Method for improving security of computer networks
First Claim
1. A method of preventing unauthorized user access to a computer network, comprising:
- receiving a domain name server resolution request at the computer network from a requesting user;
replying to the requesting user with a domain name server resolution and internet protocol address of a target device within the computer network;
inspecting the reply to the requesting user with a network security device, where the network security device does not have an assigned internet protocol address;
monitoring data traffic to the computer network with the network security device to detect a reply to the internet protocol address of the target device from the requesting user;
intercepting the reply to the internet protocol address of the target device from the requesting user with the network security device wherein the reply to the internet protocol address of the target device from the requesting user is received by the network security device; and
verifying that the requesting user is authorized to access the computer network with the network security device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of preventing unauthorized user access to a computer network has been developed. The method includes receiving a domain name server resolution request at the computer network from a requesting user. Next a reply to the requesting user is generated with a domain name server resolution and internet protocol address of a target device within the computer network. The reply is inspected with a network security device, where the network security device does not have an assigned internet protocol address so that it remains undetected by the requesting user. The network security device then monitors data traffic to the computer network to detect a reply from the requesting user. Once detected, the reply to the internet protocol address is intercepted with the network security device. Finally, the network security device verifies that the requesting user is authorized to access the computer network with the network security device.
77 Citations
7 Claims
-
1. A method of preventing unauthorized user access to a computer network, comprising:
-
receiving a domain name server resolution request at the computer network from a requesting user; replying to the requesting user with a domain name server resolution and internet protocol address of a target device within the computer network; inspecting the reply to the requesting user with a network security device, where the network security device does not have an assigned internet protocol address; monitoring data traffic to the computer network with the network security device to detect a reply to the internet protocol address of the target device from the requesting user; intercepting the reply to the internet protocol address of the target device from the requesting user with the network security device wherein the reply to the internet protocol address of the target device from the requesting user is received by the network security device; and verifying that the requesting user is authorized to access the computer network with the network security device. - View Dependent Claims (2, 3, 4)
-
-
5. A method of preventing unauthorized user access to a computer network, comprising:
-
step for receiving an access request to a destination on the computer network from a requesting user; step for replying to the access request with an internet protocol address of the destination within the computer network; step for inspecting the reply to the requesting user with a network security device, where the network security device does not have an assigned internet protocol address; step for storing the internet protocol address at the network security device; step for sending the reply to the requesting user; step for detecting a reply from the requesting user with the network security device, with the reply from the requesting user specifying the internet protocol address as its destination; step for intercepting the reply from the requesting user with the network security device without transmitting the reply from the requesting user to the destination; step for sending a reply to the reply from the requesting user so that it appears to the requesting user that a connection has been established with the internet protocol address within the computer network; and step for verifying that the requesting user is authorized to access the computer network with the network security device. - View Dependent Claims (6, 7)
-
Specification