Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures

US 6,988,208 B2
Filed: 07/16/2002
Issued: 01/17/2006
Est. Priority Date: 01/25/2001
Status: Expired due to Term

First Claim

Patent Images

1. A security system for a computer connected to a computer network comprising:

at least one detection means associated with said computer, said detection means configured to generate event messages when said computer is under an attack;

a master security system located outside said computer network;

a second master security system located outside said computer network; and

a secure link between said detection means and said master security system enabling data communication therebetween;

wherein said at least one detection means further comprises means for collecting said event messages and means for analyzing said event messages, wherein said second master security system further comprises means for monitoring attacks on said master security system, and wherein said detection means uploads certain event messages to said master security system through said secure link.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for verifying the integrity of devices on a target network. The apparatus has security subsystems and a master security system hierarchically connected to the security subsystems via a secure link. The target network includes various intrusion detection devices, which may be part of the security subsystem. Each intrusion detection device generates a plurality of event messages when an attack on the network is detected. The security subsystem collects these event messages, correlates, and analyzes them, and performs network scanning processes. If certain events warrant additional scrutiny, they are uploaded to the master security system for review.

Citations

30 Claims

1. A security system for a computer connected to a computer network comprising:
- at least one detection means associated with said computer, said detection means configured to generate event messages when said computer is under an attack;
  
  a master security system located outside said computer network;
  
  a second master security system located outside said computer network; and
  
  a secure link between said detection means and said master security system enabling data communication therebetween;
  
  wherein said at least one detection means further comprises means for collecting said event messages and means for analyzing said event messages, wherein said second master security system further comprises means for monitoring attacks on said master security system, and wherein said detection means uploads certain event messages to said master security system through said secure link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The security system of claim 1, wherein said at least one detection means further comprises means for countering said attack.
  - 3. The security system of claim 1, wherein said means for analyzing said event messages further comprises means for consolidating said event messages.
  - 4. The security system of claim 1, wherein said means for analyzing said event messages further comprises means for classifying said event messages.
  - 5. The security system of claim 1, wherein said means for analyzing said event messages further comprises means for correlating said event messages.
  - 6. The security system of claim 1, wherein said means for analyzing said event messages further comprises multiple views, each of said views analyzing a different subset of event information.
  - 7. The security system of claim 1, wherein said detection means is one or more selected from the group consisting of an intrusion detection system, a firewall and a security subsystem.
  - 8. The security system of claim 1, wherein said master security system is hierarchically independent from said detection means.
  - 9. The security system of claim 1 further comprising a pseudo attack generator associated with said master security system for generating attacks on said computer detectable by said detection means wherein said master security system monitors said detection means by comparing said pseudo-attacks to said attacks detected by said detection means.
  - 10. The security system of claim 1, further comprising a vulnerability scanning means determining vulnerability of various components of said computer network to a particular attack.
  - 11. The security system of claim 10, wherein said means for analyzing said event messages are configured to compare said determined vulnerability of said various components to said attack on said computer network.

12. A network security system for a target network of computers comprising:
- at least one detection means associated with said target network, said detection means configured to generate event messages when said computer is under an attack;
  
  a master security system located outside said network;
  
  a second master security system located outside said computer network, and a secure link between said detection means and said master security system enabling data communication therebetween;
  
  wherein said at least one detection means further comprises means for collecting said event messages and means for analyzing said event messages, wherein said second master security system monitors attacks on said master security system, and wherein said detection means uploads certain event messages to said master security system through said secure link.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The network security system of claim 12, wherein said at least one detection means further comprises means for countering said attack.
  - 14. The network security system of claim 12, wherein said means for analyzing said event messages further comprises means for consolidating said event messages.
  - 15. The network security system of claim 12, wherein said means for analyzing said event messages further comprises means for classifying said event messages.
  - 16. The network security system of claim 12, wherein said means for analyzing said event messages further comprises means for correlating said event messages.
  - 17. The security system of claim 12, wherein said means for analyzing said event messages further comprises multiple views, each of said views analyzing a different subset of event information.
  - 18. The network security system of claim 12, wherein said detection means is one or more selected from the group consisting of an intrusion detection system, a firewall and a security subsystem.
  - 19. The network security system of claim 12, wherein said master security system is hierarchically independent from said detection means.
  - 20. The network security system of claim 12, further comprising a pseudo attack generator associated with said master security system for generating attacks on said target network detectable by said detection means wherein said master security system monitors said detection means by comparing said pseudo-attacks to said attacks detected by said detection means.
  - 21. The security system of claim 12, further comprising a vulnerability scanning means determining vulnerability of various components of said computer network to a particular attack.
  - 22. The security system of claim 21, wherein said means for analyzing said event messages are configured to compare said determined vulnerability of said various components to said attack on said computer network.

23. A method for monitoring the integrity of a computer associated with a detection means, said computer being connected to a computer network and said detection means configured to detect an attack on said computer, said method comprising the steps of:
- establishing a secure link for the transfer of data between said detection means and a master security system hierarchically independent from said detection means collecting data related to said attack;
  
  analyzing said collected data related to said attack;
  
  uploading certain analyzed data to said master security system over said secure link;
  
  monitoring attacks on said master security system using a second master security system; and
  
  countering said attack.
- View Dependent Claims (24, 25, 26)
- - 24. The method for monitoring the integrity of a computer of claim 23, wherein said step of analyzing data further comprises the step of consolidating said data.
  - 25. The method for monitoring the integrity of a computer of claim 23, wherein said step of analyzing data further comprises the step of classifying said data.
  - 26. The method for monitoring the integrity of a computer of claim 25, wherein said step of analyzing data further comprises the step of correlating said data.

27. A method for monitoring the integrity of a target computer network associated with a detection means, said detection means configured to detect an attack on said target computer network, said method comprising the steps of:
- establishing a secure link for the transfer of data between said detection means and a master system hierarchically independent from said detection means collecting data related to said attack;
  
  analyzing data related to said attack;
  
  uploading certain analyzed data to said master security system over said secure link;
  
  monitoring attacks on said master security system using a second master security system; and
  
  countering said attack.
- View Dependent Claims (28, 29, 30)
- - 28. The method for monitoring the integrity of a target computer network of claim 27, wherein said step of analyzing data further comprises the step of consolidating said data.
  - 29. The method for monitoring the integrity of a target computer network of claim 27, wherein said step of analyzing data further comprises the step of classifying said data.
  - 30. The method for monitoring the integrity of a target computer network of claim 27, wherein said step of analyzing data further comprises the step of correlating said data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NTT Security (US) Inc. (Nippon Telegraph and Telephone Corporation)
Original Assignee
Solutionary, Inc (Nippon Telegraph and Telephone Corporation)
Inventors
Guilfoyle, Jeffrey, Mac Beaver, Edward, Hrabik, Michael
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
JACKSON, JENISE E

Application Number

US10/196,472
Publication Number

US 20020178383A1
Time in Patent Office

1,281 Days
Field of Search

713200-201, 709208-209, 709223-226, 709/229
US Class Current

726/23
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links