Security system for preventing unauthorized packet transmission between customer servers in a server farm
First Claim
1. A security system in a communication system including an IP network and a plurality of groups of servers in a server farm, each of said groups being associated with a customer, and wherein a user connected to said IP network can access information provided by a customer from a server within the group of servers associated with said customers through a dispatching device adapted to select a server amongst the servers of said group of servers according to a predefined algorithm, said dispatching device being connected to the servers through switches adapted to control the data transmission exchanged between said dispatching device and said servers, said security system comprising:
- setting means in each one of said switches for setting, to a predefined value, a field of bits in an IP header of a potentially irregular packet transmitted from a customer server and said dispatching device;
identifying means in said dispatching device for identifying any packet wherein said field of bits has been set to said predefined value; and
disposing means for disposing said potentially irregular packet as being an irregular packet when the destination of such a packet is not said dispatching device.
3 Assignments
0 Petitions
Accused Products
Abstract
A security system for a communication system that includes an IP network and groups of servers in a farm, wherein each group is associated with a customer. A user connected to the network can access information provided by a customer from a server within the group of servers associated with this customer through a dispatching device. The security system comprises setting means in each of the switches which are located between the dispatching device and the customer servers for setting a field of bits in the IP header of potentially irregular packets transmitted from a customer server and the dispatching device, means in the dispatching device for identifying any packet wherein the field of bits has been set to the predefined value, and means for deleting or logging the potentially irregular packet when the destination of the packet is not the dispatching device.
10 Citations
7 Claims
-
1. A security system in a communication system including an IP network and a plurality of groups of servers in a server farm, each of said groups being associated with a customer, and wherein a user connected to said IP network can access information provided by a customer from a server within the group of servers associated with said customers through a dispatching device adapted to select a server amongst the servers of said group of servers according to a predefined algorithm, said dispatching device being connected to the servers through switches adapted to control the data transmission exchanged between said dispatching device and said servers, said security system comprising:
-
setting means in each one of said switches for setting, to a predefined value, a field of bits in an IP header of a potentially irregular packet transmitted from a customer server and said dispatching device;
identifying means in said dispatching device for identifying any packet wherein said field of bits has been set to said predefined value; and
disposing means for disposing said potentially irregular packet as being an irregular packet when the destination of such a packet is not said dispatching device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification