Method and apparatus to secure a computing environment

US 7,797,752 B1
Filed: 12/17/2003
Issued: 09/14/2010
Est. Priority Date: 12/17/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A surround security system embodied on a tangible and non-transitory computer readable storage medium including instructions executable by a processor associated with a computer system, the surround security system comprising:

a packet enforcement engine to screen packets, using at least one of a plurality of packet enforcement evaluators comprising a network firewall, a network intrusion detection system, a packet filter, and a session monitor, to and from a network and a TCP/IP stack of the computer system and to transmit acceptable packets to and from the network and the TCP/IP stack;

an application enforcement engine to screen packets, using at least one of a plurality of application enforcement evaluators comprising an application firewall, an application intrusion detection system, a content filter, and a URL blocking engine, to and from the TCP/IP stack and an applications programming interface on the computer system and to transmit acceptable packets to and from the TCP/IP stack and applications;

a smart packet forwarder integrally coupled with both the packet enforcement engine and the application enforcement engine to forward only the acceptable packets through the TCP/IP stack to the application programming interface or network;

wherein the smart packet forwarder is configured to determine which of the plurality of packet enforcement evaluators and application enforcement evaluators should evaluate a packet;

the plurality of packet enforcement evaluators and application enforcement evaluators evaluate the packet and discard the packet if the packet meets certain criteria;

an application controller integrally coupled to the smart packet forwarder to prohibit certain applications from running based on the results of the packets screened by the packet enforcement engine and the application enforcement engine;

a file monitor to verify integrity of operating system files on the computer system; and

a vulnerability scanner to ensure that, the operating system installed on the computer system complies with a set level of security;

the surround security system providing security which protects accesses through the TCP/IP stack for applications, and operating system of the computer system;

wherein the packet enforcement engine, application enforcement engine, file monitor and vulnerability scanner are configured to operate at one or more layers below an applications layer of the computer system.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for a surround security system is provided. The surround security system is embodied on a computer readable medium and includes a packet enforcement engine to screen packets to and from the network and a TCP/IP stack, an application enforcement engine to screen packets to and from the TCP/IP stack and applications on the computer system, a file monitor to verify integrity of files on the computer system and a vulnerability scanner to ensure that the computer system complies with a set level of security. The surround security system provides security which protects accesses through the TCP/IP stack for applications, and an operating system of the computer system.

128 Citations

View as Search Results

25 Claims

1. A surround security system embodied on a tangible and non-transitory computer readable storage medium including instructions executable by a processor associated with a computer system, the surround security system comprising:
- a packet enforcement engine to screen packets, using at least one of a plurality of packet enforcement evaluators comprising a network firewall, a network intrusion detection system, a packet filter, and a session monitor, to and from a network and a TCP/IP stack of the computer system and to transmit acceptable packets to and from the network and the TCP/IP stack;
  
  an application enforcement engine to screen packets, using at least one of a plurality of application enforcement evaluators comprising an application firewall, an application intrusion detection system, a content filter, and a URL blocking engine, to and from the TCP/IP stack and an applications programming interface on the computer system and to transmit acceptable packets to and from the TCP/IP stack and applications;
  
  a smart packet forwarder integrally coupled with both the packet enforcement engine and the application enforcement engine to forward only the acceptable packets through the TCP/IP stack to the application programming interface or network;
  
  wherein the smart packet forwarder is configured to determine which of the plurality of packet enforcement evaluators and application enforcement evaluators should evaluate a packet;
  
  the plurality of packet enforcement evaluators and application enforcement evaluators evaluate the packet and discard the packet if the packet meets certain criteria;
  
  an application controller integrally coupled to the smart packet forwarder to prohibit certain applications from running based on the results of the packets screened by the packet enforcement engine and the application enforcement engine;
  
  a file monitor to verify integrity of operating system files on the computer system; and
  
  a vulnerability scanner to ensure that, the operating system installed on the computer system complies with a set level of security;
  
  the surround security system providing security which protects accesses through the TCP/IP stack for applications, and operating system of the computer system;
  
  wherein the packet enforcement engine, application enforcement engine, file monitor and vulnerability scanner are configured to operate at one or more layers below an applications layer of the computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The surround security system of claim 1, wherein the vulnerability scanner comprises:
    - a profile including identification of versions of various applications on the computer system;
      
      a server interactor to use the profile to obtain relevant patches from a remote server; and
      
      a patch installation logic to install the relevant patches.
  - 3. The surround security system of claim 2, wherein the profile includes identification of an operating system version.
  - 4. The surround security system of claim 2, wherein the profile includes a list of installed patches.
  - 5. The surround security system of claim 2, wherein the vulnerability scanner is triggered periodically.
  - 6. The surround security system of claim 5, wherein the vulnerability scanner is triggered by one or more of the following:
    - a preset period having elapsed, rebooting the computer system, connection of the computer system to a network, or installation of a new application.
  - 7. The surround security system of claim 1, wherein the vulnerability scanner comprises:
    - a settings vulnerability scanner to ensure that a password and other settings on the computer system comply with preset security levels.
  - 8. The surround security system of claim 7, wherein the preset security levels indicate a length of an acceptable password and a frequency to change the password.
  - 9. The surround security system of claim 1, wherein the file monitor comprises:
    - a real time monitor to monitor active files and processes; and
      
      a periodic monitor to ensure that the computer system files have not been maliciously altered.
  - 10. The surround security system of claim 9, wherein the real time monitor monitors one or more of the following:
    - memory use, CPU use, process spawning, active executable files, and active DLL files.
  - 11. The surround security system of claim 9, wherein the periodic monitor monitors one or more of the following:
    - registry, versions of DLL files, executables, and other files.
  - 12. The surround security system of claim 1, further comprising:
    - a file encryption module to provide additional security by enabling encryption of files including application files.
  - 13. The surround security system of claim 1, wherein the packet enforcement engine comprises:
    - an intelligent packet router to determine which of a plurality of evaluators should evaluate a packet; and
      
      the plurality of evaluators to evaluate the packet and discard the packet if the packet meets certain criteria.
  - 14. The surround security system of claim 13, wherein the packet enforcement engine further comprises:
    - an encryption engine to encrypt and decrypt packets for sending over a virtual private network (VPN), the encryption engine coupled to the packet router.
  - 15. The surround security system of claim 13, wherein the evaluators comprise one or more of the following:
    - a network firewall, a network intrusion detection system, a packet filter, and a session monitor.
  - 16. The surround security system of claim 13, wherein the evaluator further comprises a bypass, the bypass to permit packets associated with an established and verified session to bypass the evaluators.
  - 17. The surround security system of claim 1, wherein the application enforcement engine comprises:
    - an application intelligent packet router to route packets to one of a plurality of Application sensitive filters;
      
      a plurality of Application sensitive filters to discard packets that meet particular criteria.
  - 18. The surround security system of claim 17, wherein the Application sensitive filters comprise one or more of the following:
    - an application firewall, an application intrusion detection system, a content filter, and a URL blocking engine.
  - 19. The surround security system of claim 1, further comprising:
    - a command/configuration/feedback logic to use a messaging system to send configuration information to the surround security system.
  - 20. The surround security system of claim 19, wherein the messaging system comprises one of the following:
    - an email component of the surround security system, an email application, and an instant messaging application.
  - 21. The surround security system of claim 20, further comprising:
    - a filter to filter out messages including the configuration information, such that the configuration information is transmitted transparently to the user.
  - 22. The surround security system of claim 19, further comprising:
    - a message constructor to construct a message including log data, and return the message to a server.
  - 23. The surround security system of claim 22, wherein the message constructor is further configured to intercept traffic to the server and insert a new message containing the logs.
  - 24. The surround security system of claim 22, wherein the logs comprise one or more of the following:
    - status information, alerts, status, currently used configuration data, and other information requested by the management system.
  - 25. A method of implementing a surround security system of claim 1 comprising:
    - scanning packets between the network and the TCP/IP stack for security;
      
      scanning packets between the TCP/IP stack of the computer system and the operating system and applications of the computer system for security, to permit only accepted applications to access the network, the accepted applications derived by;
      
      recording use of the computer system during a period, and permitting only those applications that were indicated as acceptable during the period to access the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
RPX Corporation
Inventors
Vaidya, Vimal, Lennartsson, Kurt U., Myung, John C.
Primary Examiner(s)
LaForgia, Christian
Assistant Examiner(s)
Turchen, James

Application Number

US10/739,552
Time in Patent Office

2,463 Days
Field of Search

726/13, 726/14, 726/15, 726/23, 726/24, 726/27, 726/11, 717/170, 717/172
US Class Current

726/27
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

Method and apparatus to secure a computing environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

128 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus to secure a computing environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others