Intelligent integrated network security device

US 9,100,364 B2
Filed: 03/31/2014
Issued: 08/04/2015
Est. Priority Date: 02/08/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving, by one or more processors of a device, a data packet;

examining, by the one or more processors, the data packet;

determining, by the one or more processors, a single flow record associated with the data packet,determining the single flow record including;

determining a packet identifier associated with the data packet, andevaluating a flow table to identify the single flow record using the packet identifier;

extracting, by the one or more processors, a session identifier and flow instructions, for two or more security devices, from the single flow record,the session identifier identifying a session associated with the data packet,the two or more security devices being included in the device;

sending, by the one or more processors, the flow instructions and the session identifier to respective ones of the two or more security devices to facilitate processing of the data packet;

receiving, by the one or more processors and from the two or more security devices, processing results,the processing results being generated by the two or more security devices when processing the data packet based on the flow instructions and the session identifier; and

processing, by the one or more processors, the data packet using the processing results.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, computer program products and apparatus for processing data packets are described. Methods include receiving the data packet, examining the data packet, determining a single flow record associated with the packet and extracting flow instructions for two or more devices from the single flow record.

90 Citations

20 Claims

1. A method comprising:
- receiving, by one or more processors of a device, a data packet;
  
  examining, by the one or more processors, the data packet;
  
  determining, by the one or more processors, a single flow record associated with the data packet,determining the single flow record including;
  
  determining a packet identifier associated with the data packet, andevaluating a flow table to identify the single flow record using the packet identifier;
  
  extracting, by the one or more processors, a session identifier and flow instructions, for two or more security devices, from the single flow record,the session identifier identifying a session associated with the data packet,the two or more security devices being included in the device;
  
  sending, by the one or more processors, the flow instructions and the session identifier to respective ones of the two or more security devices to facilitate processing of the data packet;
  
  receiving, by the one or more processors and from the two or more security devices, processing results,the processing results being generated by the two or more security devices when processing the data packet based on the flow instructions and the session identifier; and
  
  processing, by the one or more processors, the data packet using the processing results.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where processing the data packet using the processing results includes:
    - dropping the packet;
      
      orforwarding the packet toward a destination of the packet.
  - 3. The method of claim 1, where the data packet is included in a flow of packets associated with the session, andwhere the single flow record further includes:
    - information identifying the flow of packets.
  - 4. The method of claim 3, where sending the flow instructions and the session identifier to the respective ones of the two or more security devices includes:
    - sending, to the respective ones of the two or more security devices, the information identifying the flow of packets and the session identifier for the session.
  - 5. The method of claim 3, where the single flow record further includes device specific information, andwhere sending the flow instructions and the session identifier to the respective ones of the two or more security devices includes:
    - sending, to the respective ones of the two or more security devices, the information identifying the flow of packets, the session identifier for the session, and the device specific information.
  - 6. The method of claim 1, where the two or more security devices include two or more of:
    - an intrusion prevention system,a firewall, ora router.
  - 7. The method of claim 1, where determining the packet identifier includes:
    - extracting, from the data packet, a source address, a destination address, a source port number, a destination port number, and a protocol type associated with the data packet,the packet identifier being based on the source address, the destination address, the source port number, the destination port number, and the protocol type.

8. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions which, when executed by one or more processors of a device, cause the one or more processors to receive a data packet;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to examine the data packet;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to determine a single flow record associated with the data packet,the one or more instructions to determine the single flow record including;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to determine a packet identifier associated with the data packet, andone or more instructions which, when executed by the one or more processors, cause the one or more processors to evaluate a flow table to identify the single flow record using the packet identifier;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to extract a session identifier and flow instructions, for two or more security devices, from the single flow record,the two or more security devices being included in the device;
  
  the session identifier identifying a session associated with the data packet;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to send the session identifier and the flow instructions to respective ones of the two or more security devices to facilitate processing of the data packet;
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to receive, from the two or more security devices, processing results,the processing results being generated by the two or more security devices when processing the data packet based on the flow instructions and the session identifier; and
  
  one or more instructions which, when executed by the one or more processors, cause the one or more processors to process the data packet using the processing results.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable medium of claim 8, where the one or more instructions to process the data packet using the processing results include:
    - one or more instructions which, when executed by the one or more processors, cause the one or more processors to selectively;
      
      log information regarding the data packet based on the processing results,store the data packet based on the processing results, ormodify the data packet based on the processing results.
  - 10. The non-transitory computer-readable medium of claim 8, where the instructions further include:
    - one or more instructions which, when executed by the one or more processors, cause the one or more processors to receive another data packet;
      
      one or more instructions which, when executed by the one or more processors, cause the one or more processors to determine that a single flow record, associated with the other data packet, is not found in the flow table; and
      
      one or more instructions which, when executed by the one or more processors, cause the one or more processors to create and store, in the flow table, a new single flow record associated with the other data packet.
  - 11. The non-transitory computer-readable medium of claim 10, where the other data packet is associated with another session, andwhere the instructions further include:
    - one or more instructions which, when executed by the one or more processors, cause the one or more processors to communicate with the two or more security devices to determine a security policy for packets associated with the other session;
      
      one or more instructions which, when executed by the one or more processors, cause the one or more processors to assign an identifier to the other session; and
      
      one or more instructions which, when executed by the one or more processors, cause the one or more processors to store, in the new single flow record, the identifier of the other session and the security policy.
  - 12. The non-transitory computer-readable medium of claim 8, where the one or more instructions to process the data packet using the processing results include:
    - one or more instructions which, when executed by the one or more processors, cause the one or more processors to selectively;
      
      drop the data packet based on the processing results, orforward the data packet to a destination of the data packet based on the processing results.
  - 13. The non-transitory computer-readable medium of claim 8, where each security device, of the two or more security devices, includes a different one of:
    - an intrusion prevention system,a firewall, ora router.
  - 14. The non-transitory computer-readable medium of claim 8, where the one or more instructions to determine the packet identifier include:
    - one or more instructions which, when executed by the one or more processors, cause the one or more processors to extract, from the data packet, a source address, a destination address, a source port number, a destination port number, and a protocol type associated with the data packet, andwhere the packet identifier is based on the source address, the destination address, the source port number, the destination port number, and the protocol type.

15. A system comprising:
- a device to;
  
  receive a data packet;
  
  determine a packet identifier associated with the data packet;
  
  search a flow table, using the packet identifier, to identify a single flow record associated with the data packet;
  
  extract a session identifier and flow instructions, for two or more security devices, from the single flow record,the two or more security devices being included in the device;
  
  the session identifier identifying a session associated with the data packet;
  
  send the session identifier and the flow instructions to respective ones of the two or more security devices to facilitate processing of the data packet;
  
  receive, from the two or more security devices, processing results,the processing results being generated by the two or more security devices when processing the data packet based on the flow instructions and the session identifier; and
  
  selectively;
  
  drop the data packet based on the processing results, orforward the data packet to a destination of the data packet based on the processing results.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, where each security device, of the two or more security devices, includes a different one of:
    - an intrusion prevention system,a firewall, ora router.
  - 17. The system of claim 15, where the data packet is included in a flow of packets associated with the session, andwhere the single flow record includes:
    - information identifying the flow of packets.
  - 18. The system of claim 17, where, when sending the flow instructions, the device is to:
    - send, to the respective ones of the two or more security devices, the information identifying the flow of packets and the session identifier for the session.
  - 19. The system of claim 15, where the device is further to:
    - receive another data packet;
      
      determine that a single flow record, associated with the other data packet, is not found in the flow table; and
      
      create and store, in the flow table, a new single flow record associated with the other data packet.
  - 20. The system of claim 19, where the other data packet is associated with another session, andwhere the device is further to:
    - communicate with the two or more security devices to obtain information relating to processing packets associated with the other session;
      
      assign another session identifier to the other session; and
      
      store, in the new single flow record, the other session identifier and the information relating to processing the packets associated with the other session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Zuk, Nir
Primary Examiner(s)
Reza, Mohammad W

Application Number

US14/230,180
Publication Number

US 20140259146A1
Time in Patent Office

491 Days
Field of Search

726/13
US Class Current

1/1
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0209   Architectural arrangements,...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

H04L 63/12   Applying verification of th...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 69/22   Parsing or analysis of headers

Intelligent integrated network security device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent integrated network security device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links