Network security system and method
First Claim
1. A network security system for controlling access to an inner data system, said network security system comprising:
- an examination module for receiving a user access request to enter the inner data system, the user access request including a user name and password, checking the validity of the user name and password by the examination module, and generating an examination result that includes control instructions generated as a function of said checking;
a redirect system for receiving and executing the control instructions generated by the examination module, wherein the control instructions will instruct the redirect system to transfer the user into the inner data system if the examination result shows that the user name and password are valid; and
a reaction system for receiving the user access request from the redirect system when the examination result shows that the password is not valid, the reaction system being configured to respond to the user access request by providing response content which includes virtual data that has the same format as information contained within the inner data system,wherein the reaction system is further configured to record at least one successive action after the response content is transmitted from the reaction system,wherein the reaction system is further configured to execute one or more reaction programs designed to trace the IP address from which the user access request originated, and to send a Trojan code to the IP address from which the user access request originated, andwherein users are permitted only a limited number of attempts for the password, and according to the number of attempts at the password, the redirect system will direct an authorized user to an operating system associated with the inner data system and will direct an unauthorized user to the redirect system.
0 Assignments
0 Petitions
Accused Products
Abstract
A network security system and method for reacting to unauthorized data access in an inner data system by combining a redirect system is described. The examples of the redirect system include modified firewalls, IP sharing devices and gateways with examining mechanism. A user request is transmitted to the inner data system via the redirect system if the user request satisfies a certain safety condition. Otherwise, the user request is transmitted to a reaction system which provides virtual data similar to real data so that unauthorized users have the illusion of successfully hacking the inner data system. Meanwhile, the illegal activities are recorded and certain programs like Trojan programs can be used for executing reactions.
-
Citations
10 Claims
-
1. A network security system for controlling access to an inner data system, said network security system comprising:
-
an examination module for receiving a user access request to enter the inner data system, the user access request including a user name and password, checking the validity of the user name and password by the examination module, and generating an examination result that includes control instructions generated as a function of said checking; a redirect system for receiving and executing the control instructions generated by the examination module, wherein the control instructions will instruct the redirect system to transfer the user into the inner data system if the examination result shows that the user name and password are valid; and a reaction system for receiving the user access request from the redirect system when the examination result shows that the password is not valid, the reaction system being configured to respond to the user access request by providing response content which includes virtual data that has the same format as information contained within the inner data system, wherein the reaction system is further configured to record at least one successive action after the response content is transmitted from the reaction system, wherein the reaction system is further configured to execute one or more reaction programs designed to trace the IP address from which the user access request originated, and to send a Trojan code to the IP address from which the user access request originated, and wherein users are permitted only a limited number of attempts for the password, and according to the number of attempts at the password, the redirect system will direct an authorized user to an operating system associated with the inner data system and will direct an unauthorized user to the redirect system. - View Dependent Claims (2, 3, 4)
-
-
5. A network security system for controlling access to an inner data system, said network security system comprising:
-
an examination module for receiving a user access request to enter the inner data system, the user access request including an identification code that identifies a device from which the user access request originated and also including a password, the examination module checking the validity of the password and generating an examination result that includes control instructions generated as a function of said determination; a redirect system for receiving and executing the control instructions generated by the examination module, wherein the control instructions will instruct the redirect system to transfer the user into the inner data system if the examination result indicates that the password is valid; and a reaction system for receiving the user access request from the redirect system when the control instructions indicate that a predetermined plural number of user access requests included the same identification code and incorrect passwords, the reaction system being configured to include virtual data that has the same format as information contained within the inner data system, wherein users are permitted only a limited number of attempts for the password, and according to the number of attempts at the password, the redirect system will direct an authorized user to an operating system associated with the inner data system and will direct an unauthorized user to the redirect system and send a Trojan code to the unauthorized user. - View Dependent Claims (6, 7)
-
-
8. A network security system for controlling access to an inner data system, said network security system comprising:
-
a reaction system that includes virtual data that has the same format as information contained within the inner data system; an examination module for receiving a user access request to enter the inner data system, the user access request including an identification code that identifies a device from which the user access request originated and also including a password, the examination module checking the validity of the password and generating an examination result that includes control instructions generated as a function of said determination; and a redirect system for receiving and executing the control instructions generated by the examination module, wherein the control instructions will instruct the redirect system to transfer the user access request to the inner data system if the examination result indicates that the password is valid or to transfer the user access request to the reaction system and send a Trojan code to the device from which the user access request originated if the control instructions indicate that a predetermined plural number of user access requests included the same identification code and incorrect passwords. - View Dependent Claims (9, 10)
-
Specification