe into at least one file of the plurality of files;
determining whether the probe is executed in the computer network; and
in response to the execution of the probe, identifying a location within the computer network where the execution of the probe occurred.
10 Assignments
0 Petitions
Accused Products
Abstract
A technique for determining whether particular clients within a computer network are universally configured in accordance with the desired network security features of the computer network. A probe is randomly inserted within incoming files, e.g., at a firewall in the computer network. The probe is configured as a function of a particular execution task, e.g. a known virus, such that in a properly configured client the probe will not execute and the firewall does not detect a security breach. However, if the client is misconfigured, i.e., not in compliance with the standard network security features, the probe will execute and trigger an alarm in the firewall indicating that the client is vulnerable to a security breach. Advantageously, a network security administrator can take appropriate action to correct those clients which are misconfigured.
153 Citations
28 Claims
-
1. A computer network security method, the method comprising the steps of:
-
monitoring a communications traffic stream of the computer network, the communications traffic stream including a plurality of files;
inserting a probe into at least one file of the plurality of files;
determining whether the probe is executed in the computer network; and
in response to the execution of the probe, identifying a location within the computer network where the execution of the probe occurred. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
generating a security alert containing at least the identified location within the computer network.
-
-
3. The method of claim 2 wherein the identified location is a particular user terminal of a plurality of user terminals within the computer network.
-
4. The method of claim 1 wherein the inserting the probe step occurs in a server within the computer network.
-
5. The method of claim 2 wherein the probe is a computer virus configured as a trojan horse.
-
6. The method of claim 4 wherein the communications traffic stream passes through the server as the communications traffic stream is exchanged between the computer network and a public network.
-
7. The method of claim 3 wherein the execution of the probe occurs in a web browser running on the particular user terminal.
-
8. The method of claim 5 wherein the security alert is generated as a function of a UDP packet transmitted by the trojan horse.
-
9. A method for providing security in a private network, the private network having a plurality of user terminals, the method comprising the steps of:
-
monitoring a communications traffic stream between the private network and a public network, the communications traffic stream including a plurality of files, particular ones of the plurality of files destined for particular ones of the plurality of user terminals;
inserting at least one probe of a plurality of probes into the particular ones of the plurality of files;
determining whether the probe is executed by the particular one of the user terminals for which the file was destined; and
in response to the execution of the probe, identifying the particular one of the user terminals in which the execution of the probe occurred. - View Dependent Claims (10, 11, 12, 13, 14)
transmitting a security alert from the probe to the firewall, the security alert containing an indication of at least the identified user terminal.
-
-
12. The method of claim 10 wherein the inserting the at least one probe step occurs as a function of a first access to the public network from at least one user terminal.
-
13. The method of claim 12 wherein the probe includes at least one Javascript instruction.
-
14. The method of claim 9 wherein the communications traffic stream comprises a plurality of TCP/IP packets.
-
15. A method for use in a firewall which provides security between a private network and a public network, the method comprising the steps of:
-
monitoring a communications traffic stream transmitted between the private network and the public network, the communications traffic stream including a plurality of packets;
inserting a probe into at least one packet of the plurality of packets;
determining whether the probe is executed in the private network; and
in response to the execution of the probe, identifying a location within the private network where the execution of the probe occurred. - View Dependent Claims (16, 17, 18)
-
-
19. A network security apparatus comprising:
-
a prober for inserting a plurality of probes into a plurality of packets exchanged between a private network and a public network; and
a processor for monitoring the plurality of packets and determining whether particular ones of the plurality of probes are executed in the private network. - View Dependent Claims (20, 21)
a database for storing the plurality of probes.
-
-
21. The network security apparatus of claim 19 further comprising a communications channel for downloading the plurality of probes from a central source.
-
22. A network security method, the method comprising the steps of:
-
inserting a plurality of probes into an incoming communications stream of a private network; and
monitoring a plurality of user terminals in the private network for a execution of at least one probe of the plurality of probes. - View Dependent Claims (23, 24, 25, 26, 27, 28)
generating a report which identifies particular ones of a plurality of user terminals in the private network in which probes have executed.
-
-
24. The method of claim 22 wherein the monitoring the plurality of user terminals step further comprises transmitting a signal to a firewall indicating the execution of the at least one probe.
-
25. The method of claim 24 wherein the inserting the plurality of probes step occurs within a firewall.
-
26. The method of claim 24 wherein the incoming communications stream is from a public network.
-
27. The method of claim 26 wherein the inserting the plurality of probes step occurs as a function of a request from the private network for accessing a particular resource within the public network.
-
28. The method of claim 26 wherein the inserting the plurality of probes step occurs as a function of a first access to the public network from at least one user terminal.
Specification