Intelligent integrated network security device for high-availability applications

US 8,959,197 B2
Filed: 12/30/2013
Issued: 02/17/2015
Est. Priority Date: 02/08/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

storing, by a first device and in a memory of the first device, first information for processing one or more first flows of packets to detect a network security intrusion;

storing, by the first device and in the memory of the first device, second information for processing one or more second flows of packets to detect a network security intrusion,the one or more second flows of packets being processed by a second device,the second device being different than the first device,the first device including one of a firewall or an intrusion prevention system,the second device including another one of the firewall or the intrusion prevention system;

determining, by the first device, that a failure associated with the second device is detected;

processing, by the first device and using the first information, one or more packets of the one or more first flows of packets; and

processing, by the first device and using the second information, one or more packets, of the one or more second flows of packets, when the failure associated with the second device is detected,the one or more packets, of the one or more second flows of packets, being associated with a session,the second information including information regarding a security policy for packets associated with the session.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system.

79 Citations

20 Claims

1. A method comprising:
- storing, by a first device and in a memory of the first device, first information for processing one or more first flows of packets to detect a network security intrusion;
  
  storing, by the first device and in the memory of the first device, second information for processing one or more second flows of packets to detect a network security intrusion,the one or more second flows of packets being processed by a second device,the second device being different than the first device,the first device including one of a firewall or an intrusion prevention system,the second device including another one of the firewall or the intrusion prevention system;
  
  determining, by the first device, that a failure associated with the second device is detected;
  
  processing, by the first device and using the first information, one or more packets of the one or more first flows of packets; and
  
  processing, by the first device and using the second information, one or more packets, of the one or more second flows of packets, when the failure associated with the second device is detected,the one or more packets, of the one or more second flows of packets, being associated with a session,the second information including information regarding a security policy for packets associated with the session.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - updating the second information, based on processing the one or more packets of the one or more second flows of packets, to obtain updated second information.
  - 3. The method of claim 2, further comprising:
    - transmitting at least a portion of the updated second information to one or more third devices.
  - 4. The method of claim 1, further comprising:
    - receiving information for updating the second information;
      
      updating the second information, using the information for updating the second information, to obtain updated second information; and
      
      processing a packet, of the one or more second flows of packets, using the updated second information.
  - 5. The method of claim 4, where receiving the information for updating the second information includes:
    - receiving the information for updating the second information each time a new session, associated with the one or more second flows of packets, is created, andwhere updating the second information includes;
      
      including information identifying the new session in the second information.
  - 6. The method of claim 4, where receiving the information for updating the second information includes:
    - receiving the information for updating the second information each time a particular session, associated with the one or more second flows of packets, is terminated, andwhere updating the second information includes;
      
      deleting information identifying the particular session from the second information.

7. A system comprising:
- one or more processors to;
  
  store, in a memory associated with the one or more processors, first information for processing one or more first flows of packets to detect a network security intrusion;
  
  store, in the memory, second information for processing one or more second flows of packets to detect a network security intrusion,the one or more second flows of packets being processed by one or more other processors,the one or more other processors being different than the one or more processors,the one or more processors being included in one of a firewall or an intrusion prevention system,the one or more other processors being included in another one of the firewall or the intrusion prevention system,the one or more second flows of packets being associated with a session,the second information including information regarding a security policy for packets associated with the session;
  
  determine that a failure, relating to the one or more other processors, is detected;
  
  process, using the first information, one or more packets of the one or more first flows of packets; and
  
  process, using the second information, one or more packets, of the one or more second flows of packets, when the failure is detected.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, where the one or more processors are further to:
    - transmit a portion of the first information for storing in a memory associated with the one or more other processors,where the one or more other processors are to process a packet, of the one or more first flows of packets, when a failure, associated with the one or more processors, is detected.
  - 9. The system of claim 8, where, when transmitting the portion of the first information, the one or more processors are further to:
    - transmit the portion of the first information when a particular session, associated with the one or more first flows of packets, is created,where the portion of the first information includes;
      
      information identifying the particular session, andinformation regarding a timer associated with the particular session.
  - 10. The system of claim 7, where, when determining that the failure is detected, the one or more processors are further to:
    - detect the failure;
      
      where, when processing the one or more packets of the one or more second flows of packets, the one or more processors are further to;
      
      process, using the second information, the one or more packets, of the one or more second flows of packets, based on detecting the failure; and
      
      where the one or more processors are further to;
      
      update the second information, based on processing the one or more packets of the one or more second flows of packets, to obtain updated second information.
  - 11. The system of claim 7, where the one or more processors are further to:
    - receive information for updating the second information;
      
      update the second information, using the information for updating the second information, to obtain updated second information; and
      
      process a packet, of the one or more second flows of packets, using the updated second information.
  - 12. The system of claim 11, where, when receiving the information for updating the second information, the one or more processors are further to:
    - receive the information for updating the second information each time a new session, associated with the one or more second flows of packets, is created, andwhere, when updating the second information, the one or more processors are to;
      
      include information identifying the new session in the second information.
  - 13. The system of claim 11, where, when receiving the information for updating the second information, the one or more processors are further to:
    - receive the information for updating the second information each time a particular session, associated with the one or more second flows of packets, is terminated, andwhere, when updating the second information, the one or more processors are to;
      
      delete information identifying the particular session from the second information based on receiving the information.

14. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- a plurality of instructions which, when executed by one or more processors, cause the one or more processors to;
  
  store, in a memory associated with the one or more processors, first information for processing one or more first flows of packets to detect a network security intrusion;
  
  store, in the memory, second information for processing one or more second flows of packets to detect a network security intrusion,the one or more second flows of packets being processed by one or more other processors,the one or more other processors being different than the one or more processors,the one or more processors being included in one of a firewall or an intrusion prevention system,the one or more other processors being included in another one of the firewall or the intrusion prevention system;
  
  determine that a failure, relating to the one or more other processors, is detected;
  
  process, using the first information, one or more packets of the one or more first flows of packets; and
  
  process, using the second information, one or more packets, of the one or more second flows of packets, when the failure is detected,the one or more packets, of the one or more second flows of packets, being associated with a session,the second information including information regarding a security policy for packets associated with the session.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable medium of claim 14, where the instructions further include:
    - one or more instructions to receive particular information for updating the second information,the particular information identifying a new session associated with the one or more second flows of packets; and
      
      one or more instructions to update the second information to include the particular information.
  - 16. The non-transitory computer-readable medium of claim 14, where the instructions further include:
    - one or more instructions to receive particular information indicating that a particular session, associated with the one or more second flows of packets, is terminated; and
      
      one or more instructions to delete information identifying the particular session from the second information based on receiving the particular information.
  - 17. The non-transitory computer-readable medium of claim 14, where the instructions further include:
    - one or more instructions to transmit a portion of the first information for storing in a memory associated with the one or more other processors,where the one or more other processors are to process a packet, of the one or more first flows of packets, when a failure, associated with the one or more processors, is detected.
  - 18. The non-transitory computer-readable medium of claim 14, where the instructions further include:
    - one or more instructions to receive information for updating the second information;
      
      one or more instructions to update the second information, using the information for updating the second information, to obtain updated second information; and
      
      one or more instructions to process a packet, of the one or more second flows of packets, using the updated second information.
  - 19. The non-transitory computer-readable medium of claim 18, where the one or more instructions to receive the information for updating the second information include:
    - one or more instructions to receive the information for updating the second information each time a new session, associated with the one or more second flows of packets, is created, andwhere the one or more instructions to update the second information include;
      
      the one or more instructions to include information identifying the new session in the second information.
  - 20. The non-transitory computer-readable medium of claim 18, where the one or more instructions to receive the information for updating the second information include:
    - one or more instructions to receive the information for updating the second information each time a particular session, associated with the one or more second flows of packets, is terminated, andwhere the one or more instructions to update the second information include;
      
      one or more instructions to delete information identifying the particular session from the second information based on receiving the information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Mao, Yuming, Guruswamy, Kowsik, Zuk, Nir
Primary Examiner(s)
Duong, Oanh

Application Number

US14/143,807
Publication Number

US 20140115379A1
Time in Patent Office

414 Days
Field of Search

709/223, 709/224, 709/238, 709/248, 709/250, 714/1, 714/2, 714/4.11
US Class Current

709/223
CPC Class Codes

G06F 11/2002   where interconnections or c...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0428   wherein the data content is...

H04L 63/1416   Event detection, e.g. attac...

H04L 69/40   for recovering from a failu...

H04L 9/40   Network security protocols

Intelligent integrated network security device for high-availability applications

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent integrated network security device for high-availability applications

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links