Network security tap for use with intrusion detection system

US 6,898,632 B2
Filed: 04/07/2003
Issued: 05/24/2005
Est. Priority Date: 03/31/2003
Status: Active Grant

First Claim

Patent Images

1. A network tap that permits an attached device to communicate with a node of a network, comprising:

a first port that can receive an end of a first segment of a network cable;

a second port that can receive an end of a second segment of a network cable, the first port and the second port permitting network data to be communicated between the first segment and the second segment; and

at least one tap port through which a copy of the network data can be transmitted to an attached device, the network tap being configured to receive device data from the attached device and to communicate the received data through at least one of the first port and the second port.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is presented for analyzing information in a communication line for unwanted intrusions and for allowing information to be transmitted back into the communication line without disrupting the communication traffic when an intrusion is detected. The system and method includes a security tap connected to a firewall. The security tap is also connected to an intrusion detection device. The intrusion detection device analyzes the information in the communication line for indicia of attempts to compromise the network. When such indicia is detected, the intrusion detection device sends a “kill” data packet back through the security tap and directed back to the communication line to the firewall to instruct the firewall to prevent further communications into the network by the intrusive source. An Ethernet switch or field programmable gate array (FPGA) is incorporated in the security tap to coordinate the transmission of the “kill” data packet to avoid data collisions with data transmissions already existing in the communication line.

362 Citations

30 Claims

1. A network tap that permits an attached device to communicate with a node of a network, comprising:
- a first port that can receive an end of a first segment of a network cable;
  
  a second port that can receive an end of a second segment of a network cable, the first port and the second port permitting network data to be communicated between the first segment and the second segment; and
  
  at least one tap port through which a copy of the network data can be transmitted to an attached device, the network tap being configured to receive device data from the attached device and to communicate the received data through at least one of the first port and the second port.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The network tap of claim 1, wherein the at least one tap port comprises a first tap port that can transmit the copy of the network data to the attached device and can receive the device data from the attached device.
  - 3. The network tap of claim 1, wherein the at least one tap port comprises a first tap port that can transmit the copy of the network data to the attached device and a second tap port that can receive the device data from the attached device.
  - 4. The network tap of claim 1, further comprising a network switch in communication with the first port and the at least one tap port, wherein the network switch is configured to receive the device data from the attached device and to direct the received device data to the first port.
  - 5. The network tap of claim 4, wherein the first port is adapted to communicate with a firewall of the network, and wherein the device data includes a kill packet for controlling the operation of the firewall.
  - 6. The network tap of claim 5, wherein the at least one tap port is adapted to communicate with an intrusion detection system that is capable of generating the kill packet.
  - 7. The network tap of claim 1, further comprising an integrated circuit that is positioned at an intersection of communication lines associated with:
    - a device data port through which the network tap receives the device data;
      
      the first port; and
      
      the second port.
  - 8. The network tap of claim 7, wherein the integrated circuit includes a first buffer for receiving the device data and a second buffer for receiving the network data, the first buffer and the second buffer cooperating to insert the device data onto the communication line associated with the first port without interfering with the network data.
  - 9. The network tap of claim 8, wherein the integrated circuit is a Field Programmable Gate Array.
  - 10. The network tap of claim 1, wherein the network tap is configured to receive the device data from the attached device and to communicate the received data through the first port to a firewall in communication with the first segment of the network cable and through the second port to a node of the network in communication with the second segment of the network cable.
  - 11. The network tap of claim 1, wherein the first port and the second port are configured such that network data can be communicated between the first segment and the second segment regardless of whether power is supplied to the network tap.
  - 12. The network tap of claim 1, further comprising a switch for combining network data received by the network tap at the first port and network data received by the network tap at the second port into a single signal that can be accessed by an attached device through a single tap port.
  - 13. The network tap of claim 1, further comprising a management port through which a remote computer can control operational features of the network tap.
  - 14. The network tap of claim 1, further comprising means for switching the network tap between:
    - an enable mode in which the network tap is enabled to receive the device data from the attached device and to communicate the received data through at least one of the first port and the second port; and
      
      a disable mode in which the network tap is disabled from communicating device data through either the first port and the second port.

15. In a network tap that permits an attached device to communicate with a node of a network, a method for communicating a control signal to a firewall, comprising:
- at the network tap, in response to receiving network data from a first port of the network tap in communication with a firewall in the network;
  
  passing the network data through a second port of the network tap to a node in the network; and
  
  transmitting a copy of the network data through at least one tap port of the network tap to an attached device;
  
  receiving from the attached device a control signal that is to be transmitted to the firewall; and
  
  transmitting the control signal through the first port of the network tap to the firewall.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The method of claim 15, further comprising transmitting the control signal through the second port to the node in the network.
  - 17. The method of claim 15, wherein the control signal that is to be transmitted to the firewall is received from the attached device through said at least one tap port.
  - 18. The method of claim 15, wherein the control signal that is to be transmitted to the firewall is received from the attached device through a control signal port of the network tap that is distinct from said at least one tap port.
  - 19. The method of claim 15, wherein:
    - the attached device comprises an intrusion detection system that monitors the network data from the firewall; and
      
      the control signal comprises a kill packet that controls operation of the firewall.
  - 20. The method of claim 15, wherein receiving the control signal and transmitting the control signal through the first port is performed by a network switch included in the network tap, wherein the network switch is in communication with the first port and the at least one tap port.
  - 21. The method of claim 20, wherein the network switch comprises an Ethernet switch.
  - 22. The method of claim 15, wherein:
    - receiving the control signal comprises storing the control signal in a buffer of an integrated circuit included in the network tap; and
      
      transmitting the control signal through the first port comprises;
      
      monitoring outgoing network data transmitted from the second port to the first port of the network tap; and
      
      inserting the control signal in the outgoing network data at a time when it is determined that the outgoing network data otherwise includes only idle data.
  - 23. The method of claim 22, wherein monitoring the network data transmitted from the second port to the first port of the network tap comprises:
    - storing the outgoing network data in another buffer of the integrated circuit; and
      
      determining whether the stored outgoing network data includes only idle data.
  - 24. The method of claim 22, wherein the integrated circuit comprises a Field Programmable Gate Array.
  - 25. The method of claim 15, further comprising:
    - losing power at the network tap; and
      
      continuing to pass the network data between the first port and the second port notwithstanding the loss of power.

26. A network tap that permits an attached intrusion detection system to communicate with a firewall of a network, comprising:
- a first port that can receive an end of a first segment of a network cable, the first segment being in communication with the firewall;
  
  a second port that can receive an end of a second segment of a network cable, the second segment of the network cable being in communication with a node of the network, the first port and the second port permitting network data to be communicated between the first segment and the second segment;
  
  at least one tap port that can be connected with an intrusion detection system, the at least one tap port permitting a copy of the network data to be transmitted to the intrusion detection system and further being capable of receiving kill packets from the intrusion detection system; and
  
  a routing node that is in communication with the first port, the second port, and a communication line associated with the at least one tap port, the routing node being configured to;
  
  pass network data between the first port and the second port; and
  
  transmit the kill packet from the communication line associated with the at least one tap port to the firewall.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The network tap of claim 26, wherein the routing node comprises an Ethernet switch.
  - 28. The network tap of claim 26, wherein the routing node comprises a Field Programmable Gate Array.
  - 29. The network tap of claim 26, further comprising a first communication line from the first port to the routing node and a second communication line from the second port to the routing node, each of the first communication line and the second communication line including:
    - a relay for circumventing the routing node in the event of loss of power at the network tap;
      
      a transformer; and
      
      a fan out buffer that propagates the network data to the routing node and propagates a copy of the network data to the at least one tap port.
  - 30. The network tap of claim 26, further comprising, in addition to said at least one tap port, one or more other tap ports that enable an attached device in addition to the intrusion detection system to also access a copy of the network data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Viavi Solutions, Inc. (Lumentum Holdings Inc.)
Original Assignee
Finisar Corporation (II-VI Incorporated)
Inventors
Gallatin, Tom, Poelstra, Henry D., Gordy, Stephen C., Otis, Robert W.
Primary Examiner(s)
Geckil, Mehmet B.

Application Number

US10/409,006
Publication Number

US 20050005031A1
Time in Patent Office

778 Days
Field of Search

709/224, 709/226, 709/229, 713/200, 713/201
US Class Current

709/224
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/1408 by monitoring network traff...

Network security tap for use with intrusion detection system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

362 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Network security tap for use with intrusion detection system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

362 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links