Network security tap for use with intrusion detection system
First Claim
1. A network tap that permits an attached device to communicate with a node of a network, comprising:
- a first port that can receive an end of a first segment of a network cable;
a second port that can receive an end of a second segment of a network cable, the first port and the second port permitting network data to be communicated between the first segment and the second segment; and
at least one tap port through which a copy of the network data can be transmitted to an attached device, the network tap being configured to receive device data from the attached device and to communicate the received data through at least one of the first port and the second port.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method is presented for analyzing information in a communication line for unwanted intrusions and for allowing information to be transmitted back into the communication line without disrupting the communication traffic when an intrusion is detected. The system and method includes a security tap connected to a firewall. The security tap is also connected to an intrusion detection device. The intrusion detection device analyzes the information in the communication line for indicia of attempts to compromise the network. When such indicia is detected, the intrusion detection device sends a “kill” data packet back through the security tap and directed back to the communication line to the firewall to instruct the firewall to prevent further communications into the network by the intrusive source. An Ethernet switch or field programmable gate array (FPGA) is incorporated in the security tap to coordinate the transmission of the “kill” data packet to avoid data collisions with data transmissions already existing in the communication line.
362 Citations
30 Claims
-
1. A network tap that permits an attached device to communicate with a node of a network, comprising:
-
a first port that can receive an end of a first segment of a network cable;
a second port that can receive an end of a second segment of a network cable, the first port and the second port permitting network data to be communicated between the first segment and the second segment; and
at least one tap port through which a copy of the network data can be transmitted to an attached device, the network tap being configured to receive device data from the attached device and to communicate the received data through at least one of the first port and the second port. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. In a network tap that permits an attached device to communicate with a node of a network, a method for communicating a control signal to a firewall, comprising:
-
at the network tap, in response to receiving network data from a first port of the network tap in communication with a firewall in the network;
passing the network data through a second port of the network tap to a node in the network; and
transmitting a copy of the network data through at least one tap port of the network tap to an attached device;
receiving from the attached device a control signal that is to be transmitted to the firewall; and
transmitting the control signal through the first port of the network tap to the firewall. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A network tap that permits an attached intrusion detection system to communicate with a firewall of a network, comprising:
-
a first port that can receive an end of a first segment of a network cable, the first segment being in communication with the firewall;
a second port that can receive an end of a second segment of a network cable, the second segment of the network cable being in communication with a node of the network, the first port and the second port permitting network data to be communicated between the first segment and the second segment;
at least one tap port that can be connected with an intrusion detection system, the at least one tap port permitting a copy of the network data to be transmitted to the intrusion detection system and further being capable of receiving kill packets from the intrusion detection system; and
a routing node that is in communication with the first port, the second port, and a communication line associated with the at least one tap port, the routing node being configured to;
pass network data between the first port and the second port; and
transmit the kill packet from the communication line associated with the at least one tap port to the firewall. - View Dependent Claims (27, 28, 29, 30)
-
Specification