Method and systems for securing remote access to private networks
First Claim
Patent Images
1. A method of routing packets, the method comprising:
- (a) intercepting, at a data link layer by a filter executing in a kernel space of a client operating in a first network, an outbound network packet transmitted from an application of the client to a server, the server operating in a second network, the filter terminating a first transport layer connection with the application;
(b) transmitting , by the filter, the outbound network packet to a port monitored by a client application at an application layer executing in a user space of the client, the client application terminating a second transport layer connection with a gateway and communicating with the gateway via a secure application layer tunnel over the second transport layer connection;
(c) receiving, by the gateway, the outbound network packet via the secure application layer tunnel over the second transport layer connection from the client application;
(d) forwarding, by the gateway via a third transport layer connection with the server, the outbound network packet to the server; and
(e) intercepting at a data link layer by a capture driver executing in the gateway, a second network packet transmitted from the server to the client.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for securing remote access to private networks includes a receiver intercepting from a data link layer a packet in a first plurality of packets destined for a first system on a private network. A filter intercepts from the data link layer a packet in a second plurality of packets transmitted from a second system on the private network, destined for an system on a second network. A transmitter in communication with the receiver and the filter performing a network address translation on at least one intercepted packet and transmitting the at least one intercepted packet to a destination.
753 Citations
23 Claims
-
1. A method of routing packets, the method comprising:
-
(a) intercepting, at a data link layer by a filter executing in a kernel space of a client operating in a first network, an outbound network packet transmitted from an application of the client to a server, the server operating in a second network, the filter terminating a first transport layer connection with the application; (b) transmitting , by the filter, the outbound network packet to a port monitored by a client application at an application layer executing in a user space of the client, the client application terminating a second transport layer connection with a gateway and communicating with the gateway via a secure application layer tunnel over the second transport layer connection; (c) receiving, by the gateway, the outbound network packet via the secure application layer tunnel over the second transport layer connection from the client application; (d) forwarding, by the gateway via a third transport layer connection with the server, the outbound network packet to the server; and (e) intercepting at a data link layer by a capture driver executing in the gateway, a second network packet transmitted from the server to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system of routing packets, the system comprising
a filter executing in a kernel space of a client device operating in a first network, the filter intercepting at a data link layer an outbound network packet transmitted from an application of the client device to a server operating in a second network, and transmitting the outbound network packet to a port monitored by a client application at an application layer executing in a user space of the client device, the filter terminating a first transport layer connection with the application; - and
a gateway comprising; a processor, receiving the outbound network packet from the client application via a secure application layer tunnel over a second transport layer connection terminated by the client application, and forwarding the outbound network packet to the server via a third transport layer connection with the server, and a capture driver intercepting at a data link layer a second network packet transmitted from the server to the client device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- and
Specification