Multi-method gateway-based network security systems and methods
First Claim
Patent Images
1. A method comprising:
- receiving, at a network device, a packet;
inspecting, by the network device, the packet to determine whether the packet includes information indicative of a security breach,inspecting the packet including a plurality of;
inspecting the packet to identify one or more protocol irregularities in the packet to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet to identify the one or more protocol irregularities,inspecting the packet to identify one or more attack signatures to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet to identify the one or more attack signatures,inspecting the packet for one or more traffic signatures matching a packet flow, associated with the packet, to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet for the one or more traffic signatures,one of inspecting the packet to identify the one or more protocol irregularities, inspecting the packet to identify the one or more attack signatures, or inspecting the packet for the one or more traffic signatures being performed based on another one of inspecting the packet to identify the one or more protocol irregularities, inspecting the packet to identify the one or more attack signatures, or inspecting the packet for the one or more traffic signatures;
dropping, by the network device, the packet when the packet includes the information indicative of the security breach; and
forwarding, by the network device, the packet to a network destination of the packet when the packet does not include the information indicative of the security breach.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, at a network device, a packet; inspecting, by the network device, the packet to determine whether the packet includes information indicative of a security breach, inspecting the packet including a plurality of; inspecting the packet to identify one or more protocol irregularities in the packet to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet to identify the one or more protocol irregularities, inspecting the packet to identify one or more attack signatures to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet to identify the one or more attack signatures, inspecting the packet for one or more traffic signatures matching a packet flow, associated with the packet, to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet for the one or more traffic signatures, one of inspecting the packet to identify the one or more protocol irregularities, inspecting the packet to identify the one or more attack signatures, or inspecting the packet for the one or more traffic signatures being performed based on another one of inspecting the packet to identify the one or more protocol irregularities, inspecting the packet to identify the one or more attack signatures, or inspecting the packet for the one or more traffic signatures; dropping, by the network device, the packet when the packet includes the information indicative of the security breach; and forwarding, by the network device, the packet to a network destination of the packet when the packet does not include the information indicative of the security breach. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
a device, comprising one or more hardware components, to; inspect a packet to determine whether the packet includes information indicative of a security breach, when inspecting the packet, the device is to perform a plurality of; inspect the packet to identify one or more protocol irregularities, associated with the packet, to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet to identify the one or more protocol irregularities, inspect the packet to identify one or more attack signatures, associated with the packet, to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet to identify the one or more attack signatures, inspect the packet to identify one or more traffic signatures, associated with the packet, to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet to identify the one or more traffic signatures, the device to perform one of inspecting the packet to identify the one or more protocol irregularities, inspecting the packet to identify the one or more attack signatures, or inspecting the packet to identify the one or more traffic signatures based on another one of inspecting the packet to identify the one or more protocol irregularities, inspecting the packet to identify the one or more attack signatures, or inspecting the packet to identify the one or more traffic signatures; drop the packet when the packet includes the information indicative of the security breach; and forward the packet when the packet does not include the information indicative of the security breach. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A non-transitory computer-readable medium storing instructions, the instructions comprising:
-
one or more instructions which, when executed by a device, cause the device to receive a packet; one or more instructions which, when executed by the device, cause the device to inspect the packet to determine whether the packet includes information indicative of a security breach, the one or more instructions to inspect the packet including a plurality of; one or more instructions which, when executed by the device, cause the device to inspect the packet to identify one or more protocol irregularities, associated with the packet, to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet to identify the one or more protocol irregularities, one or more instructions which, when executed by the device, cause the device to inspect the packet to identify one or more attack signatures, associated with the packet, to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet to identify the one or more attack signatures, one or more instructions which, when executed by the device, cause the device to inspect the packet to identify one or more traffic signatures, associated with the packet, to determine whether the packet includes the information indicative of the security breach, without a user request to inspect the packet to identify the one or more traffic signatures, one of inspecting the packet to identify the one or more protocol irregularities, inspecting the packet to identify the one or more attack signatures, or inspecting the packet to identify the one or more traffic signatures being performed based on another one of inspecting the packet to identify the one or more protocol irregularities, inspecting the packet to identify the one or more attack signatures, or inspecting the packet to identify the one or more traffic signatures; one or more instructions which, when executed by the device, cause the device to drop the packet when the packet includes the information indicative of the security breach; and one or more instructions which, when executed by the device, cause the device to forward the packet when the packet does not include the information indicative of the security breach. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification