Multi-method gateway-based network security systems and methods
First Claim
Patent Images
1. A method comprising:
- receiving, at a network device, a plurality of packets;
inspecting, by the network device, the plurality of packets to determine whether the plurality of packets includes information indicative of a security breach,inspecting the plurality of packets including;
inspecting the plurality of packets to identify one or more protocol irregularities, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more protocol irregularities,after inspecting the plurality of packets to identify the one or more protocol irregularities and when the plurality of packets does not include the one or more protocol irregularities;
inspecting the plurality of packets to identify one or more attack signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more attack signatures, andafter inspecting the plurality of packets to identify the one or more attack signatures and when the plurality of packets does not include the one or more attack signatures;
inspecting the plurality of packets to identify one or more traffic signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more traffic signatures;
dropping, by the network device, at least one packet of the plurality of packets when the at least one packet includes the information indicative of the security breach; and
forwarding, by the network device, the at least one packet when the at least one packet does not include the information indicative of the security breach.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.
136 Citations
37 Claims
-
1. A method comprising:
-
receiving, at a network device, a plurality of packets; inspecting, by the network device, the plurality of packets to determine whether the plurality of packets includes information indicative of a security breach, inspecting the plurality of packets including; inspecting the plurality of packets to identify one or more protocol irregularities, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more protocol irregularities, after inspecting the plurality of packets to identify the one or more protocol irregularities and when the plurality of packets does not include the one or more protocol irregularities; inspecting the plurality of packets to identify one or more attack signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more attack signatures, and after inspecting the plurality of packets to identify the one or more attack signatures and when the plurality of packets does not include the one or more attack signatures; inspecting the plurality of packets to identify one or more traffic signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more traffic signatures; dropping, by the network device, at least one packet of the plurality of packets when the at least one packet includes the information indicative of the security breach; and forwarding, by the network device, the at least one packet when the at least one packet does not include the information indicative of the security breach. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
a device to; receive a plurality of packets; inspect the plurality of packets to determine whether the plurality of packets includes information indicative of a security breach, when inspecting the plurality of packets, the device is to; inspect the plurality of packets to identify one or more protocol irregularities, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more protocol irregularities, after inspecting the plurality of packets to identify the one or more protocol irregularities and when the plurality of packets does not include the one or more protocol irregularities; inspect the plurality of packets to identify one or more attack signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more attack signatures, and after inspecting the plurality of packets to identify the one or more attack signatures and when the plurality of packets does not include the one or more attack signatures; inspect the plurality of packets to identify one or more traffic signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more traffic signatures; drop at least one packet of the plurality of packets when the at least one packet includes the information indicative of the security breach; and forward the at least one packet when the at least one packet does not include the information indicative of the security breach. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
19. A non-transitory computer-readable medium comprising:
a plurality of instructions which, when executed by a device, causes the device to; receive a plurality of packets; inspect the plurality of packets to determine whether the plurality of packets includes information indicative of a security breach, one or more instructions, of the plurality of instructions, to inspect the plurality of packets including; one or more instructions to inspect the plurality of packets to identify one or more protocol irregularities, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more protocol irregularities, after inspecting the plurality of packets to identify the one or more protocol irregularities and when the plurality of packets does not include the one or more protocol irregularities; one or more instructions to inspect the plurality of packets to identify one or more traffic signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more traffic signatures, and after inspecting the plurality of packets to identify the one or more traffic signatures and when the plurality of packets does not include the one or more traffic signatures; one or more instructions to inspect the plurality of packets to identify one or more attack signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more attack signatures; drop at least one packet of the plurality of packets when the at least one packet includes the information indicative of the security breach; and forward the at least one packet when the at least one packet does not include the information indicative of the security breach. - View Dependent Claims (20, 21, 22, 23, 24)
-
25. A device comprising:
at least one processor to; receive a plurality of packets; inspect the plurality of packets to determine whether the plurality of packets includes information indicative of a security breach, when inspecting the plurality of packets, the at least one processor is to; inspect the plurality of packets to identify one or more protocol irregularities, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more protocol irregularities, when the plurality of packets does not include the one or more protocol irregularities; inspect the plurality of packets to identify one or more traffic signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more traffic signatures, and when the plurality of packets does not include the one or more traffic signatures; inspect the plurality of packets to identify one or more attack signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more attack signatures; drop at least one packet of the plurality of packets when the at least one packet includes the information indicative of the security breach; and forward the at least one packet when the at least one packet does not include the information indicative of the security breach. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33)
-
34. A method comprising:
-
receiving, at a network device, a plurality of packets; inspecting, by the network device, the plurality of packets to determine whether the plurality of packets includes information indicative of a security breach, inspecting the plurality of packets including; inspecting the plurality of packets to identify one or more attack signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more attack signatures, when the plurality of packets does not include the one or more attack signatures; inspecting the plurality of packets to identify one or more protocol irregularities, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more protocol irregularities, and when the plurality of packets does not include the one or more protocol irregularities; inspecting the plurality of packets to identify one or more traffic signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more traffic signatures; dropping, by the network device, at least one packet of the plurality of packets when the at least one packet includes the information indicative of the security breach; and forwarding, by the network device, the at least one packet when the at least one packet does not include the information indicative of the security breach. - View Dependent Claims (35)
-
-
36. A method comprising:
-
receiving, at a network device, a plurality of packets; inspecting, by the network device, the plurality of packets to determine whether the plurality of packets includes information indicative of a security breach, inspecting the plurality of packets including; inspecting the plurality of packets to identify one or more traffic signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more traffic signatures, when the plurality of packets does not include the one or more traffic signatures; inspecting the plurality of packets to identify one or more protocol irregularities, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more protocol irregularities, and when the plurality of packets does not include the one or more protocol irregularities; inspecting the plurality of packets to identify one or more attack signatures, associated with the plurality of packets, to determine whether the plurality of packets includes the information indicative of the security breach, without a user request to inspect the plurality of packets to identify the one or more attack signatures; dropping, by the network device, at least one packet of the plurality of packets when the at least one packet includes the information indicative of the security breach; and forwarding, by the network device, the at least one packet when the at least one packet does not include the information indicative of the security breach. - View Dependent Claims (37)
-
Specification