Network security system protecting against disclosure of information to unauthorized agents
First Claim
Patent Images
1. A network security system for a protected network, comprising:
- a router connected to the protected network and configured to selectively route incoming messages to respective destinations on the protected network addressed by respective ones of said incoming messages;
a NIDS connected to the protected network and configured to detect an attack on the protected network associated with one of said incoming messages; and
a network security controller connected to the protected network and configured to cause said router to selectively redirect to an alternate terminus a reply message associated with said one incoming message in response to said network intrusion detection system detecting said attack.
5 Assignments
0 Petitions
Accused Products
Abstract
A network security system provides a complete, reactive, Network Intrusion Detection System (NIDS) designed to stop a would-be hacker from gaining unauthorized access by blocking their connectivity to a protected network at the first sign of malicious activity. The network security system utilizes a commercially available or open source NIDS that can detect patterns in TCP/IP activity as well as examining packet headers to detect probes and attempts to compromise systems. The network security system then modifies the return route from the “victim” protected network so that outbound packets are never returned to the attacker.
79 Citations
26 Claims
-
1. A network security system for a protected network, comprising:
-
a router connected to the protected network and configured to selectively route incoming messages to respective destinations on the protected network addressed by respective ones of said incoming messages;
a NIDS connected to the protected network and configured to detect an attack on the protected network associated with one of said incoming messages; and
a network security controller connected to the protected network and configured to cause said router to selectively redirect to an alternate terminus a reply message associated with said one incoming message in response to said network intrusion detection system detecting said attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
(i) a network resource anomaly including activity that is different from a predetermined normal behavior; and
(ii) a network resource misuse including activity corresponding to known intrusion techniques, known intrusion signature, and/or known system vulnerabilities.
-
-
9. The network security system according to claim 1 wherein said network intrusion detection system is configured to notify said network security controller of detecting said attack via one of a (i) system log (syslog) and (ii) Simple Network Management Protocol (snmp) trap.
-
10. The network security system according to claim 1 wherein said network intrusion detection system is configured to mirror ports addressable corresponding to said destinations on said protected network.
-
11. The network security system according to claim 1 wherein said router includes a routing table and said network security controller is configured to introduce to said router a preferred route into said routing table, said preferred route configured to selectively redirect said reply message to said alternate terminus on the protected network.
-
12. The network security system according to claim 11 wherein said alternate terminus on the protected network comprises a system configured to analyze said reply message to identify network vulnerabilities of the protected network.
-
13. The network security system according to claim 1 wherein said alternate terminus is said network intrusion detection system.
-
14. The network security system according to claim 1 wherein said alternate terminus comprises a node on said protected network.
-
15. The network security system according to claim 1 wherein said control system is configured to put an Exterior Gateway Protocol (EGP) neighbor corresponding to a destination of said reply message into a down state and generates a corresponding egpNeighborLoss trap.
-
16. The network security system according to claim 1 wherein said network security controller is configured to redirect said reply message to said network intrusion detection system.
-
17. The network security system according to claim 16 wherein said network intrusion detection system is configured to analyze said reply message to identify network vulnerabilities.
-
18. A network security system, comprising:
-
a protected network configured to route messages between (i) a plurality of network nodes and (ii) at least one external node;
a router connected to said protected network and configured to receive incoming messages to said protected network from said external nodes and to selectively route said incoming messages to ones of said network nodes addressed by respective ones of said incoming messages;
a network intrusion detection system connected to said protected network and configured to monitor said incoming messages to said protected network and provide an indication of an attempt to gain unauthorized access to said protected network; and
a network security controller connected to said protected network and configured to cause said router to selectively redirect a reply message associated with said one incoming message in response to said network intrusion detection system detecting said attack.
-
-
19. A method of operating a network security system, comprising the steps of:
-
selectively routing messages incoming to respective destinations on a protected network;
detecting an attack on said protected network associated with one of said incoming messages; and
selectively redirecting a reply message associated with said one incoming message to an alternate destination in response to said step of detecting said attack. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification