Proactive network security systems to protect against hackers

Abstract

A proactive network security system to protect against hackers for the proactive automated defense against hackers by automatically finding, reporting, communicating with countermeasures about and removing the common vulnerabilities and exposures (CVEs) that they exploit.

Description

RELATED APPLICATIONS [0001] This application claims priority to U.S. Provisional Application No. 60 / 489,982, filed Jul. 25, 2003, the specification of which is incorporated herein by reference in its entirety.BACKGROUND [0002] For years, network administrators have been plagued by the issue of unauthorized users (hackers) who gain entry to the network by probing for weaknesses or misrepresenting their intentions when asking to use certain network services, such as asking for a network user to read an email message. As such, it can be appreciated that anti hacker security system have been in use for years. Typically, anti hacker security systems are comprised of information security (INFOSEC) appliances that protect computers and computer-based networks against attacks from hackers. These appliances are typically sold as point-solutions and countermeasures ranging from Firewalls (FW), virtual private networks (VPNS) AntiVirus Servers (AVS), Anti Distributed Denial of Service (Anti-DD...

AI Technical Summary

Benefits of technology

[0008] The software engine may securely and dynamically update one or all components of the INFOSEC ENGINE and / or all INFOSEC ENGINE PLUGINs as well as other key security components. The software engine acts as a gateway between users, personal computers, servers, services and the computer network (internet, intranet, extranet, wide area network, wireless network or local area network). An Information Security (INFOSEC) software component may plug into the INFOSEC engine to, from time to time, expand the INFOSEC capabilities. Sample PLUGINs may include Firewalls (FW), virtual private networks (VPNs) AntiVirus Servers (AVS), Anti Distributed Denial of Service (Anti-DDoS), Certificate Authorities (CA), Content Filtering and Application Caching (PROXY), Encryption Acceleration and Secure Sockets Layer (SSL), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Vulnerability Assessment (VA), Vulnerability Remediation (VR), and Wireless Security (802.11b) using Wireless Encryption Protocol (WEP), Clustering and High Availability (HA). The system may also include an operating system that has been hardened against known weaknesses and attack methodologies of hackers. In a further optional embodiment, the system may include a software component that enables the INFOSEC Engine to be deployed on more than one system that can act as a single INFOSEC Engine through a computer network. An optional software component “heart-beat” monitor may exchange heartbeat signals between two or more INFOSEC appliances and enables one appliance to takeover for another should the other malfunction. The systems and methods described herein can be operated on conventional hardware platforms including Personal Computer (PC) or generic server appliances that run the Windows or Linux operating systems. Optionally, the systems may employ a client-server modular based software structure for secure, authenticated an non-repudiable communications between the Proactive Network Security system and a traditional Countermeasures System to increase the probability that a hacker will not be able to break into the existing network infrastructure through automated vulnerability assessment, reporting, and remediation.

[0019] Another object is to provide a proactive network security system to protect against hackers that can perform numerous INFOSEC functions in one “open box” appliance that scales in physical size from a small PC to a large generic server appliance. Should these INFOSEC functions exist in another network security appliance, the systems described herein shall be able to communicate with said INFOSEC countermeasure through a well-defined and secure communication interface to enable more proactive network security through automation.

Problems solved by technology

For years, network administrators have been plagued by the issue of unauthorized users (hackers) who gain entry to the network by probing for weaknesses or misrepresenting their intentions when asking to use certain network services, such as asking for a network user to read an email message.

The main problem with conventional anti hacker security system are they are not designed to stop hackers, instead they are countermeasures that react to threats.

Thus, today's security systems still leave the network vulnerable to attack, although they are capable of addressing certain attacks once the attack is identified.

Another problem with conventional anti hacker security systems is that they are typically built as proprietary systems, resulting in long design, development and release cycles.

This of course can be problematic as hackers release new attacks quite frequently, and because of the Internet, these many of today's attacks spread with breathtaking speed from one network to another.

Unfortunately, most of today's INFOSEC solutions are hard to upgrade and manage.

In fact, many INFOSEC systems today are “hard wired” with one or more network adapter interface for a 10 megabits per second network and if the network performance requirements move to 100 megabits per second or a gigabit per second, these INFOSEC appliances become bottlenecks to network performance and therefore detract from user productivity.

Still another problem with conventional anti hacker security system are that each INFOSEC appliance has a completely different and unique administrative interface.

After deploying more than a few of these appliances, it becomes extremely difficult for System Administrators (SYSADMINs) to manage these systems.

Images