Automatic intervention
First Claim
Patent Images
1. A method of securing a network comprising:
- providing, by a gatekeeper device, a monitored session between a first client in a first network and a first network resource in a second network, wherein the gatekeeper device monitors keystrokes entered at the first client and wherein the first client is authorized to communicate with the first network resource;
determining, using a processor, and at least in part by evaluating at least one of a black list of prohibited commands and a white list of permitted commands, that the monitored keystrokes indicate an attempt by the first client to execute an unauthorized command, wherein the unauthorized command, when executed, attempts to cause an access, from the first network resource, of a second network resource; and
taking, by the gatekeeper device, a remedial action, wherein the remedial action includes at least one of substituting the unauthorized command with a bogus command and preventing the first client from transmitting the unauthorized command to the first network resource.
6 Assignments
0 Petitions
Accused Products
Abstract
Securing a network is disclosed. A monitored session between a client and a network resource is provided. It is determined whether the client is attempting an authorized command. If the command is determined to be unauthorized, the command is intercepted. Optionally, remedial action is taken if it is determined that the client is attempting an unauthorized command.
-
Citations
24 Claims
-
1. A method of securing a network comprising:
-
providing, by a gatekeeper device, a monitored session between a first client in a first network and a first network resource in a second network, wherein the gatekeeper device monitors keystrokes entered at the first client and wherein the first client is authorized to communicate with the first network resource; determining, using a processor, and at least in part by evaluating at least one of a black list of prohibited commands and a white list of permitted commands, that the monitored keystrokes indicate an attempt by the first client to execute an unauthorized command, wherein the unauthorized command, when executed, attempts to cause an access, from the first network resource, of a second network resource; and taking, by the gatekeeper device, a remedial action, wherein the remedial action includes at least one of substituting the unauthorized command with a bogus command and preventing the first client from transmitting the unauthorized command to the first network resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for securing a network, including:
-
a processor; and a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to; provide, at a gatekeeper device, a monitored session between a first client in a first network and a first network resource in a second network, wherein the gatekeeper device monitors keystrokes entered at the first client and wherein the first client is authorized to communicate with the first network resource; determine, at least in part by evaluating at least one of black list of prohibited commands and a white list of permitted commands, that the monitored keystrokes indicate an attempt by the first client to execute an unauthorized command, wherein the unauthorized command, when executed, attempts to cause an access, from the first network resource, of a second network resource; and take a remedial action, wherein the remedial action includes at least one of substituting the unauthorized command with a bogus command and preventing the first client from transmitting the unauthorized command to the first network resource. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer program product for securing a network, the computer program product being embodied in a non-transitory computer readable medium and comprising computer instructions for:
-
providing, by a gatekeeper device, a monitored session between a first client in a first network and a first network resource in a second network, wherein the gatekeeper device monitors keystrokes entered at the first client and wherein the first client is authorized to communicate with the first network resource; determining, at least in part by evaluating at least one of black list of prohibited commands and a white list of permitted commands, that the monitored keystrokes indicate an attempt by the first client to execute an unauthorized command, wherein the unauthorized command, when executed, attempts to cause an access, from the first network resource, of a second network resource; and taking a remedial action, wherein the remedial action includes at least one of substituting the unauthorized command with a bogus command and comprising preventing the first client from transmitting the unauthorized command to the first network resource. - View Dependent Claims (23, 24)
-
Specification