Propagation protection within a network

US 7,478,424 B2
Filed: 01/21/2005
Issued: 01/13/2009
Est. Priority Date: 11/30/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A computerized method for propagation protection within a network, the method comprising:

monitoring, by a transparent network appliance, data being transmitted from a first portion of the network to a second portion of the network through the network appliance;

analyzing, by the transparent network appliance, the data to determine whether the data represents a threat to the network;

transmitting, by the transparent network appliance, the data to the second portion of the network if the data does not represent a threat to the network or preventing transmission of the data to the second portion of the network if the data represents a threat to the network and transmitting, by the transparent network appliance, the data between the first portion of the network and the second portion of the network upon a failed or powerless condition of the transparent network appliance; and

establishing, by the transparent network appliance, one or more connection statistics on the data from the first portion of the network to the second portion of the network wherein the one or more connection statistics include at least one connection statistic not dependent on a threat.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described are methods and apparatus, including computer program products, for propagation protection within a network. A transparent network appliance monitors data being transmitted from a first portion of the network to a second portion of the network through the network appliance and analyzes the data to determine whether the data represents a threat to the network. The network appliance transmits the data to the second portion of the network if the data does not represent a threat to the network or prevents transmission of the data to the second portion of the network if the data represents a threat to the network.

64 Citations

View as Search Results

32 Claims

1. A computerized method for propagation protection within a network, the method comprising:
- monitoring, by a transparent network appliance, data being transmitted from a first portion of the network to a second portion of the network through the network appliance;
  
  analyzing, by the transparent network appliance, the data to determine whether the data represents a threat to the network;
  
  transmitting, by the transparent network appliance, the data to the second portion of the network if the data does not represent a threat to the network or preventing transmission of the data to the second portion of the network if the data represents a threat to the network and transmitting, by the transparent network appliance, the data between the first portion of the network and the second portion of the network upon a failed or powerless condition of the transparent network appliance; and
  
  establishing, by the transparent network appliance, one or more connection statistics on the data from the first portion of the network to the second portion of the network wherein the one or more connection statistics include at least one connection statistic not dependent on a threat.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20)
- - 2. The method of claim 1, further comprising generating an alert when the data represents a threat to the network.
  - 3. The method of claim 2, further comprising transmitting the alert to a management server.
  - 4. The method of claim 1, further comprising terminating a (Transmission Control Protocol) TCP session associated with the data if the data represents a threat to the network.
  - 5. The method of claim 1, wherein analyzing comprises comparing the data with known threat profiles.
  - 6. The method of claim 1, further comprising calculating current statistics associated with the data;
    - and comparing the current statistics with the established statistics.
  - 7. The method of claim 1, wherein the one or more connection statistics comprise a number of connections initiated by a host, a type of connection initiated by the host, or an amount of data transferred from or to the host.
  - 8. The method of claim 1, further comprising, receiving, by a management server, a message from the network appliance.
  - 9. The method of claim 8, wherein the message includes an event message, a resource message, or a statistics message.
  - 10. The method of claim 1, further comprising, receiving, by the network appliance, a message from a management server.
  - 11. The method of claim 10, wherein the message includes a pause message, a signature activation message, a signature update message, or a signature update package message.
  - 12. The method of claim 1, further comprising, assigning an Internet Protocol (IP) address to the network appliance.
  - 13. The method of claim 1, further comprising, remotely upgrading the network appliance.
  - 14. The method of claim 13, wherein remotely upgrading includes updating one or more threat profiles.
  - 15. The method of claim 13, wherein remotely upgrading includes updating one or more threat analysis methods.
  - 16. The method of claim 1, further comprising, enabling a user to restore the network appliance to factory defaults.
  - 17. The method of claim 1, further comprising, automatically resetting, by the network appliance, to a previous configuration upon a failed condition.
  - 18. The method of claim 1, further comprising, generating a Web interface to configure the network appliance to a specific configuration.
  - 20. The method of claim 1 wherein establishing further comprises establishing, by the transparent network appliance, one or more statistics comprising types of traffic established since a previous report established by the transparent network appliance, endpoints of connections of the data, and the amount of data sent through the transparent network appliance.

19. A transparent network appliance for propagation protection within a network, the network appliance comprising:
- a transparent network interface card configured to act as a bridge between a first portion of the network and a second portion of the network;
  
  a failsafe circuit configured to transmit data between the first portion of the network and the second portion of the network in a failed or powerless condition of the transparent network appliance;
  
  a data analyzer module tangibly embodied in electronic circuitry or a computer readable medium, the data analyzer module configured to analyze data transmitted from the first portion of the network to the second portion of the network to determine whether the data represents a threat to the network and to transmit the data to the second portion of the network if the data does not represent a threat to the network or prevent transmission of the data to the second portion of the network if the data represents a threat to the network and configured to establish one or more connection statistics on the data from the first portion of the network to the second portion of the network, wherein the one or more connection statistics include at least one connection statistic not dependent on a threat.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 29, 31)
- - 21. The network appliance of claim 19 wherein the failsafe circuit is further configured to monitor for a failed condition.
  - 22. The network appliance of claim 19 further comprising a memory device.
  - 23. The network appliance of claim 22 wherein the memory device comprises a compact flash card.
  - 24. The network appliance of claim 22 further comprising an extended CMOS device including a binary image of a Basic Input Output System (BIOS) of the network appliance tangibly embodied therein.
  - 25. The network appliance of claim 19 further comprising an interface configured to communicate with a management module tangibly embodied in electronic circuitry or a computer readable medium located external to the network appliance.
  - 26. The network appliance of claim 25 where the interface is associated with an Internet Protocol (IP) address.
  - 27. The network appliance of claim 19 further comprising a serial interface, including a software console to enable IP address assignment for the network appliance and to enable initialization of the network appliance.
  - 29. The network appliance of claim 19 wherein the data analyzer module is configured to establish one or more statistics comprising types of traffic established since a previous report established by the transparent network appliance, endpoints of connections of the data, and the amount of data sent through the transparent network appliance.
  - 31. The network appliance of claim 19 wherein the data analyzer module is configured to calculate current connection statistics associated with the data and compare the current connection statistics with the established connection statistics.

28. A computer program product, tangibly embodied in a machine-readable storage device, for propagation protection within a network, the computer program product including instructions being operable to cause a data processing apparatus to:
- monitor, by a transparent network appliance, data being transmitted from a first portion of the network to a second portion of the network through the network appliance;
  
  analyze, by the transparent network appliance, the data to determine whether the data represents a threat to the network;
  
  transmit, by the transparent network appliance, the data to the second portion of the network if the data does not represent a threat to the network or prevent transmission of the data to the second portion of the network if the data represents a threat to the network;
  
  establish, by the transparent network appliance, one or more connection statistics on the data from the first portion of the network to the second portion of the network, wherein the one or more connection statistics include at least one connection statistic not dependent on a threat; and
  
  transmit, by the transparent network appliance, the data between the first portion of the network and the second portion of the network upon a failed or powerless condition of the transparent network appliance.
- View Dependent Claims (30, 32)
- - 30. The computer product of claim 28 being operable to cause data processing apparatus to establish, by the transparent network appliance, one or more statistics comprising types of traffic established since a previous report established by the transparent network appliance, endpoints of connections of the data, and the amount of data sent through the transparent network appliance.
  - 32. The computer product of claim 28 being operable to cause data processing apparatus to calculate current connection statistics associated with the data and compare the current connection statistics with the established connection statistics.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cymtec Systems, Inc.
Original Assignee
Cymtec Systems, Inc.
Inventors
Mester, Michael L., Gunsalus, Bradley W.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
RAHIM, MONJUR

Application Number

US11/040,060
Publication Number

US 20060130142A1
Time in Patent Office

1,453 Days
Field of Search

726/6, 726/26, 713/153, 713/200, 713/201, 713/229, 709/229
US Class Current

726/11
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Propagation protection within a network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Propagation protection within a network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links