Systems and methods for implementing protocol enforcement rules
First Claim
Patent Images
1. A protocol management system coupled with a local network, the local network interfaced with an external network, the protocol management system comprising:
- a computing device comprising a protocol enforcer configured to identify a protocol of each of a plurality of messages exiting an enterprise network, the protocol enforcer comprising;
a plurality of protocol inspectors each configured to inspect packets of the plurality of messages exiting the enterprise network, each of the plurality of protocol inspectors including a state machine configured to execute a plurality of inspection primitives, each of the plurality of inspection primitives configured to analyze a particular packet for one type of signature or pattern; and
a protocol inspection manager configured to merge the state machines for each of the plurality of protocol inspectors into a composite state machine to identify the protocol of each of the plurality of messages; and
a protocol state machine configured to maintain the state of all connections of interest; and
a protocol gateway, wherein the protocol enforcer is configured to forward to the protocol gateway selected ones of the plurality of messages having a select protocol that matches one of a plurality of predetermined protocols, and wherein the protocol gateway is configured to apply at least one policy rule which restricts usage of the select protocol based on an identity of a particular user.
30 Assignments
0 Petitions
Accused Products
Abstract
A protocol management system is capable of detecting certain message protocols and applying policy rules to the detected message protocols that prevent intrusion, or abuse, of a network'"'"'s resources. In one aspect, a protocol message gateway is configured to apply policy rules to high level message protocols, such as those that reside at layer 7 of the ISO protocol stack.
107 Citations
18 Claims
-
1. A protocol management system coupled with a local network, the local network interfaced with an external network, the protocol management system comprising:
-
a computing device comprising a protocol enforcer configured to identify a protocol of each of a plurality of messages exiting an enterprise network, the protocol enforcer comprising; a plurality of protocol inspectors each configured to inspect packets of the plurality of messages exiting the enterprise network, each of the plurality of protocol inspectors including a state machine configured to execute a plurality of inspection primitives, each of the plurality of inspection primitives configured to analyze a particular packet for one type of signature or pattern; and a protocol inspection manager configured to merge the state machines for each of the plurality of protocol inspectors into a composite state machine to identify the protocol of each of the plurality of messages; and a protocol state machine configured to maintain the state of all connections of interest; and a protocol gateway, wherein the protocol enforcer is configured to forward to the protocol gateway selected ones of the plurality of messages having a select protocol that matches one of a plurality of predetermined protocols, and wherein the protocol gateway is configured to apply at least one policy rule which restricts usage of the select protocol based on an identity of a particular user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification