Intelligent network security device and method
DC CAFCFirst Claim
Patent Images
1. A computer program product which includes codes on a computer readable medium, comprising:
- code for monitoring communications between a local area network and a wide area network;
code for determining, over time, if the communications between the local area network and the wide area network contain patterns of activity indicative of an attempted security breach; and
code for generally simultaneously controlling a firewall to selectively block communications between the local area network and the wide area network depending upon a classification of the attempted security breach.
4 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
An intelligent network security device (“INSD”) (10) operates in a local area network (“LAN”) (12) according to an intelligent network security method (30). The LAN (12) has a plurality of computers (14) and connects to the internet (16) through a firewall (18). The INSD (10) resides within the LAN (12) such that data traversing between the LAN (12) and the internet (16) is accessible thereto. The INSD (10) looks for code and patterns of behavior and assigns a value to perceived attempted security breaches. The INSD (10) then directs the firewall (16) to take any of a prescribed plurality of actions, based upon such value.
133 Citations
13 Claims
-
1. A computer program product which includes codes on a computer readable medium, comprising:
-
code for monitoring communications between a local area network and a wide area network;
code for determining, over time, if the communications between the local area network and the wide area network contain patterns of activity indicative of an attempted security breach; and
code for generally simultaneously controlling a firewall to selectively block communications between the local area network and the wide area network depending upon a classification of the attempted security breach. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
code for a weighting operation wherein a weight is assigned to a detected security breach.
-
-
3. The computer program product of claim 1, and further including:
-
at least one detect operation performed by the codes on the computer readable medium wherein a computer security breach is detected; and
a weighting operation performed by the codes on the computer readable medium wherein a weight is assigned according to the importance of the security breach.
-
-
4. The computer program product of claim 1, and further including:
a react operation wherein said firewall is reprogrammed in real time to react to the security breach.
-
5. The computer program product of claim 1, and further including:
-
at least one detect operation performed by the codes on the computer readable medium wherein a computer security breach is detected; and
a react operation performed by the codes on the computer readable medium wherein said firewall is reprogrammed in real time to react to the security breach.
-
-
6. The computer program product of claim 1, wherein:
said react operation reprograms said firewall according to an assigned weight, the assigned weight being a function the type of security breach detected.
-
7. The computer program product of claim 1, wherein:
the wide area network is the internet.
-
8. The computer program product of claim 1, wherein:
the local area network is an Ethernet local area network.
-
9. The computer program product of claim 1, wherein:
the classification of the attempted security breach includes a factor relating to the importance of a portion of the local area network which the attempted security breach attempts to access.
-
10. The computer program product of claim 1, wherein:
the classification of the attempted security breach includes a factor relating to the number of attempts made in the course of the attempted security breach.
-
11. The computer program product of claim 1, wherein:
the classification of the attempted security breach includes a factor relating to the relative sophistication of the attempted security breach.
-
12. The computer program product of claim 1, wherein:
the classification of the attempted security breach is accomplished by a controller unit which is physically distinct from a firewall unit.
-
13. The computer program product of claim 12, wherein:
the firewall unit is controlled through a serial datalink from the controller unit.
Specification