Device and method for graphically displaying data movement in a secured network

US 6,493,752 B1
Filed: 05/06/1999
Issued: 12/10/2002
Est. Priority Date: 05/06/1999
Status: Active Grant

First Claim

Patent Images

1. A method of displaying real-time information associated with network traffic, the method comprising:

determining a source of a received packet;

determining a destination of a received packet;

determining if the source or the received packet is authorized;

displaying a directional indicator if the source is authorized; and

displaying a first representation of the source if the source is unauthorized, wherein at least one of displaying a directional indicator and displaying a first representation is performed in substantially real-time in accordance with the monitored network traffic.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide a display screen for a network security device. The screen includes representations of a source and a destination having respective source and destination indicators, such as LEDs. The source indicator is operable to indicate whether the source is authorized or unauthorized. The destination indicator is also operable to indicate whether the destination is authorized or unauthorized to receive the packet. A directional indicator oriented to point from the representation of the source to the representation of the destination is activated if the source and the received packet is authorized, The screen can further comprise additional indicators to indicate whether the security device is operational, to indicate a level of traffic through the security device, or to display a level of activity of a processor for the security device. The screen can be displayed on a computer screen.

54 Citations

View as Search Results

40 Claims

1. A method of displaying real-time information associated with network traffic, the method comprising:
- determining a source of a received packet;
  
  determining a destination of a received packet;
  
  determining if the source or the received packet is authorized;
  
  displaying a directional indicator if the source is authorized; and
  
  displaying a first representation of the source if the source is unauthorized, wherein at least one of displaying a directional indicator and displaying a first representation is performed in substantially real-time in accordance with the monitored network traffic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising displaying a second representation of the source if the source is authorized.
  - 3. The method of claim 1, further comprising:
4. The method of claim 1, further comprising displaying the first representation of the source or a first representation of the destination if the received packet is unauthorized.
5. The method of claim 1, further comprising displaying a second representation of the source or a second representation of the destination if the received packet is authorized.
6. The method of claim 1 wherein determining whether the source is authorized includes examining a source address of the received packet.
7. The method of claim 1 further comprising displaying an indicator representative of a volume of the network traffic.
8. The method of claim 1, further comprising displaying an armed or disarmed indicator.
9. The method of claim 1 wherein determining if the received packet is authorized includes examining data in the received packet.
10. The method of claim 1 wherein displaying is performed on a computer screen or on a network security device.
11. The method of claim 1, further comprising:
- providing representations of a trusted network, external network, and another network; and
  
  displaying a directional indicator between the representations of the trusted and external networks, the trusted and another networks, and the external and another networks to indicate network traffic between the representations of the networks.

12. A screen for a network security device operable to monitor and control network traffic, the screen comprising:
- a representation of a source;
  
  a representation of a destination;
  
  a directional indicator pointing towards the representation of the destination and activating if the source or if a received packet is authorized, wherein the representation of the source provides a first indicator if the source is unauthorized, wherein at least one of displaying the directional indicator and displaying the representation is performed in substantially real-time in accordance with the monitored network traffic.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The screen of claim 12 wherein the representation of the source provides a second indicator if the source is authorized.
  - 14. The screen of claim 12 wherein the representation of the destination provides the first indicator if the destination is unauthorized or provides a second indicator if the destination is authorized.
  - 15. The screen of claim 12 wherein the representation of the source or the representation of the destination provide the first indicator if the received packet is unauthorized.
  - 16. The screen of claim 12 wherein the representation of the source or the representation of the destination provide a second indicator if the received packet is authorized.
  - 17. The screen of claim 12, further comprising an indicator to indicate a level of the network traffic monitored by the security device, whether the security device is operating, or a load on a processor of the security device.
  - 18. The screen of claim 12 wherein the screen is disposed on a computer screen or on the security device.
  - 19. The screen of claim 12 wherein the representations of the source and the destination include representations of a trusted network, external network, and another network, the screen further including a directional indicator between the representations of the trusted and external networks, the trusted and another networks, and the external and another networks to indicate network traffic between the representations of the networks.

20. A security system to monitor and control network traffic, the security system comprising:
- a plurality of network interfaces coupling the security system to a network and receiving the network traffic;
  
  a processor coupled to the plurality of network interfaces to process the network traffic; and
  
  a display screen coupled to the processor and responsive to the processor to display information associated with the network traffic received by the network interfaces, the display screen including;
  
  a representation of a source;
  
  a representation of a destination;
  
  a directional indicator pointing towards the representation of the destination and activating if the source or if a received packet is authorized, wherein the representation of the source provides a first indicator if the source is unauthorized, wherein at least one of displaying the directional indicator and displaying the representation is performed in substantially real-time in accordance with the monitored network traffic.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. The security system of claim 20 wherein the plurality of network interfaces includes a public network interface and a private network interface.
  - 22. The security system of claim 20 wherein the processor determines if the source is authorized based on addressing information contained in the received packet.
  - 23. The security system of claim 20 wherein the indicators and the representations of the source and destination are individually controlled by the processor.
  - 24. The security system of claim 20 wherein the representation of the source provides a second indicator if the source is authorized.
  - 25. The security system of claim 20 wherein the representation of the destination provides the first indicator if the destination is unauthorized or provides a second indicator if the destination is authorized.
  - 26. The security system of claim 20 wherein the representation of the source or the representation of the destination provide the first indicator if the received packet is unauthorized.
  - 27. The security system of claim 20 wherein the representation of the source or the representation of the destination provide a second indicator if the received packet is authorized.
  - 28. The security system of claim 20 wherein the representations of the source and the destination include representations of a trusted network, external network, and another network, the screen further including a directional indicator between the representations of the trusted and external networks, the trusted and another network, and the external and another network to indicate network traffic between the representation of the networks.
  - 29. The security device of claim 20 wherein the screen is disposed the security device or on a computer screen coupled to the security device.

30. A computer-readable medium whose contents cause a computer-based security facility to monitor network traffic by:
- determining a source of a received packet;
  
  determining a destination of the received packet;
  
  determining if the source or the received packet is authorized;
  
  displaying a directional indicator if the source is authorized; and
  
  displaying a first representation of the source if the source is unauthorized, wherein at least one of displaying a directional indicator and displaying a first representation is performed in substantially real-time in accordance with the monitored network traffic.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The computer-readable medium of claim 30 wherein the contents of the computer-readable medium further cause the security facility to display a second representation of the source if the source is authorized.
  - 32. The computer-readable medium of claim 30 wherein the contents of the computer-readable medium further cause the security facility to:
33. The computer-readable medium of claim 30 wherein the contents of the computer-readable medium further cause the security facility to display an indicator to indicate a level of network traffic monitored by the security facility, a load on a processor of the security facility, or whether the security facility is functioning.
34. The computer-readable medium of claim 30 wherein the contents of the computer-readable medium further cause the security facility to reject the received packet based on whether the source, the destination, or the received packet is unauthorized.
35. The computer-readable medium of claim 30 wherein the contents of the computer-readable medium further cause the security facility to:
- provide representations of a trusted network, external network, and another network; and
  
  display a directional indicator between the representations of the trusted and external networks, the trusted and another networks, and the external and another networks to indicate network traffic between the representations of the networks.
36. The computer-readable medium of claim 30 wherein displaying is on a computer screen or on a network security device.

37. A method of displaying information associated with network traffic, the method comprising:
- at a first facility, determining a source of a received packet, a destination of the received packet, and whether the source or the received packet is authorized; and
  
  at a second facility, displaying a directional indicator if the source is authorized or displaying a first representation of the source if the source is unauthorized, wherein at least one of displaying a directional indicator and displaying a first representation is performed in substantially real-time in accordance with the monitored network traffic.
- View Dependent Claims (38, 39, 40)
- - 38. The method of claim 37, further comprising at the second facility:
39. The method of claim 37 wherein the first and second facilities are proximately located with respect to each other.
40. The method of claim 37 wherein the first and second facilities are remotely located with respect to each other.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WatchGuard Technologies Incorporated (Gladiator Corporation)
Original Assignee
WatchGuard Technologies Incorporated (Gladiator Corporation)
Inventors
Wiggins, James Daniel, Lee, Kangho, Bonn, David Wayne, Boroughs, Randall Craig
Primary Examiner(s)
Barot, Bharat

Application Number

US09/307,256
Time in Patent Office

1,314 Days
Field of Search

709/200-203, 709/217-219, 709/223-225, 709/227-229, 709/249, 713/200-201, 713/150, 713/153, 713/155, 713/160, 713/168-169, 707/9-10, 370/230-232, 370/235-236, 370/252-254
US Class Current

709/223
CPC Class Codes

H04L 41/0816   the condition being an adap...

H04L 41/22   comprising specially adapte...

H04L 63/1408   by monitoring network traff...

Device and method for graphically displaying data movement in a secured network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Device and method for graphically displaying data movement in a secured network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links