Advanced data guard having independently wrapped components
First Claim
1. A computer system that defines a security barrier between a first computer network region and a second computer network region, the computer system comprising:
- a graphical user interface for presenting a template to a user and receiving content limitations via said template of said graphical user interface, said content limitations including rules and values;
a first proxy agent running on the computer system, said first proxy agent being operative to communicate with a first computer network region;
a second proxy agent running on the computer system, said second proxy agent being operative to communicate with a second computer network region;
a content-based filter application running on the computer system, said content-based filter application being operative to review information that is passed between said first proxy agent and said second proxy agent, wherein the manner in which said content-based filter application reviews said information is user-configurable utilizing said content limitations received via said template of said graphical user interface;
one or more software wrappers that are operative to constrain behavior of said first proxy agent, said second proxy agent, and said content-based filter application;
wherein said first proxy agent and said second proxy agent are application level proxy agents;
wherein said content-based filter application is a protocol-independent analysis application;
wherein said first proxy agent and said second proxy agent generate and pass files to said content-based filter application;
wherein said files include extensible markup language code;
wherein said first proxy agent and said second proxy agent pass information to said content-based filter application using shared memory;
wherein said content-based filter application modifies said information based on said review;
wherein components that are positioned between said first and sad second proxy agents and said content-based filter application;
are queued and dequeued;
wherein said first proxy agent, said second proxy agent, and said content-based filter application are running on a commercial off the shelf operating system;
wherein said content-based filter application generates application-specific alerts for an intrusion detection system in response to said review based on said rules and said values of said content limitations.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for increasing the security of a data guard is disclosed. The data guard is based on a multi-part proxy that includes a first proxy agent that communicates with an inside computer network region, a second proxy agent that communicates with an outside computer network region, and a content-based filter application that reviews information that is passed between the first proxy agent and the second proxy agent. Both the first and second proxy agents can be based on existing firewall proxies. The proxy agents listen for protocol operations (e.g., IIOP requests or replies) and translate those protocol operations into protocol-independent data. The protocol independent data is then analyzed by a protocol-independent content-based filter. The behavior of the multi-part proxy can be further constrained through the use of software wrapper technology.
169 Citations
5 Claims
-
1. A computer system that defines a security barrier between a first computer network region and a second computer network region, the computer system comprising:
-
a graphical user interface for presenting a template to a user and receiving content limitations via said template of said graphical user interface, said content limitations including rules and values;
a first proxy agent running on the computer system, said first proxy agent being operative to communicate with a first computer network region;
a second proxy agent running on the computer system, said second proxy agent being operative to communicate with a second computer network region;
a content-based filter application running on the computer system, said content-based filter application being operative to review information that is passed between said first proxy agent and said second proxy agent, wherein the manner in which said content-based filter application reviews said information is user-configurable utilizing said content limitations received via said template of said graphical user interface;
one or more software wrappers that are operative to constrain behavior of said first proxy agent, said second proxy agent, and said content-based filter application;
wherein said first proxy agent and said second proxy agent are application level proxy agents;
wherein said content-based filter application is a protocol-independent analysis application;
wherein said first proxy agent and said second proxy agent generate and pass files to said content-based filter application;
wherein said files include extensible markup language code;
wherein said first proxy agent and said second proxy agent pass information to said content-based filter application using shared memory;
wherein said content-based filter application modifies said information based on said review;
wherein components that are positioned between said first and sad second proxy agents and said content-based filter application;
are queued and dequeued;
wherein said first proxy agent, said second proxy agent, and said content-based filter application are running on a commercial off the shelf operating system;
wherein said content-based filter application generates application-specific alerts for an intrusion detection system in response to said review based on said rules and said values of said content limitations. - View Dependent Claims (2, 3, 4, 5)
-
Specification