Device for providing security barrier for network
First Claim
Patent Images
1. An apparatus for providing a security barrier between a communication network and an internet connection, the apparatus comprising:
- a transceiver device; and
one or more processors comprising a digital circuit configured to perform at least a portion of a computing procedure to;
detect one or more indications of identity of one or more devices of the communication network;
obtain a first set of signal packets, received at the transceiver device, from at least one of the one or more devices of the communication network;
inspect the first set of signal packets based, at least in part, on a set of security policies comprising blocking, filtering or modifying, or a combination thereof, the first set of signal packets comprising potentially malicious content, the first set of signal packets originating from a potentially malicious source, the first set of signal packets exhibiting suspicious behavior, the first set of signal packets transmitted, received under suspicious circumstances, or a combination thereof;
responsive to the inspection of the first set of signal packets block, filter or modify, or a combination thereof, at least one of the first set of signal packets based, at least in part, on the set of security policies to form a modified first set of signal packets;
responsive to formation of the modified first set of signal packets, initiate transmission of the modified first set of signal packets via the transceiver device, the transmission of the modified first set of signal packets comprising emulating the at least one of the one or more devices based, at least in part, on the one or more indications of identity;
inspect a second set of signal packets received from the internet connection via the transceiver device and intended for the at least one of the one or more devices, the inspection of the second set of signal packets based, at least in part, on the set of security policies; and
responsive to the inspection of the second set of signal packets, block, filter or modify, or a combination thereof, at least one of the second set of signal packets based, at least in part, on the set of security policies to form a modified second set of signal packets for transmission to the at least one of the one or more devices, wherein inspection of the first and second sets of signal packets is performed by a unified threat management (UTM) component of the apparatus, and wherein the UTM component is pre-configured with the set of security policies.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus, a system, and a method for providing a security barrier between local network and an internet connection.
14 Citations
16 Claims
-
1. An apparatus for providing a security barrier between a communication network and an internet connection, the apparatus comprising:
-
a transceiver device; and one or more processors comprising a digital circuit configured to perform at least a portion of a computing procedure to; detect one or more indications of identity of one or more devices of the communication network; obtain a first set of signal packets, received at the transceiver device, from at least one of the one or more devices of the communication network; inspect the first set of signal packets based, at least in part, on a set of security policies comprising blocking, filtering or modifying, or a combination thereof, the first set of signal packets comprising potentially malicious content, the first set of signal packets originating from a potentially malicious source, the first set of signal packets exhibiting suspicious behavior, the first set of signal packets transmitted, received under suspicious circumstances, or a combination thereof; responsive to the inspection of the first set of signal packets block, filter or modify, or a combination thereof, at least one of the first set of signal packets based, at least in part, on the set of security policies to form a modified first set of signal packets; responsive to formation of the modified first set of signal packets, initiate transmission of the modified first set of signal packets via the transceiver device, the transmission of the modified first set of signal packets comprising emulating the at least one of the one or more devices based, at least in part, on the one or more indications of identity; inspect a second set of signal packets received from the internet connection via the transceiver device and intended for the at least one of the one or more devices, the inspection of the second set of signal packets based, at least in part, on the set of security policies; and responsive to the inspection of the second set of signal packets, block, filter or modify, or a combination thereof, at least one of the second set of signal packets based, at least in part, on the set of security policies to form a modified second set of signal packets for transmission to the at least one of the one or more devices, wherein inspection of the first and second sets of signal packets is performed by a unified threat management (UTM) component of the apparatus, and wherein the UTM component is pre-configured with the set of security policies. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for providing a security barrier between a communication network and an internet connection, the system comprising:
-
means, comprising a transceiver device, for receiving a first set of signal packets from at least one of the one or more devices of the communication network; means, comprising one or more processors including a digital circuit configured to perform at least a portion of a computing procedure, for; detecting one or more indications of identity of one or more devices of the communication network; inspecting the first set of signal packets based, at least in part, on a set of security policies comprising blocking, filtering or modifying, or a combination thereof, the first set of signal packets comprising potentially malicious content, the first set of signal packets originating from a potentially malicious source, the first set of signal packets exhibiting suspicious behavior or the first set of signal packets transmitted, received under suspicious circumstances, or a combination thereof; in response to the inspection of the first set of signal packets blocking, based at least in part, on the set of security policies the first set of signal packets, filtering or modifying, or a combination thereof, at least one of the first set of signal packets based, at least in part, on the set of security policies, to form a modified first set of signal packets; transmitting the modified first set of signal packets in response to formation of the modified first set of signal packets, the transmission of the modified first set of signal packets comprising emulating the at least one of the one or more devices based, at least in part, on the one or more indications of identity; inspecting a second set of signal packets received from the internet connection and intended for the at least one of the one or more devices based, at least in part, on a set of security policies; and in response to the inspection of the second of signal packets sent via the internet connection and based, at least in part, on the set of security policies blocking the second set of signal packets, based at least in part, on the set of security policies the second set of signal packets, filtering or modifying, or a combination thereof, one or more of the second set of signal packets to form a modified second set of signal packets for transmission to the at least one of the one or more devices, wherein inspection of the first and second sets of signal packets is performed by a unified threat management (UTM) component of the apparatus, and wherein the UTM component is pre-configured with the set of security policies. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for providing a security barrier between a communication network and an internet connection, the method comprising:
-
detecting, at one or more processors of a security device, one or more indications of identity of one or more devices of the communication network; receiving, via a transceiver of the security device, a first set of signal packets from at least one of the one or more devices of the communication network; inspecting, at the one or more processors, the first set of signal packets based, at least in part, on a set of security policies comprising blocking, filtering or modifying, or a combination thereof, the first set of signal packets comprising potentially malicious content, the first set of signal packets originating from a potentially malicious source, the first set of signal packets exhibiting suspicious behavior or the first set of signal packets transmitted or received under suspicious circumstances, or a combination thereof; responsive to the inspection of the first set of signal packets, blocking, filtering or modifying, or a combination thereof, at least one of the first set of signal packets based, at least in part, on the set of security policies to form a modified first set of signal packets; responsive to formation of the modified first set of signal packets, initiate transmission of the modified first set of signal packets via the transceiver, the transmission of the modified first set of signal packets comprising emulating the at least one of the one or more devices based, at least in part, on the one or more indications of identity; inspecting, at the one or more processors, a second set of signal packets received from the internet connection and intended for the at least one of the one or more devices, the inspection of the second set of signal packets being based, at least in part, on the set of security policies; and responsive to the inspection of the second set of signal packets, blocking filtering or modifying, or a combination thereof, at least one of the second set of signal packets based, at least in part, on the set of security policies to form a modified second set of signal packets for transmission to the at least one of the one or more devices, wherein inspection of the first and second sets of signal packets is performed by a unified threat management (UTM) component of the apparatus, and wherein the UTM component is pre-configured with the set of security policies. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification