Real time active network compartmentalization
First Claim
1. A method of operating a digital communication network having a plurality of nodes which have a locally hierarchical relationship, comprising the steps of:
- supplying identification information at a first node to a transmission received from the network even if a sender of the transmission is not identified;
tracking network transmissions at the first node using the identification information and logging the identification information and a characteristic of the network transmission as traffic log information;
communicating the traffic log information to another node;
detecting a condition at the first node and communicating the condition to a trusted second node locally higher in said hierarchical relationship;
disconnecting one or more nodes in the network to test for the origin and scope of a potential attack and reconnecting disconnected nodes not associated with the potential attack;
collecting information regarding said condition and said traffic log through nodes at the same or higher hierarchical level as said trusted second node; and
controlling a response at said first node in response to said information, wherein the controlling step includes switching a critical segment of the network to a secure mode when a threat is detected, and wherein the hierarchical relationship of the plurality of nodes is hidden to users of the network.
1 Assignment
0 Petitions
Accused Products
Abstract
Security policy manager devices are leveraged by manager objects to use highly secure user transparent communications to provide detection of questionable activities at every node, automatic collection of information related to any potential attack, isolation of the offending object with arbitrary flexibility of response (e.g. flexibly determining the level of certainty of an attack for initiation of a response in accordance with the number of nodes to be partitioned that is determined by the collected data concerning the potential attack), changing trust relationships between security domains, limiting the attack and launching offensive information warfare capabilities (e.g. outbound from the compromised node while limiting or eliminating inbound communications) in log time and simultaneously and/or concurrently in different but possibly overlapping sections or segments of a digital network of arbitrary configuration.
-
Citations
19 Claims
-
1. A method of operating a digital communication network having a plurality of nodes which have a locally hierarchical relationship, comprising the steps of:
-
supplying identification information at a first node to a transmission received from the network even if a sender of the transmission is not identified; tracking network transmissions at the first node using the identification information and logging the identification information and a characteristic of the network transmission as traffic log information; communicating the traffic log information to another node; detecting a condition at the first node and communicating the condition to a trusted second node locally higher in said hierarchical relationship; disconnecting one or more nodes in the network to test for the origin and scope of a potential attack and reconnecting disconnected nodes not associated with the potential attack; collecting information regarding said condition and said traffic log through nodes at the same or higher hierarchical level as said trusted second node; and controlling a response at said first node in response to said information, wherein the controlling step includes switching a critical segment of the network to a secure mode when a threat is detected, and wherein the hierarchical relationship of the plurality of nodes is hidden to users of the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer readable medium upon which is embodied a sequence of programmable instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
detecting a condition at the first node and communicating the condition to a trusted second node locally higher in said hierarchical relationship; disconnecting one or more nodes in the network to test for the origin and scope of a potential attack and reconnecting disconnected nodes not associated with the potential attack; collecting information regarding said condition through nodes at the same or higher hierarchical level as said trusted second node; and controlling a response at said first node in response to said information. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method of actively compartmentalizing a network in real time using manager objects and managed objects arranged in a locally hierarchically relationship, said method comprising:
-
providing a plurality of nodes, each node having at least one manager object and one or more managed objects, wherein each manager object corresponds to one or more managed objects and each managed object corresponds to a network connection to another node; adding identification information to a transmission received at a first node from the network even if a sender of the transmission is not identified; tracking network transmissions at the first node using the identification information and logging the identification information and a characteristic of the network transmission as traffic log information; communicating the traffic log information to another node in a form that is transparent to users of the network; detecting a condition at the first node and communicating the condition, in a form that is transparent to users of the network, to a trusted second node locally higher in said hierarchical relationship; collecting information regarding said condition and said traffic log through nodes at the same or higher hierarchical level as said trusted second node; controlling a response at said first node in response to said information; and disconnecting one or more nodes in the network to test for the origin and scope of a potential attack and reconnecting disconnected nodes not associated with the potential attack. - View Dependent Claims (17, 18, 19)
-
Specification