Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities
First Claim
1. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
) via a plurality of extensions, the system comprisingmeans for defining a security policy including a security rule base, a results response policy and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken bases on results of a vulnerability assessment (“
VA”
).
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method for implementing a fully integrated and cooperative telecommunications firewall/scanner that can be deployed either as a standalone device, or over a large-scale distributed client-server architecture is described. In addition to providing enhanced telecommunications firewall and scanner security capabilities, the integrated telecommunications firewall/scanner provides the capability to ensure implementation of a corporate-dictated security structure, and event visibility and report consolidation requirements, across a globally-distributed enterprise, using policy-based enforcement of a Security Policy. In the most basic configuration, the integrated firewall/scanner performs continuous security access monitoring and control functions, keyword and content monitoring and control functions, and remote access authentication, initiating coordinated vulnerability assessments, as well as automatic synchronous adjustments to the Security Policy in response to the vulnerability assessment results. Additionally, firewall and scanner actions, assessment results, and responses can be consolidated in detailed or summary reports for use by security administrators for trend analysis and security posture decision-making. The same Security Policy is used by both the firewall and the scanner components of the integrated firewall/scanner during both their cooperative and independent operations.
-
Citations
71 Claims
-
1. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
) via a plurality of extensions, the system comprisingmeans for defining a security policy including a security rule base, a results response policy and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken bases on results of a vulnerability assessment (“
VA”
).- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
defining in connection with a third FMS connected to the second tier FMS a third tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension connected to the third tier FMS via a line sensor; and
performing actions on a selected call on the extension connected to the third tier FMS based upon at least one attribute thereof, in accordance with the security rules of the third tier security policy;
wherein the third tier security policy includes all of the rules of the second tier security policy designated as being required and a subset of the rules of the second tier security policy designated as being optional.
- PSTN”
-
14. The method of claim 13 further comprising designating each of the security rules of the third tier security policy as being either required or optional and wherein all of the rules designated as being required in the second tier security policy and a portion of the subset of the rules of the second tier security policy are designated in the third tier security policy as being required and the remainder of the subset of the rules of the second tier security policy are designated in the third tier security policy as being optional.
-
15. The method of claim 13 wherein the first, second, and third FMSes are located in locations remote from one another and are connected to one another via TCP/IP connections.
-
16. A method of implementing an integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
) via a plurality of extensions, the method comprising;defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
VA”
) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
detecting a call on an extension to determine attributes associated with the call wherein the detecting the call is accomplished between the extension and the PSTN;
performing actions based upon the call attributes in accordance with the security rules defined for the extension;
requesting a VA on the extension;
performing a VA on the extension and generating VA results responsive to the VA request; and
updating the security policy based on the VA results in accordance with the results response policy. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- PSTN”
-
27. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
) via a plurality of extensions, the system comprising;a firewall/scanner client for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taked based on results of a vulnerability assessment (“
VA”
) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
a line sensor connected to said firewall/scanner client via a firewall management server for detecting a call on an extension to determine attributes associated with the call, performing actions based upon the call attributes in accordance with the security rules defined for the extension, and notifying the firewall management server that the actions have been performed, responsive to which notification the firewall management server requests a VA on the extension and wherein the line sensor is located between the extension and the PSTN;
a scanner management server for receiving the VA request and, responsive to the VA request, building a profile and pushing the profile to a dialer for performing a VA on the extension and generating VA results to the firewall management server;
wherein the firewall management server updates the security policy based on the VA results in accordance with the results response policy. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
- PSTN”
-
37. An integrated telephony firewall and scanner system for controlling and tracking access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
) via a plurality of extensions, the system comprising;means for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
VA”
) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
means for detecting a call on an extension to determine attributes associated with the call;
means for performing actions based upon the call attributes in accordance with the security rules defined for the extension;
means for requesting a VA on the extension;
means responsive to the VA request for performing a VA on the extension and generating VA results; and
means for performing actions based upon the VA results in accordance with the results response rules defined for the extension. - View Dependent Claims (38, 39)
- PSTN”
-
40. A method of implementing an integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
) via a plurality of extensions, the method comprising;defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
VA”
) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
detecting a call on an extension to determine attributes associated with the call;
performing actions based upon the call attributes in accordance with the security rules defined for the extension;
requesting a VA on the extension;
performing a VA on the extension and generating VA results responsive to the VA request; and
performing actions based upon the VA results in accordance with the results response rules defined for the extension. - View Dependent Claims (41, 42)
- PSTN”
-
43. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
) via a plurality of extensions, the system comprising;a firewall/scanner client for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
VA”
) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
a line sensor connected to said firewall/scanner client via a firewall management server for detecting a call on an extension to determine attributes associated with the call, performing actions based upon the call attributes in accordance with the security rules defined for the extension, and notifying the firewall management server that the actions have been performed, responsive to which notification the firewall management server requests a VA on the extension;
a scanner management server for receiving the VA request and, responsive to the VA request, building a profile and pushing the profile to a dialer for performing a VA on the extension and generating VA results to the firewall management server;
wherein the firewall management server initiates actions based upon the VA results in accordance with the results response rules defined for the extension. - View Dependent Claims (44, 45)
- PSTN”
-
46. An integrated telephony firewall and scanner system for controlling and tracking access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
) via a plurality of extensions, the system comprising;means for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
VA”
) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
means for detecting a call on an extension to determine attributes associated with the call;
means for performing a VA on the extension and generating VA results; and
means for performing actions based upon the VA results in accordance with the results response rules defined for the extension. - View Dependent Claims (47, 48, 49)
- PSTN”
-
50. A method of implementing an integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective Circuits into a public switched telephone network (“
- PSTN”
) via a plurality of extensions, the method comprising;defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
VA”
) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
detecting a call on an extension to determine attributes associated with the call;
performing a VA on the extension and generating VA results responsive to the VA request;
performing actions based upon the VA results in accordance with the results response rules defined for the extension. - View Dependent Claims (51, 52, 53)
- PSTN”
-
54. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into a public switched telephone network (“
- PSTN”
) via a plurality of extensions, the system comprising;a firewall/scanner client for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment (“
VA”
) performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common;
a line sensor connected to said firewall/scanner client via a firewall management server for detecting a call on an extension to determine attributes associated with the call;
a scanner management server for pushing a profile including the extension to a dialer for performing a VA on the extension and generating VA results to the firewall management server;
wherein the firewall management server initiates actions based upon the VA results in accordance with the results response rules defined for the extension. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63)
- PSTN”
-
64. A multi-tier telephony security system for controlling and logging access between an enterprise'"'"'s end-user stations at a plurality of customer sites and their respective circuits into a public switched telephone network (PSTN) via a plurality of extensions, the system comprising:
-
a first tier firewall management server (“
FMS”
), the first tier FMS including a database containing a first tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension;
a line sensor within a customer site connected to the first tier FMS for performing actions on a selected call based upon at least one attribute thereof, in accordance with the security rules of the first tier security policy;
a second tier FMS connected to the first tier FMS, the second tier FMS including a database containing a second tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension;
a line sensor within the customer sites connected to the second tier FMS for performing actions on a selected call based upon at least one attribute thereof, in accordance with the security rules of the second tier security policy;
wherein each of the security rules of the first tier security policy are designated as being either required or optional; and
wherein the second tier security policy includes all of the rules of the first tier security policy designated as being required and a subset of the rules of the first tier security policy designated as being optional. - View Dependent Claims (65, 66, 67, 68, 69)
a third tier FMS connected to the second tier FMS, the third tier FMS including a database containing a third tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension; and
a line sensor within customer sites connected to the third tier FMS for performing actions on a selected call based upon at least one attribute thereof, in accordance with the security rules of the third tier security policy;
wherein the third tier security policy includes all of the rules of the second tier security policy designated as being required and a subset of the rules of the second tier security policy designated as being optional.
-
-
67. The system of claim 66 wherein each of the security rules of the third tier security policy are designated as being either required or optional and wherein all of the rules designated as being required in the second tier security policy and a portion of the subset of the rules of the second tier security policy are designated in the third tier security policy as being required and the remainder of the subset of the rules of the second tier security policy are designated in the third tier security policy as being optional.
-
68. The system of claim 66 wherein the first, second, and third FMSes are located in locations remote from one another and are connected to one another via TCP/IP connections.
-
69. The system of claim 64 wherein the first and second PMSes are located in locations remote from one another and are connected to one another via at least one TCP/IP connection.
-
70. A method of implementing multi-tier telephony security system for controlling and logging access between an enterprise'"'"'s end-user stations at a plurality of customer sites and their respective circuits into a public switched telephone network (PSTN) via a plurality of extensions, the method comprising:
-
defining in connection with a first tier firewall management server (“
FMS”
) a first tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension connected to said first tier FMS via a line sensor;
performing actions on a selected call on the extension connected to the first tier FMS based upon at least one attribute thereof, in accordance with the security rules of the first tier security policy;
defining in connection with a second tier FMS connected to the first tier FMS a second tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension connected to said second tier FMS via a line sensor;
performing actions on a selected call on the extension connected to the second tier FMS based upon at least one attribute thereof, in accordance with the security rules of the second tier security policy; and
designating each of the security rules of the first tier security policy as being either required or optional;
wherein the second tier security policy includes all of the rules of the first tier security policy designated as being required and a subset of the rules of the first tier security policy designated as being optional. - View Dependent Claims (71)
-
Specification