Detecting secure or encrypted tunneling in a computer network
First Claim
1. A computer assisted method for detecting encrypted tunneling comprising:
- electronically receiving information from a proxy server;
extracting information regarding a CONNECT function of Hyper Text Transport Protocol (HTTP) from the electronically received information;
determining at least one destination to which the extracted information regarding the CONNECT function of HTTP corresponds;
attempting to negotiate a standard Hyper Text Transport Protocol Secure (HTTPS) session with each of the at least one destination;
for each of the at least one destination,determining if a Secure Socket Layer (SSL) certificate associated with the destination has been issued by a trusted certificate authority;
determining whether the destination is hosting an encrypted tunneling application, wherein the determining whether the destination is hosting an encrypted tunneling application includes;
identifying a plurality of characteristics of the SSL certificate;
comparing the plurality of characteristics of the SSL certificate with a list of authentic characteristics to determine whether the SSL certificate is authentic;
wherein identifying the plurality of characteristics includes determining at least a name of at least one of;
to whom the SSL certificate was issued and who issued the SSL certificate; and
identifying, based on the identified plurality of characteristics of the SSL certificate, a type of encrypted tunneling application associated with the at least one destination.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer assisted method for detecting encrypted tunneling or proxy avoidance is presented. The method may include electronically receiving information from a proxy server, extracting information regarding a CONNECT function of Hyper Text Transport Protocol (HTTP) from the electronically received information, determining at least one destination to which the extracted information regarding the CONNECT function of HTTP corresponds and attempting to negotiate a standard HTTPS session with each of the at least one destination. Further, the computer assisted method may further include, for each of the at least one destination, determining whether the destination is hosting an encrypted tunneling or proxy avoidance application, wherein such a determining may be based on characteristics of an Secure Socket Layer (SSL) certificate associated with the destination or a response received from the destination over a TCP/IP connection.
-
Citations
19 Claims
-
1. A computer assisted method for detecting encrypted tunneling comprising:
-
electronically receiving information from a proxy server; extracting information regarding a CONNECT function of Hyper Text Transport Protocol (HTTP) from the electronically received information; determining at least one destination to which the extracted information regarding the CONNECT function of HTTP corresponds; attempting to negotiate a standard Hyper Text Transport Protocol Secure (HTTPS) session with each of the at least one destination; for each of the at least one destination, determining if a Secure Socket Layer (SSL) certificate associated with the destination has been issued by a trusted certificate authority; determining whether the destination is hosting an encrypted tunneling application, wherein the determining whether the destination is hosting an encrypted tunneling application includes; identifying a plurality of characteristics of the SSL certificate; comparing the plurality of characteristics of the SSL certificate with a list of authentic characteristics to determine whether the SSL certificate is authentic; wherein identifying the plurality of characteristics includes determining at least a name of at least one of;
to whom the SSL certificate was issued and who issued the SSL certificate; andidentifying, based on the identified plurality of characteristics of the SSL certificate, a type of encrypted tunneling application associated with the at least one destination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An encrypted tunneling detecting apparatus comprising:
-
at least one processor; and at least one memory storing computer executable instructions that cause the at least one processor to perform a method for detecting encrypted tunneling comprising; electronically receiving information from a proxy server; extracting information regarding a CONNECT function of Hyper Text Transport Protocol (HTTP) from the electronically received information; determining at least one destination to which the extracted information regarding the CONNECT function of HTTP corresponds; attempting to negotiate a standard Hyper Text Transport Protocol Secure (HTTPS) session with each of the at least one destination; for each of the at least one destination, determining if a Secure Socket Layer (SSL) certificate associated with the destination has been issued by a trusted certificate authority; and determining whether the destination is hosting an encrypted tunneling application, wherein the determining whether the destination is hosting an encrypted tunneling application includes; identifying a plurality of characteristics of the SSL certificate; comparing the plurality of characteristics of the SSL certificate with a list of authentic characteristics to determine whether the SSL certificate is authentic; wherein identifying the plurality of characteristics includes determining at least a name of at least one of;
to whom the SSL certificate was issued and who issued the SSL certificate; andidentifying, based on the identified plurality of characteristics of the SSL certificate, a type of encrypted tunneling application associated with the at least one destination. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer assisted method for detecting encrypted tunneling or proxy avoidance comprising:
-
electronically receiving information from a proxy server; extracting information regarding a CONNECT function of Hyper Text Transport Protocol (HTTP) from the electronically received information; determining at least one destination to which the extracted information regarding the CONNECT function of HTTP corresponds; attempting to negotiate a standard Hyper Text Transport Protocol Secure (HTTPS) session with each of the at least one destination; for each of the at least one destination, determining whether the destination is hosting an encrypted tunneling or proxy avoidance application, wherein such a determining includes; identifying a plurality of characteristics of a Secure Socket Layer (SSL) certificate associated with the at least one destination, wherein identifying the plurality of characteristics includes determining at least a name of at least one of;
to whom the SSL certificate was issued and who issued the SSL certificate;comparing the plurality of characteristics of the SSL certificate with a list of authentic characteristics to determine whether the SSL certificate is authentic; and identifying, based on the identified plurality of characteristics of the SSL certificate, a type of encrypted tunneling application associated with the at least one destination.
-
Specification