SYSTEM AND METHOD FOR NETWORK VIRTUALIZATION AND SECURITY USING COMPUTER SYSTEMS AND SOFTWARE
First Claim
1. A system for network security, comprising:
- a protected network comprising at least one protected server, wherein the protected server comprises at least one protected service; and
a virtual network residing on an operating system within a singular machine, physical or otherwise, and comprising at least one virtual server;
wherein;
the virtual server is a ghost of the protected server;
the virtual server comprises an isolated ghost service; and
the ghost service is configured to;
receive a service request; and
run an inspection of the received service request, wherein, in response to the service request passing inspection, the ghost service is further configured to;
send at least a portion of the inspected service request to the protected network;
orcomplete final execution of the service request independently.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for network security. In one embodiment, the method involves receiving a data packet (e.g., from a firewall). The method also involves running an inspection of the received data packet within a virtual network, the virtual network duplicating at least a portion (e.g., servers(s) and/or application(s)) of a protected network. The method further involves sending the inspected data packet, or portion and/or modified version thereof, to the protected network, in response to the data packet passing the inspection within the virtual network. The method also involves blocking passage of the data packet to the protected network, in response to the data packet failing the inspection.
15 Citations
30 Claims
-
1. A system for network security, comprising:
-
a protected network comprising at least one protected server, wherein the protected server comprises at least one protected service; and a virtual network residing on an operating system within a singular machine, physical or otherwise, and comprising at least one virtual server;
wherein;the virtual server is a ghost of the protected server; the virtual server comprises an isolated ghost service; and the ghost service is configured to; receive a service request; and run an inspection of the received service request, wherein, in response to the service request passing inspection, the ghost service is further configured to; send at least a portion of the inspected service request to the protected network;
orcomplete final execution of the service request independently. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method operable by a virtual entity in a network system, comprising:
-
receiving a service request; running an inspection of the received service request within a virtual network, the virtual network residing on an operating system within a singular machine, physical or otherwise, whereby, in response to the service request passing the inspection, the virtual network will; send at least a portion of the inspected service request to the protected network;
orcomplete final execution of the service request independently. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product, comprising:
a computer-readable medium comprising code for causing a computer to; receive a service request; run an inspection of the received service request within a virtual network, the virtual network residing on an operating system within a singular machine, physical or otherwise, whereby, in response to the service request passing the inspection, the virtual network will; send at least a portion of the inspected service request to the protected network;
orcomplete final execution of the service request independently. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
Specification