Illegal access data handling apparatus and method for handling illegal access data
First Claim
1. An illegal access data handling apparatus, comprising:
- a control system; and
a decoy server, functionally coupled to the control system, wherein the apparatus is placed outside a given internal communication network, for receiving illegal access data transmitted from a data communication device placed outside the internal communication network for a purpose of illegally accessing the internal communication network, and for taking countermeasures against the illegal access data received, further wherein the countermeasures include providing a response pretending to originate from the internal communication network,the response being encapsulated and sent to a network device within said given internal communication network to be decapsulated and transmitted by the network device to said data communication device.
1 Assignment
0 Petitions
Accused Products
Abstract
To provide a centralized control system for defending and taking countermeasures against an illegal access. A network device 3 detects an illegal access packet P1 transmitted from an illegal accessor'"'"'s terminal 6, and transfers an encapsulated packet P2 of the illegal access packet P1 to a data center 1. A control system 11 in the data center 1 analyzes the packet P2, encapsulates a response packet P4 from a decoy server 13 pretending to be a response from a target server to be attacked 5 to acquire a packet P3, and then transmits the packet P3 to the network device 3. The network device 3 decapsulates the packet P3 so as to extract a response packet P4, and transmits the response packet P4 to the illegal accessor'"'"'s terminal 6. The illegal accessor'"'"'s terminal 6, upon reception of the response packet P4, would believe that the response packet P4 should be transmitted from the server 5, and start to illegally access the decoy server 13.
17 Citations
16 Claims
-
1. An illegal access data handling apparatus, comprising:
-
a control system; and a decoy server, functionally coupled to the control system, wherein the apparatus is placed outside a given internal communication network, for receiving illegal access data transmitted from a data communication device placed outside the internal communication network for a purpose of illegally accessing the internal communication network, and for taking countermeasures against the illegal access data received, further wherein the countermeasures include providing a response pretending to originate from the internal communication network, the response being encapsulated and sent to a network device within said given internal communication network to be decapsulated and transmitted by the network device to said data communication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for handling illegal access data outside a given internal communication network, the method comprising:
-
receiving illegal access data transmitted from a data communication device placed outside the internal communication network for a purpose of illegally accessing the internal communication network; and taking countermeasures against the illegal access data received by a data center remotely located over the Internet from the internal network, wherein the countermeasures include providing a response pretending to originate from the internal communication network, the response being encapsulated by the data center and sent to a network device within said internal communication network to be decapsulated and transmitted by the network device to said data communication device. - View Dependent Claims (10, 11, 12)
-
-
13. A method for responding to unauthorized access packet to an internal communications network, comprising:
-
receiving an encapsulated unauthorized access packet at a data center placed outside the internal network, and wherein the unauthorized access packet is redirected from a target server residing within the internal network; analyzing the received packet to formulate a response packet; encapsulating the response packet so that it appears to originate from the target server; and sending the encapsulated response packet to a network device, wherein the network device is within the internal network, and wherein the network device decapsulates the encapsulated response packet and forwards the decapsulated packet to the source of the unauthorized access packet. - View Dependent Claims (14, 15, 16)
-
Specification