Manual virtual private network internet snoop avoider
First Claim
Patent Images
1. A tunneled networking system comprising:
- a first tunneled node having a first administrator, a first set of tunneling configuration data and at least one first set of backup configuration data associated therewith;
a second tunneled node having a second administrator, a second set of tunneling configuration data and at least one second set of backup configuration data associated therewith; and
a tunneled network between the first tunneled node and the second tunneled node, wherein the first tunneled node is operable to begin using the first set of backup configuration data to negotiate a backup tunneled network system with the second tunneled node upon direction of the first administrator wherein the first administrator is in communication with the second administrator, and wherein the second tunneled node is operable to begin using the second set of backup configuration data to negotiate the backup tunneled network with the first tunneled node upon direction of the second administrator.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a system and method for enhancing the security and reliability of virtual private network (VPN) connections by manually exchanging secondary configuration information. If a compromise is detected on a main VPN tunnel, a new VPN tunnel can be created by the system administrators using the secondary configuration, stymieing attempted security violations and providing nearly continuous service to the users. A compromise may be indicative of a security breach or other problem with the VPN. The main VPN tunnel may be abandoned or fed with false data to confuse would-be intruders if the compromise is a security compromise.
67 Citations
35 Claims
-
1. A tunneled networking system comprising:
-
a first tunneled node having a first administrator, a first set of tunneling configuration data and at least one first set of backup configuration data associated therewith;
a second tunneled node having a second administrator, a second set of tunneling configuration data and at least one second set of backup configuration data associated therewith; and
a tunneled network between the first tunneled node and the second tunneled node, wherein the first tunneled node is operable to begin using the first set of backup configuration data to negotiate a backup tunneled network system with the second tunneled node upon direction of the first administrator wherein the first administrator is in communication with the second administrator, and wherein the second tunneled node is operable to begin using the second set of backup configuration data to negotiate the backup tunneled network with the first tunneled node upon direction of the second administrator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
the second tunneled node is operable to abandon the network tunnel after establishing the backup tunneled network system. -
5. The tunneled network system of claim 3 wherein the first tunneled node is operable to send false data over the network tunnel after establishing the backup tunneled network system, and
the second tunneled node is operable to send false data over the network tunnel after establishing the backup tunneled network system. -
6. The tunneled networking system of claim 2 wherein the first administrator is in communication with the second administrator using a secured communication path.
-
7. The tunneled networking system of claim 6 wherein the first set of networking configuration data is comprised of a source address, a destination address, at least one first encryption key, and an encryption method, and
wherein the second set of networking configuration data is comprised of the source address, the destination address, at least one second encryption key, and the encryption method. -
8. The tunneled network system of claim 6 wherein the secured communication path is not electrically connected to the tunneled network system.
-
-
9. In a tunneled network system having a first tunneled node and a second tunneled node, a method comprising the steps of:
-
associating a first set of tunneling configuration data and at least one first set of backup configuration data with the first tunneled node;
associating a second set of tunneling configuration data and at least one second set of backup configuration data with the second tunneled node; and
the first tunneled node and the second tunneled node negotiating a second tunneled network system using the first set of backup configuration data and the second set of backup configuration data. - View Dependent Claims (10, 11, 12, 13)
detecting at the first tunneled node a breach or potential breach of security within the tunneled network system; and
the first tunneled node alerting the second tunneled node to the breach.
-
-
11. The method of claim 10 further comprising the steps of:
-
the first tunneled node sending false data over the network tunnel after detecting a breach; and
the second tunneled node sending false data over the network tunnel after a breach is detected at the first tunneled node.
-
-
12. The method of claim 9 further comprising the step of the second tunneled node acknowledging to the first tunneled node prior to negotiating the second tunneled network system.
-
13. The method of claim 9 further comprising the steps of:
-
the first tunneled node abandoning the network tunnel; and
the second tunneled node abandoning the network tunnel.
-
-
14. A tunneled networking system comprising
a first tunneled node having a first administrator, a first set of tunneling configuration data and at least one first set of backup configuration data associated therewith; -
a second tunneled node having a second administrator, a second set of tunneling configuration data and at least one second set of backup configuration data associated therewith;
a main network tunnel between the first tunneled node and the second tunneled node associated with the first set of tunneling configuration data and the second set of tunneling configuration data; and
at least one backup tunnel between the first tunnel node and the second tunneled node associated with the first set of backup configuration data and the second set of backup configuration data, wherein the first tunneled node is operable to begin using the backup network tunnel to communicate with the second tunneled node at the first administrator'"'"'s direction, wherein the first administrator is in communication with the second administrator, and wherein the second tunneled node is operable to begin using the backup network tunnel to communicate with the first tunneled node at the second administrator'"'"'s direction. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
wherein the second set of networking configuration data is comprised of the source address, the destination address, at least one second encryption key, and the encryption method. -
19. The tunneled network system of claim 17 wherein the first tunneled node is operable to abandon the main network tunnel after detecting a compromise of the main network tunnel, and
the second tunneled node is operable to abandon the main network tunnel after beginning to use the backup network tunnel. -
20. The tunneled network system of claim 17 wherein the first tunneled node is operable to send false data over the main network tunnel at the first administrator'"'"'s direction after detecting a compromise of the main network tunnel, and
the second tunneled node is operable to send false data over the main network tunnel after beginning to use the backup network tunnel. -
21. The tunneled network system of claim 17 further comprising:
-
at least one additional tunneled node having an additional administrator, an additional set of tunneling configuration data and at least one additional set of backup configuration data associated therewith, wherein the main network tunnel further connects the first tunneled node and the second tunneled node to the additional tunneled node, wherein the backup network tunnel further connects the first tunneled node and the second tunneled node to the additional tunneled node, wherein the additional administrator is in communication with the first administrator and the second administrator, and the additional tunneled node being operable to begin using backup network tunnel to communicate with the first tunneled node and the second tunneled node upon direction of the additional administrator.
-
-
-
22. A node to a tunneled networking system comprising:
-
a set of tunneling configuration data;
at least one set of backup configuration data; and
a tunneled network endpoint, wherein the node is operable to begin using the set of backup configuration data to create a backup tunneled network endpoint upon direction of an administrator. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. A computer-readable medium having stored thereon a computer program comprising:
-
a configuration storage code comprising a set of codes operable to direct a node to store a set of tunneling configuration data;
a backup configuration storage code comprising a set of codes operable to direct the node to store a set of backup tunneling configuration data;
a tunneled network endpoint code comprising a set of codes operable to direct the node to set up a tunneled network endpoint using the set of tunneling configuration data; and
a switching code comprising a set of codes operable to direct the node to set up a backup tunneled network endpoint using the set of backup tunneling configuration data upon command of an administrator. - View Dependent Claims (31, 32, 33, 34, 35)
a detection code comprising a set of codes operable to direct the node to detect a compromise of the tunneled network endpoint; and
an alert code comprising a set of codes operable to direct the node to alert the administrator to the compromise.
-
-
32. The computer-readable medium of claim 31 wherein the set of tunneling configuration data is comprised of a source address, a destination address, at least one first encryption key, and an encryption method.
-
33. The computer-readable medium of claim 31 wherein the compromise is a security compromise.
-
34. The computer-readable medium of claim 31 wherein the switching code is further operable to direct the node to abandon the tunneled network endpoint after establishing the backup tunneled network endpoint.
-
35. The computer-readable medium of claim 31 wherein the switching code is further operable to direct the node to send false data out of the tunneled network endpoint after establishing the backup tunneled network endpoint.
Specification