Method and system for remotely configuring and monitoring a communication device
First Claim
1. A method for remotely monitoring each of a plurality of network intrusion protection devices with a remote monitoring center under control by a service provider servicing the intrusion protection requirements of a plurality of customers, comprising the steps of:
- receiving at the remote monitoring center a first transmission comprising a first identification number and a network address associated with one of a plurality of network intrusion prevention devices monitored by the remote monitoring center which operates at a location other than a site of any one of the customers, each network intrusion prevention device positioned in-line and between a computer network controlled by one of the customers and a distributed computer network that is not controlled by the customers, each network intrusion prevention device operative to block a communication from passing to the corresponding computer network via the distributed computer network by terminating the communication based on a determination that the communication represents a security risk to at least one of the computers coupled to the computer network, each network intrusion prevention device operative to make the determination that the communication represents a security risk independently after being configured and without control from the remote monitoring center, each network intrusion prevention device comprising a firewall, an intrusion detector, and a remote monitoring controller communication module, wherein the remote monitoring controller communication module is operatively coupled to the remote monitoring center;
storing the identification number and network address for the network intrusion prevention device in a database at the remote monitoring center;
receiving at the remote monitoring center a second identification number during a second transmission from the network intrusion prevention device;
comparing the second identification number with the first identification number at the remote monitoring center and, in response to a match between the first identification number and second identification number, identifying a plurality of security policy options that are selectable by the network intrusion prevention device;
generating a configuration file with the remote monitoring center in response to selection of at least one of the security policy options by the network intrusion prevention device, the configuration file governing the intrusion protection operation for the network intrusion prevention device;
transmitting the configuration file from the remote monitoring center to configure the network intrusion prevention device;
monitoring the network intrusion prevention device by the remote monitoring center for issuance of an alert signal issued by the network intrusion prevention device in response to a determination that the communication represents a security risk to at least one of the computers coupled to the computer network;
receiving the alert signal at the remote monitoring center; and
assigning the alert signal an order and talking responsive action at the remote monitoring center based upon the assigned order.
19 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for remotely configuring and monitoring a communication device are provided, especially useful in a computer network environment such as the Internet. A communication device or network appliance compares communications entering the communication device to a list of communication types established as known security risks, for example hacker attacks, unauthorized attempted access to network resources, or similar network security threats. If the received communication corresponds to a known security risk, the communication is classified as either a high security risk or low security risk, and an alert signal is transmitted to a remote monitoring center. Upon receiving the alert signal, the remote monitoring center assigns a priority to the alert signal based upon the type of the communication that triggered the transmission of the alert signal. Based on the assigned priority, the prioritized alert signal is then forwarded to a remote monitoring agent for resolution. The remote monitoring agent may then analyze the communication, contact the end user of the communication device with an appropriate resolution, or take other appropriate action in response to the received communication. The communication device may also be remotely configured.
-
Citations
20 Claims
-
1. A method for remotely monitoring each of a plurality of network intrusion protection devices with a remote monitoring center under control by a service provider servicing the intrusion protection requirements of a plurality of customers, comprising the steps of:
-
receiving at the remote monitoring center a first transmission comprising a first identification number and a network address associated with one of a plurality of network intrusion prevention devices monitored by the remote monitoring center which operates at a location other than a site of any one of the customers, each network intrusion prevention device positioned in-line and between a computer network controlled by one of the customers and a distributed computer network that is not controlled by the customers, each network intrusion prevention device operative to block a communication from passing to the corresponding computer network via the distributed computer network by terminating the communication based on a determination that the communication represents a security risk to at least one of the computers coupled to the computer network, each network intrusion prevention device operative to make the determination that the communication represents a security risk independently after being configured and without control from the remote monitoring center, each network intrusion prevention device comprising a firewall, an intrusion detector, and a remote monitoring controller communication module, wherein the remote monitoring controller communication module is operatively coupled to the remote monitoring center;
storing the identification number and network address for the network intrusion prevention device in a database at the remote monitoring center;
receiving at the remote monitoring center a second identification number during a second transmission from the network intrusion prevention device;
comparing the second identification number with the first identification number at the remote monitoring center and, in response to a match between the first identification number and second identification number, identifying a plurality of security policy options that are selectable by the network intrusion prevention device;
generating a configuration file with the remote monitoring center in response to selection of at least one of the security policy options by the network intrusion prevention device, the configuration file governing the intrusion protection operation for the network intrusion prevention device;
transmitting the configuration file from the remote monitoring center to configure the network intrusion prevention device;
monitoring the network intrusion prevention device by the remote monitoring center for issuance of an alert signal issued by the network intrusion prevention device in response to a determination that the communication represents a security risk to at least one of the computers coupled to the computer network;
receiving the alert signal at the remote monitoring center; and
assigning the alert signal an order and talking responsive action at the remote monitoring center based upon the assigned order. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for remotely monitoring a plurality of network intrusion prevention devices based on operations of a remote monitoring center managed by a service provider, comprising the steps of:
-
presenting security policy options with the remote monitoring center, the security policy options selectable by each of the network intrusion prevention devices, each network intrusion prevention communication device positioned in-line and between a computer network under control of one of a plurality of customers and a distributed computer network that is not under control of the customers;
generating a configuration file with the remote monitoring center in response to selection of the security policy options by each of the network intrusion prevention devices;
transmitting the configuration file from the remote monitoring center to configure the network intrusion prevention devices, each network intrusion prevention device operative to process a communication carried by the distributed computer network and intended for delivery to a computer coupled to a corresponding one of the computer networks to determine whether the communication represents a security risk to the computer network in accordance with the configuration file, each network intrusion prevention device operative to determine whether the communication represents a security risk independently after being configured and without control from the remote monitoring center, the network intrusion prevention device further operative to issue an alert signal and to terminate the communication in response to a determination that the communication represents a security risk, each network intrusion prevention device comprising a firewall, an intrusion detector, and a remote monitoring controller communication module, the remote monitoring controller communication module coupled to the remote monitoring center;
monitoring the network intrusion prevention devices with the remote monitoring center to detect an issuance of the alert signal from one of the network intrusion prevention devices;
receiving the alert signal with the remote monitoring center; and
forwarding the alert signal to a remote agent associated with the service provider, wherein the alert signal provides an advisory of the security risk faced by the network intrusion prevention device that issued the alert signal. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for remotely monitoring the security status of a plurality of computer networks, each computer network associated with one of a plurality of entities, comprising:
-
a plurality of network intrusion prevention devices, each network intrusion prevention device coupled in-line and between one of the computer networks associated with a particular one of the entities and a distributed computer network that is not associated with any of the entities, wherein each network intrusion prevention device is operative to process a communication carried by the distributed computer network and intended for delivery to a computer coupled to the corresponding computer network to determine whether the communication represents a security risk to the computer network, and wherein each network intrusion prevention device is further operative to block the communication from passage to the computer network by terminating the communication and to transmit an alert signal via the distributed computer network in response to a determination by the network intrusion prevention device that the communication represents a security risk, each network intrusion prevention device operative to make the determination that the communication represents a security risk independently after being configured and without control of a remote monitoring center, each network intrusion prevention device comprising a firewall, an intrusion detector, and a remote monitoring controller communication module, the remote monitoring controller communication module coupled to the remote monitoring center; and
the remote monitoring center operated on behalf of the entities by a service provider, the remote monitoring center coupled to the distributed computer network, remotely located from each of the computer networks, and operative to monitor the security status of each one of the plurality of computer networks based upon status information transmitted by the network intrusion prevention devices for the computer networks, the remote monitoring center responsive to receipt of the alert signal transmitted by any one of the network intrusion prevention devices to complete an analysis of the alert signal and to take a responsive action based on the analysis of the alert signal. - View Dependent Claims (17, 18, 19, 20)
-
Specification