Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities

US 6,226,372 B1
Filed: 12/08/1999
Issued: 05/01/2001
Est. Priority Date: 12/11/1998
Status: Expired due to Fees

First Claim

Patent Images

1. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“

PSTN”

) via a plurality of extensions, the system comprisingmeans for defining a security policy including a security rule base, a results response policy and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken bases on results of a vulnerability assessment (“

VA”

).

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for implementing a fully integrated and cooperative telecommunications firewall/scanner that can be deployed either as a standalone device, or over a large-scale distributed client-server architecture is described. In addition to providing enhanced telecommunications firewall and scanner security capabilities, the integrated telecommunications firewall/scanner provides the capability to ensure implementation of a corporate-dictated security structure, and event visibility and report consolidation requirements, across a globally-distributed enterprise, using policy-based enforcement of a Security Policy. In the most basic configuration, the integrated firewall/scanner performs continuous security access monitoring and control functions, keyword and content monitoring and control functions, and remote access authentication, initiating coordinated vulnerability assessments, as well as automatic synchronous adjustments to the Security Policy in response to the vulnerability assessment results. Additionally, firewall and scanner actions, assessment results, and responses can be consolidated in detailed or summary reports for use by security administrators for trend analysis and security posture decision-making. The same Security Policy is used by both the firewall and the scanner components of the integrated firewall/scanner during both their cooperative and independent operations.

Citations

71 Claims

1. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
  
  ) via a plurality of extensions, the system comprisingmeans for defining a security policy including a security rule base, a results response policy and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken bases on results of a vulnerability assessment (“
  
  VA”
  
  ).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1 wherein the means for updating the security policy comprises means for updating the security policy by moving the extension from a first one of the groups of extensions to a second one of the groups of extension.
  - 3. The system of claim 1 wherein the groups of extensions include an voice-only group comprising extensions designated exclusively for voice calls, a secure modem group comprising extensions having connected thereto modems that have been deemed authorized and secure, an insecure modem group comprising extensions having connected thereto modems that have been deemed insecure, and an unauthorized modem group comprising extensions having connected thereto modems that have not been deemed insecure, but that are not authorized.
  - 4. The system of claim 1 wherein the means for performing a VA on the extension comprises means for attempting to penetrate a modem connected to the extension.
  - 5. The system of claim 4 wherein the VA results indicate whether or not the penetration attempt was successful.
  - 6. The system of claim 1 further comprising means responsive to the VA request for building a profile, the profile defining the type of VA to be performed.
  - 7. The system of claim 1 wherein the VA results indicate that the penetration attempt was successful and the updating the security policy comprises moving the extension from a first group to an insecure modem group.
  - 8. The system of claim 1 wherein the results response rules specify actions selected from the group consisting of update the security policy, log the VA results, and notify a designated person of the VA results.
  - 9. The system of claim 1 wherein the at least one call attribute is the call-type and wherein the security rules specify the actions of permitting or denying a call.
  - 10. The system of claim 1 wherein the at least one call attribute is selected from the group consisting of call-type, call date, call time, call duration, station extension, inbound number, and outbound number dialed.
  - 11. The system of claim 1 wherein security rules specify actions selected from the group consisting of permit or deny the call, redirect the call, log the call, and notify a designated person.
  - 12. The method of claim 1 comprising designating each of the security rules of the second tier security policy as being either required or optional, wherein all of the rules designated as being required in the first tier security policy and a portion of the subset of the rules of the first tier security policy are designated in the second tier security policy as being required and the remainder of the subset of the rules of the first tier security policy are designated in the second tier security policy as being optional.
  - 13. The method of claim 12 further comprising:
14. The method of claim 13 further comprising designating each of the security rules of the third tier security policy as being either required or optional and wherein all of the rules designated as being required in the second tier security policy and a portion of the subset of the rules of the second tier security policy are designated in the third tier security policy as being required and the remainder of the subset of the rules of the second tier security policy are designated in the third tier security policy as being optional.
15. The method of claim 13 wherein the first, second, and third FMSes are located in locations remote from one another and are connected to one another via TCP/IP connections.

16. A method of implementing an integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
  
  ) via a plurality of extensions, the method comprising;
  
  defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
  
  VA”
  
  ) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
  
  detecting a call on an extension to determine attributes associated with the call wherein the detecting the call is accomplished between the extension and the PSTN;
  
  performing actions based upon the call attributes in accordance with the security rules defined for the extension;
  
  requesting a VA on the extension;
  
  performing a VA on the extension and generating VA results responsive to the VA request; and
  
  updating the security policy based on the VA results in accordance with the results response policy.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The method of claim 16 wherein the updating the security policy comprises updating the security policy by moving the extension from a first one of the groups of extensions to a second one of the groups of extension.
  - 18. The method of claim 16 wherein the groups of extensions include an voice-only group comprising extensions designated exclusively for voice calls, a secure modem group comprising extensions having connected thereto modems that have been deemed authorized and secure, an insecure modem group comprising extensions having connected thereto modems that have been deemed insecure, and an unauthorized modem group comprising extensions having connected thereto modems that have not been deemed insecure, but that are not authorized.
  - 19. The method of claim 16 wherein the performing a VA on the extension comprises attempting to penetrate a modem connected to the extension.
  - 20. The method of claim 19 wherein the VA results indicate whether or not the penetration attempt was successful.
  - 21. The method of claim 16 further comprising building a profile responsive to the VA request, the profile defining the type of VA to be performed.
  - 22. The method of claim 16 wherein the VA results indicate that the penetration attempt was successful and the updating the security policy comprises moving the extension from a first group to an insecure modem group.
  - 23. The method of claim 16 wherein the results response rules specify actions selected from the group consisting of update the security policy, log the VA results, and notify a designated person of the VA results.
  - 24. The method of claim 16 wherein the at least one call attribute is the call-type and wherein the security rules specify the actions of permitting or denying a call.
  - 25. The method of claim 16 wherein the at least one call attribute is selected from the group consisting of call-type, call date, call time, call duration, station extension, inbound number, and outbound number dialed.
  - 26. The method of claim 16 wherein security rules specify actions selected from the group consisting of permit or deny the call, redirect the call, log the call, and notify a designated person.

27. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
  
  ) via a plurality of extensions, the system comprising;
  
  a firewall/scanner client for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taked based on results of a vulnerability assessment (“
  
  VA”
  
  ) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
  
  a line sensor connected to said firewall/scanner client via a firewall management server for detecting a call on an extension to determine attributes associated with the call, performing actions based upon the call attributes in accordance with the security rules defined for the extension, and notifying the firewall management server that the actions have been performed, responsive to which notification the firewall management server requests a VA on the extension and wherein the line sensor is located between the extension and the PSTN;
  
  a scanner management server for receiving the VA request and, responsive to the VA request, building a profile and pushing the profile to a dialer for performing a VA on the extension and generating VA results to the firewall management server;
  
  wherein the firewall management server updates the security policy based on the VA results in accordance with the results response policy.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 28. The system of claim 27 wherein the firewall management server updates the security policy by moving the extension from a first one of the groups of extensions to a second one of the groups of extension.
  - 29. The system of claim 27 wherein the groups of extensions include an voice-only group comprising extensions designated exclusively for voice calls, a secure modem group comprising extensions having connected thereto modems that have been deemed authorized and secure, an insecure modem group comprising extensions having connected thereto modems that have been deemed insecure, and an unauthorized modem group comprising extensions having connected thereto modems that have not been deemed insecure, but that are not authorized.
  - 30. The system of claim 27 wherein the dialer performs a VA on the extension by attempting to detect, identify, and penetrate a modem connected to the extension.
  - 31. The system of claim 30 wherein the VA results indicate whether or not the penetration attempt was successful.
  - 32. The system of claim 27 wherein the VA results indicate that the penetration attempt was successful and the updating the security policy comprises moving the extension from a first group to an insecure modem group.
  - 33. The system of claim 27 wherein the results response rules specify actions selected from the group consisting of update the security policy, log the VA results, and notify a designated person of the VA results.
  - 34. The system of claim 27 wherein the at least one call attribute is the call-type and wherein the security rules specify the actions of permitting or denying a call.
  - 35. The system of claim 27 wherein the at least one call attribute is selected from the group consisting of call-type, call date, call time, call duration, station extension, inbound number, and outbound number dialed.
  - 36. The system of claim 27 wherein security rules specify actions selected from the group consisting of permit or deny the call, redirect the call, log the call, and notify a designated person.

37. An integrated telephony firewall and scanner system for controlling and tracking access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
  
  ) via a plurality of extensions, the system comprising;
  
  means for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
  
  VA”
  
  ) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
  
  means for detecting a call on an extension to determine attributes associated with the call;
  
  means for performing actions based upon the call attributes in accordance with the security rules defined for the extension;
  
  means for requesting a VA on the extension;
  
  means responsive to the VA request for performing a VA on the extension and generating VA results; and
  
  means for performing actions based upon the VA results in accordance with the results response rules defined for the extension.
- View Dependent Claims (38, 39)
- - 38. The system of claim 37 wherein the means for performing actions based on the VA results includes means for notifying a designated person of the VA results.
  - 39. The system of claim 37 wherein the means for performing actions based on the VA results includes means for logging an event in connection with the call.

40. A method of implementing an integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
  
  ) via a plurality of extensions, the method comprising;
  
  defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
  
  VA”
  
  ) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
  
  detecting a call on an extension to determine attributes associated with the call;
  
  performing actions based upon the call attributes in accordance with the security rules defined for the extension;
  
  requesting a VA on the extension;
  
  performing a VA on the extension and generating VA results responsive to the VA request; and
  
  performing actions based upon the VA results in accordance with the results response rules defined for the extension.
- View Dependent Claims (41, 42)
- - 41. The method of claim 40 wherein the performing actions based on the VA results includes notifying a designated person of the VA results.
  - 42. The method of claim 40 wherein the performing actions based on the VA results includes logging an event.

43. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
  
  ) via a plurality of extensions, the system comprising;
  
  a firewall/scanner client for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
  
  VA”
  
  ) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
  
  a line sensor connected to said firewall/scanner client via a firewall management server for detecting a call on an extension to determine attributes associated with the call, performing actions based upon the call attributes in accordance with the security rules defined for the extension, and notifying the firewall management server that the actions have been performed, responsive to which notification the firewall management server requests a VA on the extension;
  
  a scanner management server for receiving the VA request and, responsive to the VA request, building a profile and pushing the profile to a dialer for performing a VA on the extension and generating VA results to the firewall management server;
  
  wherein the firewall management server initiates actions based upon the VA results in accordance with the results response rules defined for the extension.
- View Dependent Claims (44, 45)
- - 44. The system of claim 43 wherein the actions initiated by the firewall management server include notifying a designated person of the VA results.
  - 45. The system of claim 43 wherein the actions initiated by the firewall management server include logging an event in connection with the call.

46. An integrated telephony firewall and scanner system for controlling and tracking access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
  
  ) via a plurality of extensions, the system comprising;
  
  means for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
  
  VA”
  
  ) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
  
  means for detecting a call on an extension to determine attributes associated with the call;
  
  means for performing a VA on the extension and generating VA results; and
  
  means for performing actions based upon the VA results in accordance with the results response rules defined for the extension.
- View Dependent Claims (47, 48, 49)
- - 47. The system of claim 46 wherein the means for performing actions based on the VA results includes means for notifying a designated person of the VA results.
  - 48. The system of claim 46 wherein the means for performing actions based on the VA results includes means for logging an event in connection with the call.
  - 49. The system of claim 46 wherein the means for performing actions based on the VA results includes means for updating the security policy as specified by the results response rules defined for the extension.

50. A method of implementing an integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective Circuits into a public switched telephone network (“
- PSTN”
  
  ) via a plurality of extensions, the method comprising;
  
  defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
  
  VA”
  
  ) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
  
  detecting a call on an extension to determine attributes associated with the call;
  
  performing a VA on the extension and generating VA results responsive to the VA request;
  
  performing actions based upon the VA results in accordance with the results response rules defined for the extension.
- View Dependent Claims (51, 52, 53)
- - 51. The method of claim 50 wherein the performing actions based on the VA results includes notifying a designated person of the VA results.
  - 52. The method of claim 50 wherein the performing actions based on the VA results includes logging an event in connection with the call.
  - 53. The method of claim 50 wherein the performing actions based on the VA results includes updating the security policy as specified by the results response rules defined for the extension.

54. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
  
  ) via a plurality of extensions, the system comprising;
  
  a firewall/scanner client for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
  
  VA”
  
  ) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
  
  a line sensor connected to said firewall/scanner client via a firewall management server for detecting a call on an extension to determine attributes associated with the call;
  
  a scanner management server for pushing a profile including the extension to a dialer for performing a VA on the extension and generating VA results to the firewall management server;
  
  wherein the firewall management server initiates actions based upon the VA results in accordance with the results response rules defined for the extension.
- View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63)
- - 55. The system of claim 54 wherein the initiating actions based on the VA results includes notifying a designated person of the VA results.
  - 56. The system of claim 54 wherein the initiating actions based on the VA results includes logging an event in connection with the call.
  - 57. The system of claim 54 wherein the initiating actions based on the VA results includes updating the security policy as specified by the results response rules defined for the extension.
  - 58. The system of claim 54 wherein the scanner management server builds the profile including the extension in response to a VA request from the firewall management server.
  - 59. The system of claim 54 wherein the profile is a routinely scheduled profile stored in the scanner management server.
  - 60. The system of claim 54 wherein the line sensor includes a plurality of line sensors.
  - 61. The system of claim 54 wherein the dialer includes a plurality of dialers.
  - 62. The system of claim 54 wherein the line sensor and the dialer are disposed in a location remote from said firewall/scanner client.
  - 63. The system of claim 54 wherein the line sensor and the dialer are connected to the firewall management server and the scanner management server via TCP/IP connections.

64. A multi-tier telephony security system for controlling and logging access between an enterprise'"'"'s end-user stations at a plurality of customer sites and their respective circuits into a public switched telephone network (PSTN) via a plurality of extensions, the system comprising:
- a first tier firewall management server (“
  
  FMS”
  
  ), the first tier FMS including a database containing a first tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension;
  
  a line sensor within a customer site connected to the first tier FMS for performing actions on a selected call based upon at least one attribute thereof, in accordance with the security rules of the first tier security policy;
  
  a second tier FMS connected to the first tier FMS, the second tier FMS including a database containing a second tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension;
  
  a line sensor within the customer sites connected to the second tier FMS for performing actions on a selected call based upon at least one attribute thereof, in accordance with the security rules of the second tier security policy;
  
  wherein each of the security rules of the first tier security policy are designated as being either required or optional; and
  
  wherein the second tier security policy includes all of the rules of the first tier security policy designated as being required and a subset of the rules of the first tier security policy designated as being optional.
- View Dependent Claims (65, 66, 67, 68, 69)
- - 65. The system of claim 64 wherein each of the security rules of the second tier security policy are designated as being either required or optional and wherein all of the rules designated as being required in the first tier security policy and a portion of the subset of the rules of the first tier security policy are designated in the second tier security policy as being required and the remainder of the subset of the rules of the first tier security policy are designated in the second tier security policy as being optional.
  - 66. The system of claim 65 further comprising:
67. The system of claim 66 wherein each of the security rules of the third tier security policy are designated as being either required or optional and wherein all of the rules designated as being required in the second tier security policy and a portion of the subset of the rules of the second tier security policy are designated in the third tier security policy as being required and the remainder of the subset of the rules of the second tier security policy are designated in the third tier security policy as being optional.
68. The system of claim 66 wherein the first, second, and third FMSes are located in locations remote from one another and are connected to one another via TCP/IP connections.
69. The system of claim 64 wherein the first and second PMSes are located in locations remote from one another and are connected to one another via at least one TCP/IP connection.

70. A method of implementing multi-tier telephony security system for controlling and logging access between an enterprise'"'"'s end-user stations at a plurality of customer sites and their respective circuits into a public switched telephone network (PSTN) via a plurality of extensions, the method comprising:
- defining in connection with a first tier firewall management server (“
  
  FMS”
  
  ) a first tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension connected to said first tier FMS via a line sensor;
  
  performing actions on a selected call on the extension connected to the first tier FMS based upon at least one attribute thereof, in accordance with the security rules of the first tier security policy;
  
  defining in connection with a second tier FMS connected to the first tier FMS a second tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension connected to said second tier FMS via a line sensor;
  
  performing actions on a selected call on the extension connected to the second tier FMS based upon at least one attribute thereof, in accordance with the security rules of the second tier security policy; and
  
  designating each of the security rules of the first tier security policy as being either required or optional;
  
  wherein the second tier security policy includes all of the rules of the first tier security policy designated as being required and a subset of the rules of the first tier security policy designated as being optional.
- View Dependent Claims (71)
- - 71. The method of claim 70 wherein the first and second FMSes are located in locations remote from one another and are connected to one another via at least one TCP/IP connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureLogix Corporation
Original Assignee
SecureLogix Corporation
Inventors
Hamlett, Chris, Conyers, Doug, Beebe, Todd, Faustino, Stephen, Collier, Mark D.
Primary Examiner(s)
Tsang, Fan
Assistant Examiner(s)
Bui, Bing

Application Number

US09/457,494
Time in Patent Office

510 Days
Field of Search

379/145, 379/189, 379/196, 707/9, 713/201, 713/200, 713/202, 709/225
US Class Current

379/189
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0263   Rule management

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

H04M 2203/2066   Call type detection of indi...

H04M 3/22   Arrangements for supervisio...

H04M 3/38   Graded-service arrangements...

H04M 3/42314   in private branch exchanges

H04M 3/436   Arrangements for screening ...

H04M 7/0078   Security; Fraud detection; ...

Y10S 707/99939   Privileged access

Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

71 Claims

Specification

Solutions

Use Cases

Quick Links

Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

71 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links