System and method for monitoring computing servers for possible unauthorized access
First Claim
1. A system, comprising:
- one or more VoIP servers, each configured and arranged to provide respective VoIP services to remote users; and
a processing circuit communicatively-coupled to the one or more VoIP servers and configured and arranged to;
monitor data transactions of at least one server, of the one or more VoIP servers, that is associated with a user account, the user account having a security policy;
detect a flag set in at least one data packet of the data transactions of the at least one VoIP server;
analyze, in response to detecting the flag, a VoIP call corresponding to the at least one data packet for characteristics of the data transactions that correspond to a call loop;
determine a threat level as a function of one or more characteristics of the data transactions, including the characteristics of the data transactions that correspond to a call loop, and one or more conditions of the security policy, each of the one or more conditions being indicative of unauthorized access when satisfied by the one or more characteristics; and
in response to the threat level exceeding a first threshold level indicated in the security policy of the user account, send a notification to an authorized user of the user account.
3 Assignments
0 Petitions
Accused Products
Abstract
A system is provided that includes one or more computing servers and a processing circuit for monitoring data transactions of the computing servers. Each of the computing servers is configured to provide respective services to remote users. The processing circuit is configured to monitor data transactions of at least one of the computing servers, which is associated with a user account. A security policy of the user account includes a set of conditions that are indicative of unauthorized access when the conditions are satisfied by various characteristics of the monitored data. The processing circuit is configured to determine a threat level based on the characteristics of the data transactions and the conditions of the security policy. In response to the threat level exceeding a first threshold level indicated in the security policy of the user account, the processing circuit sends a notification to an authorized user of the user account.
37 Citations
19 Claims
-
1. A system, comprising:
-
one or more VoIP servers, each configured and arranged to provide respective VoIP services to remote users; and a processing circuit communicatively-coupled to the one or more VoIP servers and configured and arranged to; monitor data transactions of at least one server, of the one or more VoIP servers, that is associated with a user account, the user account having a security policy; detect a flag set in at least one data packet of the data transactions of the at least one VoIP server; analyze, in response to detecting the flag, a VoIP call corresponding to the at least one data packet for characteristics of the data transactions that correspond to a call loop; determine a threat level as a function of one or more characteristics of the data transactions, including the characteristics of the data transactions that correspond to a call loop, and one or more conditions of the security policy, each of the one or more conditions being indicative of unauthorized access when satisfied by the one or more characteristics; and in response to the threat level exceeding a first threshold level indicated in the security policy of the user account, send a notification to an authorized user of the user account. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method, comprising the steps of:
-
monitoring data transactions of a VoIP server corresponding to a user account, the user account having a security policy; detecting a flag set in at least one data packet of the data transactions of the at VoIP server; analyzing, in response to detecting the flag, a VoIP call corresponding to the at least one data packet for characteristics of the data transactions that correspond to a call loop; determining a threat level of the VoIP server as a function of one or more characteristics of the data transactions, including the characteristics of the data transactions that correspond to a call loop, and one or more conditions of the security policy that are indicative of unauthorized access; in response to the threat level exceeding a first threshold level indicated in the security policy of the user account, sending a notification to an authorized user of the user account indicating that the threat level has been exceeded; and wherein processing circuitry is communicatively coupled to the VoIP server and configured and arranged to perform the above steps.
-
Specification