Trusted network interface
First Claim
Patent Images
1. A method for operating a trusted network interface for monitoring network traffic passing through a plurality of network security appliances, comprising:
- receiving, at a management system, warrant information that is derived from a judicial warrant, and comprises;
a judicially executable action that is executable only with approval, wherein the judicially executable action includes authorization for participating in a denial of service attack;
an approval from the judicial warrant to execute the judicially executable action; and
an identification of at least some of the plurality of network security appliances each to execute the judicially executable action;
wherein the judicial warrant satisfies legal requirements approving an act to be performed;
generating a control command instructing the at least some of the plurality of network security appliances identified in the warrant information to execute the judicially executable action in an orchestrated manner according to a coordinated plan of action;
digitally signing the control command with a digital certificate associated with the management system;
encrypting the digitally signed control command;
transmitting the digitally signed and encrypted control command to the at least some of the plurality of network security appliances identified in the warrant information; and
receiving confirmation from the at least some of the plurality of network security appliances that the judicially executable action has been executed.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for combating and thwarting attacks by cybercriminals are provided. Network security appliances interposed between computer systems and public networks, such as the Internet, are configured to perform defensive and/or offensive actions against botnets and/or other cyber threats. According to some embodiments, network security appliances may be configured to perform coordinated defensive and/or offensive actions with other network security appliances.
-
Citations
22 Claims
-
1. A method for operating a trusted network interface for monitoring network traffic passing through a plurality of network security appliances, comprising:
-
receiving, at a management system, warrant information that is derived from a judicial warrant, and comprises; a judicially executable action that is executable only with approval, wherein the judicially executable action includes authorization for participating in a denial of service attack; an approval from the judicial warrant to execute the judicially executable action; and an identification of at least some of the plurality of network security appliances each to execute the judicially executable action; wherein the judicial warrant satisfies legal requirements approving an act to be performed; generating a control command instructing the at least some of the plurality of network security appliances identified in the warrant information to execute the judicially executable action in an orchestrated manner according to a coordinated plan of action; digitally signing the control command with a digital certificate associated with the management system; encrypting the digitally signed control command; transmitting the digitally signed and encrypted control command to the at least some of the plurality of network security appliances identified in the warrant information; and receiving confirmation from the at least some of the plurality of network security appliances that the judicially executable action has been executed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer network comprising:
-
a plurality of network security appliances, each network security appliance being interposed between a computer system and a public network; a management system configured to transmit control commands to the plurality of network security appliances via a public network; a judicial control system configured to; receive warrant information that is derived from a judicial warrant, and comprises; a judicially executable action that is executable only with approval, wherein the judicially executable action includes authorization for participating in a denial of service attack; an approval from the judicial warrant to execute the judicially executable action; and an identification of at least some of the plurality of network security appliances to execute the judicially executable action; wherein the judicial warrant satisfies legal requirements approving an act to be performed; digitally sign and encrypt the warrant information; and transmit the digitally signed and encrypted warrant information to the management system; wherein the management system is configured to transmit a control command to the at least some of the plurality of network security appliances identified in the warrant information received from the judicial control system, the control command instructing the at least some of the plurality of network security appliances to execute the judicially executable action in an orchestrated manner according to a coordinated plan of action; and wherein the management system is configured to receive confirmation from the at least some of the plurality of network security appliances that the judicially executable action has been executed. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for preventing malicious cyber-attacks, the method comprising:
-
receiving, at a management system, warrant information that is derived from a judicial warrant, wherein the judicial warrant satisfies legal requirements approving an act to be performed, said act to be performed only with approval, wherein the judicial warrant comprises an approval to order a plurality of network security appliances to perform a denial of service attack carried out according to a coordinated plan of action, wherein each of the plurality of network security appliances; is interposed between a computer system and a public network; and is configured to monitor data passing between the computer system and the public network; and wherein the denial of service attack prevents at least some data from passing between at least one of the computers and the public network that at least one of the plurality of network security appliances is interposed between; instructing, in an orchestrated manner and from the management system, the plurality of network security appliances to carry out the denial of service attack in a manner consistent with the warrant information, wherein instructing in an orchestrated manner comprises; generating a control command instructing the plurality of network security appliances to perform the denial of service attack; encrypting the digitally signed control command; and transmitting the digitally signed and encrypted control command to the plurality of network security appliances; and receiving confirmation from at least some of the plurality of network security appliances that the denial of service attack has been performed.
-
Specification