Prevention of operating system identification through fingerprinting techniques
First Claim
Patent Images
1. A computerized method to prevent identification of an operating system executing on a computer connected to a network comprising:
- intercepting a portion of outgoing network data characteristic of the operating system; and
conditionally masking the portion of outgoing network data to impersonate a different operating system in accordance with a security policy if the network is an untrusted network;
wherein masking the portion comprises;
replacing the portion of outgoing network data with data characteristic of the different operating system to prevent identification of the operating system by impersonating the different operating system, for misleading attackers into attempting attacks that are unworkable on the operating system.
11 Assignments
0 Petitions
Accused Products
Abstract
Outgoing data units, such as packets, from a computer system that contain data characteristic of an operating system executing on the computer system are intercepted before they are transmitted on a network and masked to impersonate a different operating system if the network is untrusted. The masking may be to re-fingerprint the data units by replacing the data characteristic of the actual operating system with data characteristic of the different operating system. Alternatively, the masking may require discarding the data unit and not transmitting it.
-
Citations
36 Claims
-
1. A computerized method to prevent identification of an operating system executing on a computer connected to a network comprising:
-
intercepting a portion of outgoing network data characteristic of the operating system; and conditionally masking the portion of outgoing network data to impersonate a different operating system in accordance with a security policy if the network is an untrusted network; wherein masking the portion comprises; replacing the portion of outgoing network data with data characteristic of the different operating system to prevent identification of the operating system by impersonating the different operating system, for misleading attackers into attempting attacks that are unworkable on the operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable medium having executable instructions to cause a computer to perform a method comprising:
-
intercepting a portion of outgoing network data characteristic of an operating system executing on the computer when the computer is connected to a network; and conditionally masking the portion to impersonate a different operating system in accordance with a security policy if the network is an untrusted network; wherein masking the portion comprises; replacing the portion with data characteristic of the different operating system to prevent identification of the operating system by impersonating the different operating system, for misleading attackers into attempting attacks that are unworkable on the operating system. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computerized system comprising:
-
a processing unit; a memory coupled to the processing unit through a bus; a network interface coupled to the processing unit through the bus and further operable for coupling to a network; an operating system executed from the memory by the processing unit; and a fingerprint masking process executed from the memory by the processing unit to cause the processing unit to intercept a portion of network data characteristic of the operating system when the network interface is coupled to the network, and to conditionally mask the portion to impersonate a different operating system in accordance with a security policy if the network is an untrusted network; wherein the fingerprint masking process further causes the processing unit to mask the portion by replacing the portion with data characteristic of the different operating system to prevent identification of the operating system by impersonating the different operating system, for misleading attackers into attempting attacks that are unworkable on the operating system. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
-
31. A computer-readable medium having stored thereon an OS fingerprint policy data structure comprising:
-
a data unit type field containing data representative of an identifier for a type of data unit, wherein information associated with the data unit is characteristic of an operating system; and an action field containing data representative of an action to be taken to mask the information associated with the data unit identified by the data unit type field; wherein masking the information comprises; replacing the information with information characteristic of a different operating system to prevent identification of the operating system by impersonating the different operating system, for misleading attackers into attempting attacks that are unworkable on the operating system. - View Dependent Claims (32, 33, 34, 35, 36)
-
Specification