SYSTEM AND METHOD FOR NETWORK VIRTUALIZATION AND SECURITY USING COMPUTER SYSTEMS AND SOFTWARE

US 20140245422A1
Filed: 05/13/2014
Published: 08/28/2014
Est. Priority Date: 11/30/2009
Status: Active Grant

First Claim

Patent Images

1. A system for network security, comprising:

a protected network comprising at least one protected server, wherein the protected server comprises at least one protected service; and

a virtual network residing on an operating system within a singular machine, physical or otherwise, and comprising at least one virtual server;

wherein;

the virtual server is a ghost of the protected server;

the virtual server comprises an isolated ghost service; and

the ghost service is configured to;

receive a service request; and

run an inspection of the received service request, wherein, in response to the service request passing inspection, the ghost service is further configured to;

send at least a portion of the inspected service request to the protected network;

orcomplete final execution of the service request independently.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for network security. In one embodiment, the method involves receiving a data packet (e.g., from a firewall). The method also involves running an inspection of the received data packet within a virtual network, the virtual network duplicating at least a portion (e.g., servers(s) and/or application(s)) of a protected network. The method further involves sending the inspected data packet, or portion and/or modified version thereof, to the protected network, in response to the data packet passing the inspection within the virtual network. The method also involves blocking passage of the data packet to the protected network, in response to the data packet failing the inspection.

15 Citations

View as Search Results

30 Claims

1. A system for network security, comprising:
- a protected network comprising at least one protected server, wherein the protected server comprises at least one protected service; and
  
  a virtual network residing on an operating system within a singular machine, physical or otherwise, and comprising at least one virtual server;
  
  wherein;
  
  the virtual server is a ghost of the protected server;
  
  the virtual server comprises an isolated ghost service; and
  
  the ghost service is configured to;
  
  receive a service request; and
  
  run an inspection of the received service request, wherein, in response to the service request passing inspection, the ghost service is further configured to;
  
  send at least a portion of the inspected service request to the protected network;
  
  orcomplete final execution of the service request independently.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the virtual network is configured to function independently of the protected network and wherein the virtual network is a ghost or at least a partial representation of the protected network.
  - 3. The system of claim 1, wherein the virtual server is configured to receive the service request from a source outside of the virtual network or from a source inside of the virtual network via the virtual network.
  - 4. The system of claim 1, wherein the ghost service is further configured to run the inspection of the service request by:
    - executing the service request; and
      
      applying at least one of a pre-service security utility or a post-service security utility.
  - 5. The system of claim 1, wherein the ghost service is a ghost of the protected service and wherein the ghost service comprises at least one of a pre-service security utility or a post-service security utility.
  - 6. The system of claim 1, wherein the ghost service of a first virtual server is further configured to communicate with the ghost service of a second virtual server via the virtual network.
  - 7. The system of claim 1, wherein the ghost service is further configured to abort inspection of or block passage of the service request to the protected network, in response to the service request failing any part of the inspection.
  - 8. The system of claim 1, wherein the portion of the inspected service request comprises a modified version of the inspected service request.
  - 9. The system of claim 1, wherein the ghost service is isolated from all other virtual servers within the virtual network.

10. A method operable by a virtual entity in a network system, comprising:
- receiving a service request;
  
  running an inspection of the received service request within a virtual network, the virtual network residing on an operating system within a singular machine, physical or otherwise, whereby, in response to the service request passing the inspection, the virtual network will;
  
  send at least a portion of the inspected service request to the protected network;
  
  orcomplete final execution of the service request independently.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The method of claim 10, wherein the virtual entity comprises at least one of:
    - (a) the virtual network, (b) at least one virtual server of the virtual network, or (c) a ghost service of the virtual server.
  - 12. The method of claim 10, wherein the receiving comprises receiving the service request from a source outside of the virtual network or from a source inside of the virtual network via the virtual network.
  - 13. The method of claim 10, wherein:
    - the protected network comprises at least one protected server, wherein the protected server comprises at least one protected service; and
      
      the virtual network comprises at least one virtual server, wherein;
      
      the virtual server is a ghost of the protected server;
      
      the virtual server comprises an isolated ghost service configured to run the inspection of the received service request.
  - 14. The method of claim 13, wherein the virtual network is configured to function independently of the protected network and wherein the virtual network is a ghost or at least a partial representation of the protected network.
  - 15. The method of claim 13, wherein the running the inspection of the service request comprises:
    - executing the service request; and
      
      applying at least one of a pre-service security utility or a post-service security utility.
  - 16. The method of claim 13, wherein the ghost service is a ghost of the protected service and wherein the ghost service comprises at least one of a pre-service security utility or a post-service utility.
  - 17. The method of claim 13, further comprising the ghost service of a first virtual server communicating with the ghost service of a second virtual server via the virtual network.
  - 18. The method of claim 13, wherein the ghost service is isolated from all other virtual servers within the virtual network.
  - 19. The method of claim 10, further comprising the ghost service aborting inspection of or blocking passage of the service request to the protected network, in response to the service request failing any part of the inspection.
  - 20. The method of claim 10, wherein the portion of the inspected service request comprises a modified version of the inspected service request.

21. A computer program product, comprising:
- a computer-readable medium comprising code for causing a computer to;
  
  receive a service request;
  
  run an inspection of the received service request within a virtual network, the virtual network residing on an operating system within a singular machine, physical or otherwise, whereby, in response to the service request passing the inspection, the virtual network will;
  
  send at least a portion of the inspected service request to the protected network;
  
  orcomplete final execution of the service request independently.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The computer program product of claim 21, wherein the computer-readable medium further comprises code for causing the computer to receive the service request from a source outside of the virtual network or from a source inside of the virtual network via the virtual network.
  - 23. The computer program product of claim 21, wherein:
    - the protected network comprises at least one protected server, wherein the protected server comprises at least one protected service; and
      
      the virtual network comprises at least one virtual server, wherein;
      
      the virtual server is a ghost of the protected server;
      
      the virtual server comprises an isolated ghost service configured to run the inspection of the received service request.
  - 24. The computer program product of claim 23, wherein the virtual network is configured to function independently of the protected network and wherein the virtual network is a ghost or at least a partial representation of the protected network.
  - 25. The computer program product of claim 23, wherein the running of the inspection of the service request comprises:
    - executing the service request; and
      
      applying at least one of a pre-service security or a post-service security utility.
  - 26. The computer program product of claim 23, wherein the ghost service is a ghost of the protected service and wherein the ghost service comprises at least one of a pre-service security utility and a post-service security utility.
  - 27. The computer program product of claim 23, wherein the computer-readable medium further comprises code for causing the ghost service of a first virtual server to communicate with the ghost service of a second virtual server via the virtual network.
  - 28. The computer program product of claim 23, wherein the ghost service is isolated from all other virtual servers within the virtual network.
  - 29. The computer program product of claim 21, wherein the computer-readable medium further comprises code for causing the computer to abort inspection of or block passage of the service request to the protected network, in response to the service request failing any part of the inspection.
  - 30. The computer program product of claim 21, wherein the portion of the inspected network request comprises a modified version of the inspected network request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Netlinkz Technology Pty Limited
Original Assignee
Iwebgate Technology Limited (NetLinkz Ltd.)
Inventors
Gargett, Charles Dunelm

Granted Patent

US 9,531,670 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/02   for separating internal fro...

H04L 63/1408   by monitoring network traff...

H04L 63/1491   using deception as counterm...

SYSTEM AND METHOD FOR NETWORK VIRTUALIZATION AND SECURITY USING COMPUTER SYSTEMS AND SOFTWARE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR NETWORK VIRTUALIZATION AND SECURITY USING COMPUTER SYSTEMS AND SOFTWARE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links