Automatic intervention

US 9,231,973 B1
Filed: 04/04/2014
Issued: 01/05/2016
Est. Priority Date: 04/13/2006
Status: Active Grant

First Claim

Patent Images

1. A gatekeeper appliance, comprising:

one or more processors; and

a memory coupled with the one or more processors, wherein the memory is configured to provide the one or more processors with instructions which when executed cause the one or more processors to;

provide a monitored session between a client and a first remote network device, wherein a user of the client has been authorized to access the first remote network device;

monitor for indications that the user of the client is attempting to use authorized access to the first remote network device to execute a command to obtain unauthorized access to a second remote network device reachable from the first remote network device, wherein the command is associated with an attempt to roam out from the first remote network device to the second remote network device, wherein a set of authorized commands is defined for the user of the client, and wherein a different set of authorized commands is defined for a different user; and

in response to detecting the command, intercept the detected command and perform one or more actions, wherein performing the one or more actions includes preventing the user of the client from roaming from the first remote network device to the second remote network device, wherein preventing the user of the client from roaming from the first remote network device to the second remote network device includes preventing the detected command from being executed.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Securing a network is disclosed. A monitored session between a client and a network resource is provided. It is determined whether the client is attempting an authorized command. If the command is determined to be unauthorized, the command is intercepted. Optionally, remedial action is taken if it is determined that the client is attempting an unauthorized command.

24 Citations

22 Claims

1. A gatekeeper appliance, comprising:
- one or more processors; and
  
  a memory coupled with the one or more processors, wherein the memory is configured to provide the one or more processors with instructions which when executed cause the one or more processors to;
  
  provide a monitored session between a client and a first remote network device, wherein a user of the client has been authorized to access the first remote network device;
  
  monitor for indications that the user of the client is attempting to use authorized access to the first remote network device to execute a command to obtain unauthorized access to a second remote network device reachable from the first remote network device, wherein the command is associated with an attempt to roam out from the first remote network device to the second remote network device, wherein a set of authorized commands is defined for the user of the client, and wherein a different set of authorized commands is defined for a different user; and
  
  in response to detecting the command, intercept the detected command and perform one or more actions, wherein performing the one or more actions includes preventing the user of the client from roaming from the first remote network device to the second remote network device, wherein preventing the user of the client from roaming from the first remote network device to the second remote network device includes preventing the detected command from being executed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The gatekeeper appliance of claim 1, wherein the first remote network device is a router.
  - 3. The gatekeeper appliance of claim 1, wherein the second remote network device is a server.
  - 4. The gatekeeper appliance of claim 1, wherein providing the session includes serving one or more applets to the client.
  - 5. The gatekeeper appliance of claim 1, wherein the command is detected at least in part by evaluating at least one of a black list and a white list.
  - 6. The gatekeeper appliance of claim 1, wherein the monitoring is bidirectional.
  - 7. The gatekeeper appliance of claim 1, wherein the memory is further configured to provide the one or more processors with instructions which when executed cause the one or more processors to capture the session.
  - 8. The gatekeeper appliance of claim 7, wherein capturing the session includes logging the data stream between the client and the first remote network device.
  - 9. The gatekeeper appliance of claim 7, wherein capturing the session includes capturing keystrokes.
  - 10. The gatekeeper appliance of claim 7, wherein capturing the session includes capturing output of the first remote network device.
  - 11. The gatekeeper appliance of claim 1, wherein the one or more actions includes issuing a warning message.
  - 12. The gatekeeper appliance of claim 11, wherein the issued warning message indicates that an unauthorized attempt to roam has been detected.
  - 13. The gatekeeper appliance of claim 1, wherein the one or more actions includes sending a notification alert.
  - 14. The gatekeeper appliance of claim 1, wherein identification information associated with a user of the client is collected in response to detecting the command.
  - 15. The gatekeeper appliance of claim 1, wherein preventing the detected command from being executed includes dropping the detected command.
  - 16. The gatekeeper appliance of claim 1, wherein preventing the detected command from being executed includes replacing the detected command with a bogus command.

17. A method, comprising:
- providing a monitored session between a client and a first remote network device, wherein a user of the client has been authorized to access the first remote network device;
  
  monitoring, using one or more processors, for indications that the user of the client is attempting to use authorized access to the first remote network device to execute a command to obtain unauthorized access to a second remote network device reachable from the first remote network device, wherein the command is associated with an attempt to roam out from the first remote network device to the second remote network device, wherein a set of authorized commands is defined for the user of the client, and wherein a different set of authorized commands is defined for a different user; and
  
  in response to detecting the command, intercepting the detected command and performing one or more actions, wherein performing the one or more actions includes preventing the user of the client from roaming from the first remote network device to the second remote network device, wherein preventing the user of the client from roaming from the first remote network device to the second remote network device includes preventing the detected command from being executed.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17, wherein preventing the detected command from being executed includes dropping the detected command.
  - 19. The method of claim 17, wherein preventing the detected command from being executed includes replacing the detected command with a bogus command.

20. A computer program product embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
- providing a monitored session between a client and a first remote network device, wherein a user of the client has been authorized to access the first remote network device;
  
  monitoring, using a set of one or more processors, for indications that the user of the client is attempting to use authorized access to the first remote network device to execute a command to obtain unauthorized access to a second remote network device reachable from the first remote network device, wherein the command is associated with an attempt to roam out from the first remote network device to the second remote network device, wherein a set of authorized commands is defined for the user of the client, and wherein a different set of authorized commands is defined for a different user; and
  
  in response to detecting the command, intercepting the detected command and performing one or more actions, wherein performing the one or more actions includes preventing the user of the client from roaming from the first remote network device to the second remote network device, wherein preventing the user of the client from roaming from the first remote network device to the second remote network device includes preventing the detected command from being executed.
- View Dependent Claims (21, 22)
- - 21. The computer program product of claim 20, wherein preventing the detected command from being executed includes dropping the detected command.
  - 22. The computer program product of claim 20, wherein preventing the detected command from being executed includes replacing the detected command with a bogus command.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Xceedium Incorporated. (Broadcom, Inc.)
Inventors
Van, David
Primary Examiner(s)
Ho, Dao

Application Number

US14/245,966
Time in Patent Office

641 Days
Field of Search

713/183, 726/4
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/30   Authentication, i.e. establ...

H04L 63/00   Network architectures or ne...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/108   when the policy decisions a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

H04L 67/141   Setup of application sessio...

Automatic intervention

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic intervention

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links