System And Method For Intrusion Prevention In A Communications Network

a communications network and intrusion prevention technology, applied in the field of network security, can solve the problem of preventing known users from gaining access to application resources, and achieve the effect of preventing unwanted connections

Inactive Publication Date: 2008-11-06
LIQUIDWARE LABS
View PDF33 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0007]The present invention provides an access control and user session layer security framework. It prevents unwanted connections to new and existing computing resources. It prevents unknown devices and / or users from establishing communication connections to the infrastructure. It prevents unknown devices and / or users from establishing sessions to shared application resources. It prevents known users from gaining access to application resources that are not required in the execution of their area of responsibility.
[0008]Unlike traditional intrusion detection systems, the present invention prevents intrusions rather than simply alerting a network administrator that an intrusion is occurring. The technique used by this invention is the first security approach that links business process to enabled technology utilization; thereby preventing anomalies in access and session establishment. It utilizes authentication through real-time protocol manipulation.
[0009]The invention requires granted authentication at the hardware and user session levels; thus linking hardware access to user requested services. By securing granted permissions at these levels, strange or unknown hardware devices are prevented from communicating with the network infrastructure; thus preventing threats associated with “walk-in” intrusions. Additionally, application resources are secured by controlling where user sessions are allowed; thus preventing “insiders” from gaining access to non-permitted resources and data.
[0010]The invention prevents the initiation of communication establishment through extended manipulation of the communication protocol. This approach places the decision point to the forefront of connection establishment rather than current methods of detecting unwanted “active” utilization or flow. It also eliminates the requirement for “state-full” inspection of every packet associated with end-to-end flows of utilization; thus lowering the performance burden normally associated with intrusion detection.

Problems solved by technology

It prevents known users from gaining access to application resources that are not required in the execution of their area of responsibility.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System And Method For Intrusion Prevention In A Communications Network
  • System And Method For Intrusion Prevention In A Communications Network
  • System And Method For Intrusion Prevention In A Communications Network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022]The following detailed description of the present invention is provided as an enabling teaching of the invention in its best, currently known embodiment. Those skilled in the relevant art will recognize that many changes can be made to the embodiment described, while still obtaining the beneficial results of the present invention. It will also be apparent that some of the desired benefits of the present invention can be obtained by selecting some of the features of the present invention without using other features. Accordingly, those who work in the art will recognize that many modifications and adaptations to the present invention are possible and may even be desirable in certain circumstances, and are a part of the present invention. Thus, the following description is provided as illustrative of the principles of the present invention and not in limitation thereof, since the scope of the present invention is defined by the claims.

[0023]The objective of the invention is to p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method and system for monitoring UDP communications and for preventing unauthorized UDP communications within a computer network. A method for managing access to a resource comprises assigning a unique user identifier to each authorized user, upon initiation of a UDP communication initialed by a specific authorized user for access to a specific resource, appending the unique user identifier of the specific authorized user to each UDP packet of the UDP communication, intercepting the plurality of UDP packets within the computer network, extracting the unique user identifier from each UDP packet to identify the specific authorized user associated with the respective UDP packet, and allowing each respective UDP packet to reach the specific resource as a function of the unique user identifier extracted from the respective UDP packet.

Description

CROSS-REFERENCE TO RELATED APPLICATION[0001]This application is a continuation and claims benefit under 35 U.S.C. § 120 of U.S. patent application Ser. No. 10 / 065,775, filed Nov. 18, 2002, now U.S. Pat. No. 7,386,889, entitled “System and Method for Intrusion Prevention in a Communications Network,” by A. David Shay, the disclosure of which is hereby incorporated herein in its entirety by reference.BACKGROUND OF THE INVENTION[0002]This invention relates generally to network security. More specifically, the invention relates to a system and method for providing trusted communications and preventing intrusions in computer communications networks from occurring.[0003]In the current state of the art, the common approach to communications network security is an attempt to identify occurrences of attacker activity after the attacker is present. This requires infrastructure inspections of every packet flow and a state-full inspection at the packet level. After performing all of this work m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(United States)
IPC IPC(8): G06F21/00H04L29/06
CPCH04L63/02H04L63/0227H04L63/0236H04L63/0807H04L63/162
Inventor SHAY, A. DAVID
Owner LIQUIDWARE LABS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap