-
公开(公告)号:US08429736B2
公开(公告)日:2013-04-23
申请号:US12116347
申请日:2008-05-07
申请人: Michael W. Green , David Diehl , Michael J. Karels
发明人: Michael W. Green , David Diehl , Michael J. Karels
IPC分类号: G06F9/00
CPC分类号: H04L63/0281 , H04L63/029 , H04L69/326
摘要: A proxy device such as a firewall uses an internal socket namespace such as a text string such that connection requests must be explicitly redirected to a listening socket in the alternate namespace in order to connect to a service. Because external connections cannot directly address the listening socket or service, greater security is provided than with traditional firewall or proxy devices. To receive a redirected proxy connection, a service process creates a listening socket and binds a name in an alternate namespace to the socket before listening for connections.
摘要翻译: 代理设备(如防火墙)使用内部套接字命名空间(例如文本字符串),以便连接请求必须显式重定向到备用命名空间中的侦听套接字以连接到服务。 由于外部连接不能直接处理侦听套接字或服务,因此与传统的防火墙或代理设备相比,提供了更高的安全性。 要接收重定向的代理连接,服务进程将创建一个侦听套接字,并在侦听连接之前将备用命名空间中的名称绑定到套接字。
-
公开(公告)号:US20090282471A1
公开(公告)日:2009-11-12
申请号:US12116347
申请日:2008-05-07
申请人: Michael W. Green , David Diehl , Michael J. Karels
发明人: Michael W. Green , David Diehl , Michael J. Karels
CPC分类号: H04L63/0281 , H04L63/029 , H04L69/326
摘要: A proxy device such as a firewall uses an internal socket namespace such as a text string such that connection requests must be explicitly redirected to a listening socket in the alternate namespace in order to connect to a service. Because external connections cannot directly address the listening socket or service, greater security is provided than with traditional firewall or proxy devices. To receive a redirected proxy connection, a service process creates a listening socket and binds a name in an alternate namespace to the socket before listening for connections.
摘要翻译: 代理设备(如防火墙)使用内部套接字命名空间(例如文本字符串),以便连接请求必须显式重定向到备用命名空间中的侦听套接字以连接到服务。 由于外部连接不能直接处理侦听套接字或服务,因此与传统的防火墙或代理设备相比,提供了更高的安全性。 要接收重定向的代理连接,服务进程将创建一个侦听套接字,并在侦听连接之前将备用命名空间中的名称绑定到套接字。
-
公开(公告)号:US20090222877A1
公开(公告)日:2009-09-03
申请号:US12039490
申请日:2008-02-28
IPC分类号: G06F21/00
CPC分类号: H04L63/0263 , H04L63/1416
摘要: A computer network device comprises an intrusion prevention rule set comprising a plurality of rules, each of the plurality of rules associated with two or more rule classification parameters, and an intrusion prevention module that is operable to use two or more of the classification parameters associated with the plurality of intrusion protection rules to selectively apply the rules to provide network intrusion protection of network traffic
摘要翻译: 计算机网络设备包括入侵防御规则集,其包括多个规则,与两个或多个规则分类参数相关联的多个规则中的每个规则,以及入侵防御模块,其可操作以使用两个或更多个与 多个入侵保护规则选择性地应用规则来提供网络流量的网络入侵保护
-
公开(公告)号:US08561129B2
公开(公告)日:2013-10-15
申请号:US12039490
申请日:2008-02-28
CPC分类号: H04L63/0263 , H04L63/1416
摘要: A computer network device comprises an intrusion prevention rule set comprising a plurality of rules, each of the plurality of rules associated with two or more rule classification parameters, and an intrusion prevention module that is operable to use two or more of the classification parameters associated with the plurality of intrusion protection rules to selectively apply the rules to provide network intrusion protection of network traffic.
摘要翻译: 计算机网络设备包括入侵防御规则集,其包括多个规则,与两个或多个规则分类参数相关联的多个规则中的每个规则,以及入侵防御模块,其可操作以使用两个或更多个与 多个入侵保护规则选择性地应用规则来提供网络流量的网络入侵保护。
-
5.发明授权公开(公告)号:US08713668B2
公开(公告)日:2014-04-29
申请号:US13275249
申请日:2011-10-17
IPC分类号: H04L29/06
CPC分类号: H04L63/0227 , G06F2221/2101 , H04L43/10 , H04L63/0209 , H04L63/0442
摘要: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.
摘要翻译: 在一个示例实施例中提供了一种方法,其包括通过元数据信道从主机接收元数据。 元数据可以与网络流相关联,并且网络策略可以应用于连接。 在其他实施例中,可以从主机接收没有与流相关联的元数据的网络流,并且可以向主机发送发现重定向。 然后可以接收元数据并与流相关联,以识别应用于流的网络策略动作。
-
6.发明申请公开(公告)号:US20130097658A1
公开(公告)日:2013-04-18
申请号:US13275249
申请日:2011-10-17
IPC分类号: G06F21/00
CPC分类号: H04L63/0227 , G06F2221/2101 , H04L43/10 , H04L63/0209 , H04L63/0442
摘要: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.
摘要翻译: 在一个示例实施例中提供了一种方法,其包括通过元数据信道从主机接收元数据。 元数据可以与网络流相关联,并且网络策略可以应用于连接。 在其他实施例中,可以从主机接收没有与流相关联的元数据的网络流,并且可以向主机发送发现重定向。 然后可以接收元数据并与流相关联,以识别应用于流的网络策略动作。
-
7.发明申请SYSTEM AND METHOD FOR HOST-INITIATED FIREWALL DISCOVERY IN A NETWORK ENVIRONMENT 有权网络环境中主动防火发现的系统和方法公开(公告)号:US20130097692A1
公开(公告)日:2013-04-18
申请号:US13275196
申请日:2011-10-17
IPC分类号: G06F21/00
CPC分类号: G06F21/00 , G06F21/30 , H04L61/2514 , H04L63/0254 , H04L63/029 , H04L63/10 , H04L67/16
摘要: A method is provided in one example embodiment that includes intercepting a network flow to a destination node having a network address and sending a discovery query based on a discovery action associated with the network address in a firewall cache. A discovery result may be received and metadata associated with the flow may be sent to a firewall before releasing the network flow. In other embodiments, a discovery query may be received from a source node and a discovery result sent to the source node, wherein the discovery result identifies a firewall for managing a route to a destination node. Metadata may be received from the source node over a metadata channel. A network flow from the source node to the destination node may be intercepted, and the metadata may be correlated with the network flow to apply a network policy to the network flow.
摘要翻译: 在一个示例实施例中提供了一种方法,其包括拦截具有网络地址的目的地节点的网络流,并且基于与防火墙高速缓存中的网络地址相关联的发现动作来发送发现查询。 可以接收到发现结果,并且在释放网络流之前可以将与流相关联的元数据发送到防火墙。 在其他实施例中,可以从源节点接收发现查询和发送到源节点的发现结果,其中发现结果标识用于管理到目的地节点的路由的防火墙。 可以通过元数据信道从源节点接收元数据。 可以拦截从源节点到目的地节点的网络流,并且元数据可以与网络流相关联,以将网络策略应用于网络流。
-
公开(公告)号:US4767143A
公开(公告)日:1988-08-30
申请号:US17449
申请日:1987-02-24
申请人: Leroy D. Michael , Michael W. Green
发明人: Leroy D. Michael , Michael W. Green
CPC分类号: B65G47/914 , B25J15/0616
摘要: A robot hand for grasping objects having substantially planar faces includes a base and a plurality of arms extending from the base. A plurality of vacuum cups are supported on and radially movable along the arms. Pivotal drive means pivot the arms, radial drive means move the cups along the arms, and vacuum means apply a vacuum to the cups. The cups are readily positioned to permit lifting and transporting of objects such as plies and the like, including those objects having irregular planar shapes.
摘要翻译: 用于抓握具有基本上平面的物体的机器人手包括基部和从基部延伸的多个臂。 多个真空杯被支撑在臂上并且可沿着臂可径向移动。 枢转驱动装置枢转臂,径向驱动装置沿着手臂移动杯子,真空装置对杯子施加真空。 这些杯容易定位,以允许物体(例如帘布层等)的提升和运输,包括那些具有不规则平面形状的物体。
-
公开(公告)号:US6003084A
公开(公告)日:1999-12-14
申请号:US713424
申请日:1996-09-13
CPC分类号: H04L63/0281 , H04L29/06 , H04L67/14 , H04L69/24 , H04L69/32 , H04L69/326 , H04L69/327 , H04L69/328
摘要: A proxy which is part of a firewall program controls exchanges of information between two application entities. The proxy interrogates attempts to establish a communication session by requesting entities with a server entity in lower layers in accordance with defined authentication procedures. The proxy interfaces with networking software to direct a communication stack to monitor connection requests to any address on specific ports. The requestor's address, and the server's address are checked against an access control list. If either address is invalid, the proxy closes the connection. If both are valid, a new connection is setup such that both the requestor and server are transparently connected to the proxy with variable higher levels being connected in a relay mode. Protocol data units are interrogated for conformance to a protocol session, and optionally further decoded to add additional application specific filtering. In one embodiment, an OSI architecture comprises the levels.
摘要翻译: 作为防火墙程序一部分的代理控制两个应用实体之间的信息交换。 代理询问通过根据定义的认证过程请求具有较低层中的服务器实体的实体来建立通信会话的尝试。 代理与网络软件接口,以指示通信栈来监视特定端口上任何地址的连接请求。 根据访问控制列表检查请求者的地址和服务器的地址。 如果任一地址无效,代理将关闭连接。 如果两者都有效,则建立新的连接,使得请求者和服务器透明地连接到代理,其中可变的较高级别以中继模式连接。 询问协议数据单元以符合协议会话,并且可选地进一步解码以添加附加的特定应用过滤。 在一个实施例中,OSI架构包括这些级别。
-
10.发明授权System and method for determining and using local reputations of users and hosts to protect information in a network environment 有权用于确定和使用用户和主机的本地声誉以保护网络环境中的信息的系统和方法公开(公告)号:US08931043B2
公开(公告)日:2015-01-06
申请号:US13443865
申请日:2012-04-10
CPC分类号: H04L63/20 , G06F21/552 , G06F21/566 , G06F21/577 , H04L63/10 , H04L63/1408 , H04L63/1441
摘要: A method in an example embodiment includes correlating a first set of event data from a private network and determining a local reputation score of a host in the private network based on correlating the first set of event data. The method further includes providing the local reputation score of the host to a security node, which applies a policy, based on the local reputation score of the host, to a network communication associated with the host. In specific embodiments, the local reputation score of the host is mapped to a network address of the host. In further embodiments, the first set of event data includes one or more event indicators representing one or more events, respectively, in the private network. In more specific embodiments, the method includes determining a local reputation score of a user and providing the local reputation score of the user to the security node.
摘要翻译: 一个示例性实施例中的方法包括:将来自专用网络的第一组事件数据相关联,并且基于将第一组事件数据相关联来确定专用网络中的主机的本地信誉评分。 该方法还包括将主机的本地信誉评分提供给安全节点,安全节点将基于主机的本地信誉得分的策略应用于与主机相关联的网络通信。 在具体实施例中,主机的本地信誉得分映射到主机的网络地址。 在另外的实施例中,第一组事件数据包括分别表示专用网络中的一个或多个事件的一个或多个事件指示符。 在更具体的实施例中,该方法包括确定用户的本地信誉得分并将用户的本地信誉评分提供给安全节点。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.024 秒)
