Systems and methods for implementing protocol enforcement rules

US 7,774,832 B2
Filed: 12/06/2005
Issued: 08/10/2010
Est. Priority Date: 06/10/2002
Status: Active Grant

First Claim

Patent Images

1. A protocol management system coupled with a local network, the local network interfaced with an external network, the protocol management system comprising:

a computing device comprising a protocol enforcer configured to identify a protocol of each of a plurality of messages exiting an enterprise network, the protocol enforcer comprising;

a plurality of protocol inspectors each configured to inspect packets of the plurality of messages exiting the enterprise network, each of the plurality of protocol inspectors including a state machine configured to execute a plurality of inspection primitives, each of the plurality of inspection primitives configured to analyze a particular packet for one type of signature or pattern; and

a protocol inspection manager configured to merge the state machines for each of the plurality of protocol inspectors into a composite state machine to identify the protocol of each of the plurality of messages; and

a protocol state machine configured to maintain the state of all connections of interest; and

a protocol gateway, wherein the protocol enforcer is configured to forward to the protocol gateway selected ones of the plurality of messages having a select protocol that matches one of a plurality of predetermined protocols, and wherein the protocol gateway is configured to apply at least one policy rule which restricts usage of the select protocol based on an identity of a particular user.

View all claims

30 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A protocol management system is capable of detecting certain message protocols and applying policy rules to the detected message protocols that prevent intrusion, or abuse, of a network'"'"'s resources. In one aspect, a protocol message gateway is configured to apply policy rules to high level message protocols, such as those that reside at layer 7 of the ISO protocol stack.

107 Citations

View as Search Results

18 Claims

1. A protocol management system coupled with a local network, the local network interfaced with an external network, the protocol management system comprising:
- a computing device comprising a protocol enforcer configured to identify a protocol of each of a plurality of messages exiting an enterprise network, the protocol enforcer comprising;
  
  a plurality of protocol inspectors each configured to inspect packets of the plurality of messages exiting the enterprise network, each of the plurality of protocol inspectors including a state machine configured to execute a plurality of inspection primitives, each of the plurality of inspection primitives configured to analyze a particular packet for one type of signature or pattern; and
  
  a protocol inspection manager configured to merge the state machines for each of the plurality of protocol inspectors into a composite state machine to identify the protocol of each of the plurality of messages; and
  
  a protocol state machine configured to maintain the state of all connections of interest; and
  
  a protocol gateway, wherein the protocol enforcer is configured to forward to the protocol gateway selected ones of the plurality of messages having a select protocol that matches one of a plurality of predetermined protocols, and wherein the protocol gateway is configured to apply at least one policy rule which restricts usage of the select protocol based on an identity of a particular user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The protocol management system of claim 1, wherein each of plurality of protocol inspectors has knowledge of only a single network protocol.
  - 3. The protocol management system of claim 1, wherein each of the plurality of protocol inspectors is further configured to examine a header of a packet using the inspection primitives within the associated state machine.
  - 4. The protocol management system of claim 1, wherein each of the plurality of protocol inspectors is further configured to examine a data segment of each packet using the inspection primitives within the associated state machine.
  - 5. The protocol management system of claim 1, wherein each inspection primitive is configured to return a result, wherein each of the results can include success, failure, and not applicable.
  - 6. The protocol management system of claim 5, wherein each of the results is mapped to a state or an exit code.
  - 7. The protocol management system of claim 1, wherein the result of the analysis by each of the inspection primitives determines which inspection primitive within the state machine is executed next or if the protocol has been identified.
  - 8. The protocol management system of claim 1, wherein each state machine associated with the plurality of protocol inspectors comprises between 10 and 100 inspection primitives.
  - 9. The protocol management system of claim 1, wherein the protocol inspection manager is configured to remove any duplicate states from the composite state machine.
  - 10. The protocol management system of claim 1, further comprising a tokenizer configured to identify a specified sequence of bytes within each packet.
  - 11. The protocol management system of claim 10, wherein the tokenizer is configured to inform the protocol inspection manger when it has identified the specified sequence of bytes.
  - 12. The protocol management system of claim 10, wherein the protocol inspection manager is configured to inform the tokenizer of the specified sequence of bytes.
  - 13. The protocol management system of claim 10, wherein the tokenizer is configured to perform a single pass, lexigraphical scan of each packet when instructed to do so by the protocol inspection manager.
  - 14. The protocol management system of claim 1, wherein the select protocol comprises an instant messaging protocol.
  - 15. The protocol management system of claim 1, wherein the select protocol comprises a peer-to-peer protocol.
  - 16. The protocol management system of claim 1, wherein the select protocol comprises a file sharing protocol.
  - 17. The protocol management system of claim 1, further comprising a firewall device, wherein the protocol enforcer is configured to passively listen to the plurality of messages exiting the enterprise network through the firewall device.
  - 18. The protocol management system of claim 1, wherein restricting usage of the select protocol comprises limiting a number of messages that can be sent by the particular user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Quest Software, Inc.
Inventors
Scott, Robert, Nielsen, Mary, Poling, Robert
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
POGMORE, TRAVIS D

Application Number

US11/294,739
Publication Number

US 20070124577A1
Time in Patent Office

1,708 Days
Field of Search

726 11- 14, 709223-225, 709/229, 370/392
US Class Current

726/12
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

Systems and methods for implementing protocol enforcement rules

First Claim

30 Assignments

0 Petitions

Accused Products

Abstract

107 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for implementing protocol enforcement rules

First Claim

30 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links