US2006059558A1PendingUtilityA1
Proactive containment of network security attacks
Est. expirySep 15, 2024(expired)· nominal 20-yr term from priority
H04L 63/1408H04L 63/145H04L 63/02H04L 63/1441H04L 63/1416G06F 21/55
36
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
One embodiment disclosed relates to a method of proactive containment of network security attacks. Filtering parameters corresponding to a specific system vulnerability are determined. These parameters are distributed to network infrastructure components, and the network infrastructure components examine packets using these parameters to detect occurrence of an attack. Once an attack is detected, the network infrastructure components take action to inhibit the attack. Other embodiments are also disclosed.
Claims
exact text as granted — not AI-modified1 . A method of proactive containment of network security attacks, the method comprising:
determining filtering parameters corresponding to a specific system vulnerability; and distributing said parameters to network infrastructure components, wherein the network infrastructure components are configured to examine packets using said parameters to detect occurrence of an attack against the specific system vulnerability; and wherein the network infrastructure components are further configured to take action to inhibit the detected attack.
2 . The method of claim 1 , wherein the action to inhibit the attack comprises restricting further packet transmission through a network port.
3 . The method of claim 1 , wherein the action to inhibit the attack comprises terminating a connection or session through a network port.
4 . The method of claim 1 , wherein the action to inhibit the attack comprises limiting a number of packets transmitted through a network port.
5 . The method of claim 1 , wherein the action to inhibit the attack comprises preventing specific types or sequences of packets from being transmitted through a network port, while permitting other packets to be transmitted without interruption.
6 . The method of claim 1 , wherein the action to inhibit the attack comprises triggering an alert to a network management system.
7 . The method of claim 1 , wherein the specific system vulnerability pertains to a specific software component.
8 . The method of claim 7 , wherein the specific software component comprises an operating system, or a utility, or an application.
9 . The method of claim 1 , wherein the network infrastructure components comprise at least one component from a group of components consisting of networking hubs, switches, routers, wireless access points, IDS/IPS, firewall, and network security appliances.
10 . The method of claim 1 , wherein the networking infrastructure components filter packets at a physical port, datalink, network, and/or session level.
11 . The method of claim 1 , wherein the networking infrastructure components filter packets using hardware circuitry and firmware.
12 . The method of claim 1 , wherein the network infrastructure components comprise dynamically-modifiable packet firewalls.
13 . The method of claim 1 , wherein the specific system vulnerability is identified prior to discovery of a specific virus exploiting said vulnerability.
14 . The method of claim 13 , wherein the method of proactive containment is performed prior to the discovery of a specific virus exploiting said vulnerability.
15 . The method of claim 1 , wherein said parameters are distributed by a network management system of an enterprise network.
16 . The method of claim 1 , wherein said parameters are distributed by a remote service provider.
17 . The method of claim 16 , wherein the remote service provider comprises a web-based service.
18 . A system of proactive containment of network security attacks, the system comprising:
software configured to determine network filtering parameters corresponding to a specific system vulnerability; and means for distributing said parameters to network infrastructure components, wherein the network infrastructure components are configured to examine packets using said parameters to detect occurrence of an attack against the specific system vulnerability; and wherein the network infrastructure components are further configured to take action to inhibit the detected attack.
19 . A network infrastructure component configured for proactive containment of network security attacks, the network infrastructure component comprising:
communication means for receiving network filtering parameters corresponding to a specific system vulnerability; memory for storing said parameters; and circuitry and firmware configured to examine packets using said parameters to detect occurrence of an attack against the specific system vulnerability and to take action to inhibit the detected attack.
20 . The network infrastructure component of claim 19 , wherein the network infrastructure component comprises a device from a group of devices consisting of networking hubs, switches, routers, wireless access points, IDS/IPS, firewall, and network security appliances.
21 . The network infrastructure component of claim 19 , wherein the networking infrastructure component filters packets at a physical port, datalink (MAC address), network (IP), and/or session (TCP) level.
22 . The network infrastructure component of claim 19 , wherein the network infrastructure component comprises a dynamically-modifiable packet firewall.
23 . The network infrastructure component of claim 19 , wherein said parameters are distributed by a network management system of an enterprise network.
24 . The network infrastructure component of claim 19 , wherein said parameters are distributed by a remote service provider.
25 . A method of protecting against a known malicious attack on a system, the method comprising:
analyzing the known attack to determine an identifying behavior; determining filtering parameters corresponding to the identifying behavior; distributing said parameters to network infrastructure components; and filtering packets using said parameters to detect and inhibit the attack.
26 . A network infrastructure component configured for proactive containment of network security attacks, the network infrastructure component comprising:
communication means for receiving network filtering parameters corresponding to behavior of a known attack; memory for storing said parameters; and circuitry and firmware configured to examine packets using said parameters to detect occurrence of the attack and to take action to inhibit the attack.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.