Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures
First Claim
1. A security system for a computer connected to a computer network comprising:
- at least one detection means associated with said computer, said detection means configured to generate event messages when said computer is under an attack;
a master security system located outside said computer network;
a second master security system located outside said computer network; and
a secure link between said detection means and said master security system enabling data communication therebetween;
wherein said at least one detection means further comprises means for collecting said event messages and means for analyzing said event messages, wherein said second master security system further comprises means for monitoring attacks on said master security system, and wherein said detection means uploads certain event messages to said master security system through said secure link.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for verifying the integrity of devices on a target network. The apparatus has security subsystems and a master security system hierarchically connected to the security subsystems via a secure link. The target network includes various intrusion detection devices, which may be part of the security subsystem. Each intrusion detection device generates a plurality of event messages when an attack on the network is detected. The security subsystem collects these event messages, correlates, and analyzes them, and performs network scanning processes. If certain events warrant additional scrutiny, they are uploaded to the master security system for review.
-
Citations
30 Claims
-
1. A security system for a computer connected to a computer network comprising:
-
at least one detection means associated with said computer, said detection means configured to generate event messages when said computer is under an attack;
a master security system located outside said computer network;
a second master security system located outside said computer network; and
a secure link between said detection means and said master security system enabling data communication therebetween;
wherein said at least one detection means further comprises means for collecting said event messages and means for analyzing said event messages, wherein said second master security system further comprises means for monitoring attacks on said master security system, and wherein said detection means uploads certain event messages to said master security system through said secure link. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A network security system for a target network of computers comprising:
-
at least one detection means associated with said target network, said detection means configured to generate event messages when said computer is under an attack;
a master security system located outside said network;
a second master security system located outside said computer network, and a secure link between said detection means and said master security system enabling data communication therebetween;
wherein said at least one detection means further comprises means for collecting said event messages and means for analyzing said event messages, wherein said second master security system monitors attacks on said master security system, and wherein said detection means uploads certain event messages to said master security system through said secure link. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for monitoring the integrity of a computer associated with a detection means, said computer being connected to a computer network and said detection means configured to detect an attack on said computer, said method comprising the steps of:
-
establishing a secure link for the transfer of data between said detection means and a master security system hierarchically independent from said detection means collecting data related to said attack;
analyzing said collected data related to said attack;
uploading certain analyzed data to said master security system over said secure link;
monitoring attacks on said master security system using a second master security system; and
countering said attack. - View Dependent Claims (24, 25, 26)
-
-
27. A method for monitoring the integrity of a target computer network associated with a detection means, said detection means configured to detect an attack on said target computer network, said method comprising the steps of:
-
establishing a secure link for the transfer of data between said detection means and a master system hierarchically independent from said detection means collecting data related to said attack;
analyzing data related to said attack;
uploading certain analyzed data to said master security system over said secure link;
monitoring attacks on said master security system using a second master security system; and
countering said attack. - View Dependent Claims (28, 29, 30)
-
Specification