Intelligent integrated network security device

US 8,726,016 B2
Filed: 09/14/2012
Issued: 05/13/2014
Est. Priority Date: 02/08/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving, by one or more processors of a device, a packet in a flow of packets associated with a session;

determining, by the one or more processors and using data of the packet, that a data structure does not store information identifying the flow of packets;

communicating, by the one or more processors and to a plurality of security devices, particular information that includes;

information identifying a location of the packet in a memory associated with the one or more processors, andinformation identifying a position of the packet in the flow of packets, the plurality of security devices being included in the device;

obtaining, by the one or more processors and from each security device of the plurality of security devices, information relating to processing packets associated with the session,the information, relating to processing the packets associated with the session, being obtained from each security device of the plurality of security devices based on determining that the data structure does not store the information identifying the flow of packets;

creating, by the one or more processors and for storing in the data structure, a single entry for storing the information identifying the flow of packets based on determining that the data structure does not store the information identifying the flow of packets,the single entry being created using the information, obtained from each security device of the plurality of security devices, relating to processing the packets associated with the session; and

processing, by the one or more processors, the packet based on the information, obtained from each security device of the plurality of security devices, relating to processing the packets associated with the session.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, computer program products and apparatus for processing data packets are described. Methods include receiving the data packet, examining the data packet, determining a single flow record associated with the packet and extracting flow instructions for two or more devices from the single flow record.

87 Citations

18 Claims

1. A method comprising:
- receiving, by one or more processors of a device, a packet in a flow of packets associated with a session;
  
  determining, by the one or more processors and using data of the packet, that a data structure does not store information identifying the flow of packets;
  
  communicating, by the one or more processors and to a plurality of security devices, particular information that includes;
  
  information identifying a location of the packet in a memory associated with the one or more processors, andinformation identifying a position of the packet in the flow of packets, the plurality of security devices being included in the device;
  
  obtaining, by the one or more processors and from each security device of the plurality of security devices, information relating to processing packets associated with the session,the information, relating to processing the packets associated with the session, being obtained from each security device of the plurality of security devices based on determining that the data structure does not store the information identifying the flow of packets;
  
  creating, by the one or more processors and for storing in the data structure, a single entry for storing the information identifying the flow of packets based on determining that the data structure does not store the information identifying the flow of packets,the single entry being created using the information, obtained from each security device of the plurality of security devices, relating to processing the packets associated with the session; and
  
  processing, by the one or more processors, the packet based on the information, obtained from each security device of the plurality of security devices, relating to processing the packets associated with the session.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where obtaining, from each security device of the plurality of security devices, the information relating to processing the packets associated with the session includes:
    - communicating, with each security device of the plurality of security devices, to determine a security policy for the packets associated with the session.
  - 3. The method of claim 1, where obtaining, from each security device of the plurality of security devices, the information relating to processing the packets associated with the session includes:
    - communicating, with a first security device of the plurality of security devices, to determine whether to block the packet based on the first security device determining whether the packet matches one or more attack signatures for one or more attempted network security intrusions.
  - 4. The method of claim 3, where obtaining, from each security device of the plurality of security devices, the information relating to processing the packets associated with the session further includes:
    - communicating, with a second security device of the plurality of security devices, to obtain a network policy associated with the session,the second security device being different than the first security device.
  - 5. The method of claim 1, further comprising:
    - storing the single entry, in the data structure, to obtain a stored single entry,the stored single entry including;
      
      the information identifying the flow of packets,session information associated with the session, anddevice-specific information associated with each security device of the plurality of security devices.
  - 6. The method of claim 5, further comprising:
    - receiving another packet in the flow of packets associated with the session;
      
      identifying the single entry, in the data structure, using data of the other packet; and
      
      processing the other packet based on the single entry.
  - 7. The method of claim 1, where each security device, of the plurality of security devices, includes a different one of an intrusion prevention system, a firewall, or a flow-based router.

8. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions which, when executed by one or more processors of a device, cause the one or more processors to receive a packet in a flow of packets associated with a session;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to determine, using a portion of the packet, that a data structure does not store information identifying the flow of packets associated with the session;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to communicate, to a plurality of security elements, particular information that includes;
  
  information identifying a location of the packet in a memory associated with the one or more processors, andinformation identifying a position of the packet in the flow of packets, the plurality of security elements being included in the device;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to obtain, from each security element of a plurality of security elements, information relating to processing packets associated with the session,the plurality of security elements including a firewall and an intrusion prevention system,the information, relating to processing the packets associated with the session, being obtained from each security element of the plurality of security elements based on determining that the data structure does not store the information identifying the flow of packets;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to create a single entry for storing the information identifying the flow of packets based on determining that the data structure does not store the information identifying the flow of packets,the single entry being created using the information, obtained from each security element of the plurality of security elements, relating to processing the packets associated with the session;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to store the single entry in the data structure; and
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to determine whether the packet is associated with an attempted network security intrusion based on the information, obtained from each security element of the plurality of security elements, relating to processing the packets associated with the session.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The non-transitory computer-readable medium of claim 8, where the single entry, stored in the data structure, includes:
    - the information identifying the flow of packets,session information associated with the session, anddevice-specific information associated with each security element of the plurality of security elements.
  - 10. The non-transitory computer-readable medium of claim 8, where the one or more instructions to determine whether the data structure stores the information identifying the flow of packets associated with the session include:
    - one or more instructions which, when executed by the one or more processors, cause the one or more processors to determine, using the portion of the packet, that the data structure does not store the information identifying the flow of packets associated with the session.
  - 11. The non-transitory computer-readable medium of claim 10, where the one or more instructions to obtain, from a security element of the plurality of security elements, the information relating to processing the packets associated with the session include:
    - one or more instructions which, when executed by the one or more processors, cause the one or more processors to communicate, with each security element of the plurality of security elements, to determine a security policy for the packets associated with the session based on determining that the data structure does not store the information identifying the flow of packets associated with the session.
  - 12. The non-transitory computer-readable medium of claim 10, where the one or more instructions to obtain, from each security element of the plurality of security elements, the information relating to processing the packets associated with the session include:
    - one or more instructions which, when executed by the one or more processors, cause the one or more processors to communicate, with the intrusion prevention system, to determine whether to block the packet based on attack signatures for one or more attempted network security intrusions.
  - 13. The non-transitory computer-readable medium of claim 10, where the plurality of security elements further include a flow-based router, andwhere the one or more instructions to obtain, from each security element of the plurality of security elements, the information relating to processing the packets associated with the session include:
    - one or more instructions which, when executed by the one or more processors, cause the one or more processors to communicate, with the flow-based router, to obtain a network policy associated with the session.

14. A system comprising:
- a memory to store instructions; and
  
  one or more processors to execute the instructions to;
  
  receive a packet in a flow of packets associated with a session;
  
  determine, using a portion of the packet, that a data structure does not store information identifying the flow of packets associated with the session;
  
  communicate, to a plurality of devices, particular information that includes;
  
  information identifying a location of the packet in a memory associated with the one or more processors, andinformation identifying a position of the packet in the flow of packets;
  
  obtain, from each device of the plurality of devices, information relating to processing packets associated with the session,the plurality of devices including a firewall and an intrusion prevention system,the information, relating to processing the packets associated with the session, being obtained from each device of the plurality of devices based on determining that the data structure does not store the information identifying the flow of packets;
  
  create, for storing in the data structure, a single entry for storing the information identifying the flow of packets,the single entry being created using the information, obtained from each device of the plurality of devices, relating to processing the packets associated with the session; and
  
  determine whether the packet is associated with an attempted network security intrusion based on the information, obtained from each device of the plurality of devices, relating to processing the packets associated with the session.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, where the one or more processors are further to:
    - store the single entry in the data structure,the stored single entry including;
      
      the information identifying the flow of packets,session information associated with the session, anddevice-specific information associated with each device of the plurality of devices; and
      
      process another packet, in the flow of packets, using the stored single entry.
  - 16. The system of claim 14, where the plurality of devices further includes a flow-based router.
  - 17. The system of claim 14, where, when obtaining, from each device of the plurality of devices, the information relating to processing the packets associated with the session, the one or more processors are further to:
    - communicate, with a first device of the plurality of devices, to determine whether to block the packet based on the first device determining whether the packet matches one or more attack signatures for one or more attempted network security intrusions.
  - 18. The system of claim 17, where, when obtaining, from each device of the plurality of devices, the information relating to processing the packets associated with the session, the one or more processors are further to:
    - communicate, with a second device of the plurality of devices, to obtain a network policy associated with the session,the second device being different than the first device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Zuk, Nir
Primary Examiner(s)
Reza, Mohammad W

Application Number

US13/616,067
Publication Number

US 20130067561A1
Time in Patent Office

606 Days
Field of Search

726/13, 726/165
US Class Current

713/165
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0209   Architectural arrangements,...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

H04L 63/12   Applying verification of th...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 69/22   Parsing or analysis of headers

Intelligent integrated network security device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent integrated network security device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links