Improving security of data communications networks
First Claim
1. A communications security system to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, comprising:
- a server, connected to the untrustworthy network, configured to maintain a plurality of protection rules, each of which, when applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions; and
a portal, connected between the untrustworthy network and the trusted network, that is configured to;
cooperate with the server to transfer the plurality of protection rules from the server to the portal via the untrustworthy network;
receive a communication transaction from the untrustworthy network for transfer to the trustworthy network;
apply one or more of the protection rules to the received communication transaction; and
selectively transfer to the server at least a portion of the received communication transaction via the untrustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions.
7 Assignments
0 Petitions
Accused Products
Abstract
A FireNet security system in which trustworthy networks, called BlackNets, each comprising One (1) or more client computers, are protected by FireBreaks against attacks from untrustworthy networks, called RedNets. All incoming transactions from the RedNet are examined by the FireBreak to determine if they violate any of a plurality of protection rules stored in a local protection rules database. Any transaction found to be in violation is discarded. Valid transactions are forwarded to the BlackNet. If an otherwise valid transaction is found to be suspicious, the FireBreak will forward to a FireNet Server relevant information relating to that transaction. If the FireNet Server verifies that the transaction is indeed part of an attack, the FireNet Server will create new protection rules suitable to defend against the newly identified source or strategy of attack. Periodically, all FireBreaks in the FireNet system will transfer, directly or indirectly, all new rules.
-
Citations
26 Claims
-
1. A communications security system to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, comprising:
-
a server, connected to the untrustworthy network, configured to maintain a plurality of protection rules, each of which, when applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions; and a portal, connected between the untrustworthy network and the trusted network, that is configured to; cooperate with the server to transfer the plurality of protection rules from the server to the portal via the untrustworthy network; receive a communication transaction from the untrustworthy network for transfer to the trustworthy network; apply one or more of the protection rules to the received communication transaction; and selectively transfer to the server at least a portion of the received communication transaction via the untrustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions. - View Dependent Claims (2, 3, 4)
-
-
5. A portal for use in a communications security system to selectively transfer a communication transaction in accordance with a protection rule maintained by a server, the portal having a computer-readable storage medium storing computer-executable instructions that, when executed, perform a method comprising:
-
receiving the protection rule from the server; receiving the communication transaction; applying the protection rule to the received communication transaction; preventing the transfer of the received communication transaction if required by the protection rule; and selectively transferring to the server at least a portion of the received communication transaction even if the protection rule allows transfer of the received communication transaction. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A communications security method performed by a portal having a processor wherein the portal selectively transfers a communication transaction in accordance with a first protection rule maintained by a server, comprising:
-
receiving the first protection rule from the server; receiving the communication transaction; applying the first protection rule to the communication transaction; preventing the transfer of the communication transaction if required by the first protection rule; selectively transferring to the server at least a portion of the communication transaction even if the first protection rule allows transfer of the communication transaction; and causing the server to selectively create a second protection rule in response to the portion of the communication transaction.
-
-
14. A communications security method, comprising:
-
transferring a first protection rule to a portal; receiving from the portal, upon application by the portal of the first protection rule, at least a portion of a communication transaction the portal received from a device of an untrustworthy network; determining whether a second protection rule should be created based on the received portion of a communication transaction; and if the second protection rule should be created, creating the second protection rule; and transferring the created second protection rule to the portal. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A communications security system to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, comprising:
a portal, connected between the untrustworthy network and the trusted network, that is configured to; cooperate with a server to transfer the plurality of protection rules from the server to the portal via the untrustworthy network, wherein the server is connected to the untrustworthy network and is configured to maintain a plurality of protection rules, each of which, if applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions; receive a communication transaction from the untrustworthy network for transfer to the trustworthy network; apply one or more of the protection rules to the received communication transaction; and selectively transfer to the server at least a portion of the received communication transaction via the untrustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions.
-
24. A communications security system to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, comprising:
a server, connected to the untrustworthy network, configured to; maintain a plurality of protection rules, each of which, when applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions; and receive a portion of a communication transaction received by a portal and determined by the portal to be a respective one of selected communication transactions determine whether the communication transaction is part of an attack; and
if the communication transaction is part of an attack, create a new protection rule based on the communication transaction.
-
25. A computer-readable storage medium storing computer-executable instructions, the instructions comprising:
-
receiving a protection rule from a server; receiving a communication transaction; applying the protection rule to the received communication transaction; preventing transfer of the received communication transaction if required by the protection rule; and selectively transferring to the server at least a portion of the received communication transaction even if the protection rule allows transfer of the received communication transaction.
-
-
26. A computer-readable storage medium storing computer- executable instructions, the instructions comprising:
-
transferring a first protection rule to a portal; receiving from the portal, upon application by the portal of the first protection rule, at least a portion of a communication transaction the portal received from a device of an untrustworthy network determining whether a second protection rule should be created based on the received portion of a communication transaction; and if the second protection rule should be created, creating the second protection rule; and
transferring the created second protection rule to the portal.
-
Specification