公开(公告)号：US06567808B1

公开(公告)日：2003-05-20

申请号：US09540973

申请日：2000-03-31

申请人： Gerhard Eschelbeck ,  Andreas Schlemmer ,  Peter Blaimschein

发明人： Gerhard Eschelbeck ,  Andreas Schlemmer ,  Peter Blaimschein

IPC分类号： G06F1730

CPC分类号： G06F9/465 ,  G06F21/50 ,  H04L67/2838 ,  Y10S707/99939

摘要： A system and process for brokering a plurality of security applications using a centralized broker in a distributed computing environment is described. A centralized broker is executed on a designated system within the distributed computing environment. A set of snap-in components are provided with each performing a common management task sharable by a plurality of security applications. A console interface is exposed from the centralized broker. The console interface implements a plurality of browser methods which each define an browser function which can be invoked by each snap-in component. A set of snap-in interfaces are exposed from each snap-in component. Each snap-in interface implements a plurality of service methods which each define a user-interface function which can be invoked by the centralized broker. One or more security applications are brokered through the centralized broker. Each security application is interfaced to the centralized broker through the snap-in components. Each security application is managed by invoking at least one such browser method via the console interface. A plurality of the security applications are centrally serviced by invoking at least one such service method via at least one such snap-in interface.

摘要翻译： 描述了在分布式计算环境中使用集中式代理来代理多个安全应用的系统和过程。 在分布式计算环境中的指定系统上执行中央代理。 提供了一组管理单元，每个管理单元执行由多个安全应用可共享的公共管理任务。 控制台界面从集中式代理公开。 控制台界面实现多个浏览器方法，每个浏览器方法定义可由每个管理单元组件调用的浏览器功能。 一组管理接口从每个管理单元暴露出来。 每个管理接口实现多个服务方法，每个服务方法定义可由集中式代理调用的用户界面功能。 一个或多个安全应用程序通过集中式代理经纪。 每个安全应用程序通过管理单元组件连接到集中式代理。 通过控制台界面调用至少一个这样的浏览器方法来管理每个安全应用程序。 多个安全应用程序通过至少一个这样的管理接口调用至少一个这样的服务方法来集中服务。

公开(公告)号：US06687833B1

公开(公告)日：2004-02-03

申请号：US09405652

申请日：1999-09-24

申请人： Anthony Charles Osborne ,  Bruce Robert Leidl ,  Gerhard Eschelbeck ,  Andrea Emilio Villa

发明人： Anthony Charles Osborne ,  Bruce Robert Leidl ,  Gerhard Eschelbeck ,  Andrea Emilio Villa

IPC分类号： H04L900

CPC分类号： H04L63/10 ,  H04L63/1416 ,  H04L63/1491

摘要： A system and method for providing a network host decoy on a virtual host using a pseudo implementation of a network protocol stack are described. A hierarchical network protocol stack is functionally defined and includes a plurality of communicatively interfaced protocol layers. A request frame originating from a remote host is received. The request frame includes a plurality of recursively encapsulated data segments which each correspond to a successive protocol layer in the network protocol stack. At each protocol layer, processing a header associated with the encapsulated data segment demultiplexs each encapsulated data segment in the request frame. Any requested network service is performed and any recursively encapsulated portion is forwarded to the next successive protocol layer. A plurality of pseudo data segments corresponding to each of the protocol layers in the network protocol stack is formed. Each pseudo data segment includes a header and data portion. The header includes network protocol stack characteristics for a pseudo host different than the network protocol stack characteristics for the virtual host. Each of the pseudo data segments within a response frame is recursively encapsulated. A network address for the pseudo host different than the network address for the virtual host is inserted into the response frame. The response frame is sent to the remote host.

摘要翻译： 描述了使用网络协议栈的伪实现在虚拟主机上提供网络主机诱饵的系统和方法。 分层网络协议栈在功能上被定义并且包括多个通信接口的协议层。 收到源自远程主机的请求帧。 请求帧包括多个递归封装的数据段，每个数据段对应于网络协议栈中的连续协议层。 在每个协议层，处理与封装的数据段相关联的报头对请求帧中的每个封装的数据段进行解复用。 执行任何请求的网络服务，并将任何递归封装的部分转发到下一个连续的协议层。 形成与网​​络协议栈中的每个协议层对应的多个伪数据段。 每个伪数据段包括报头和数据部分。 该报头包括与虚拟主机的网络协议栈特性不同的伪主机的网络协议栈特性。 响应帧内的每个伪数据段被递归地封装。 与虚拟主机的网络地址不同的伪主机的网络地址插入到响应帧中。 响应帧发送到远程主机。

公开(公告)号：US06826698B1

公开(公告)日：2004-11-30

申请号：US09663863

申请日：2000-09-15

申请人： Ilya Minkin ,  Igor V. Balabine ,  Gerhard Eschelbeck

发明人： Ilya Minkin ,  Igor V. Balabine ,  Gerhard Eschelbeck

IPC分类号： G06F1130

CPC分类号： H04L63/0263

摘要： A system, method and computer program product are provided for affording network security features. A plurality of network objects are identified. Rule sets associated with one or more of the identified network objects are retrieved. Each rule set includes a plurality of policy rules that govern actions relating to the identified network objects. Overlapping policy rules of the rule sets are reconciled amongst the network objects. The reconciled rule sets are executed. A computer program product and a method are also provided for establishing network security. A plurality of network objects of a network and a plurality of rule sets are provided. The network objects are associated with the rule sets. The rule sets include a plurality of policy rules that govern actions relating to the identified network objects during operation of the network.

摘要翻译： 提供了一种提供网络安全特性的系统，方法和计算机程序产品。 识别多个网络对象。 检索与一个或多个所识别的网络对象相关联的规则集。 每个规则集包括管理与所识别的网络对象有关的动作的多个策略规则。 规则集的重叠策略规则在网络对象之间进行协调。 协调的规则集被执行。 还提供了用于建立网络安全性的计算机程序产品和方法。 提供网络的多个网络对象和多个规则集。 网络对象与规则集相关联。 规则集包括在网络操作期间管理与所识别的网络对象有关的动作的多个策略规则。

公开(公告)号：US06611869B1

公开(公告)日：2003-08-26

申请号：US09540821

申请日：2000-03-31

申请人： Gerhard Eschelbeck ,  Andrea Villa

发明人： Gerhard Eschelbeck ,  Andrea Villa

IPC分类号： G06F1516

CPC分类号： H04L41/0213 ,  H04L41/046 ,  H04L41/0604 ,  H04L41/069 ,  H04L41/22 ,  H04L63/0823 ,  H04L63/20 ,  H04L67/10 ,  Y10S707/99939

摘要： A system and a method for providing trustworthy network security concern communication in an active security management environment are described. A digital certificate including a validated server identifier for a server system is stored on a client system. A digital certificate including a validated client identifier for the client system is stored on the server system. A communications session between the client system and the server system is established. The communications session includes a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate. A certogram is generated upon the occurrence of a network security concern on the client system. The certogram encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram. The certogram is processed on the server system. The certogram is validated using the validated client identifier stored in the client digital certificate. The network security concern notification and the suggested action enclosed within the validated certogram are evaluated.

摘要翻译： 描述了在主动安全管理环境中提供可靠的网络安全性关系通信的系统和方法。 包括服务器系统的经过验证的服务器标识符的数字证书存储在客户端系统上。 包括客户端系统的验证客户端标识符的数字证书存储在服务器系统上。 建立客户端系统与服务器系统之间的通信会话。 通信会话包括使用存储的客户端数字证书和存储的服务器数字证书来认证客户端系统和服务器系统中的每一个的安全套接字连接。 在客户端系统发生网络安全问题时会生成一个字符串。 该字符串包含网络安全关注事件的通知，以及响应于该图示的建议动作。 在服务器系统上处理该字符。 使用存储在客户端数字证书中的验证客户端标识符验证该图。 评估网络安全关注通知和包含在验证的图中的建议操作。

公开(公告)号：US06553377B1

公开(公告)日：2003-04-22

申请号：US09541355

申请日：2000-03-31

申请人： Gerhard Eschelbeck ,  Thomas Steiner ,  Mayr Johannes

发明人： Gerhard Eschelbeck ,  Thomas Steiner ,  Mayr Johannes

IPC分类号： G06F1730

CPC分类号： H04L63/20 ,  G06F21/50 ,  H04L63/168 ,  Y10S707/99945

摘要： A system and a process for maintaining a plurality of remote security applications using a centralized broker in a distributed computing environment are described. A centralized broker is executed on a designated system within the distributed computing environment. A console interface from the centralized broker is exposed. The console interface implements a plurality of browser methods which each define a browser function which can be invoked by a plurality of snap-in components. A namespace snap-in component is defined and includes a logical grouping identifying at least one remote security application being executed on a remote system within the distributed computing environment. A namespace interface from the namespace snap-in component is exposed. The namespace interface implements a plurality of namespace methods each defining a storage function which can be invoked by the centralized broker. A repository including a plurality of storages corresponding to each remote system is formed. Each storage includes a set of attributes describing each such remote security application defined within the namespace snap-in component.

摘要翻译： 描述了在分布式计算环境中使用集中式代理维护多个远程安全应用的系统和过程。 在分布式计算环境中的指定系统上执行中央代理。 来自集中式代理的控制台界面暴露出来。 控制台界面实现多个浏览器方法，每个浏览器方法定义可由多个管理单元调用的浏览器功能。 定义了命名空间管理单元组件，并且包括标识在分布式计算环境中的远程系统上正在执行的至少一个远程安全应用程序的逻辑分组。 来自命名空间管理单元组件的命名空间接口被公开。 命名空间接口实现多个命名空间方法，每个方法定义可由集中式代理调用的存储功能。 形成包括对应于每个远程系统的多个存储器的存储库。 每个存储包括描述在命名空间管理单元组件中定义的每个这样的远程安全应用程序的一组属性。

公开(公告)号：US06553378B1

公开(公告)日：2003-04-22

申请号：US09541365

申请日：2000-03-31

申请人： Gerhard Eschelbeck

发明人： Gerhard Eschelbeck

IPC分类号： G06F1730

CPC分类号： G06F11/0775 ,  G06F11/0748 ,  G06F11/3495 ,  H04L41/046 ,  H04L41/069 ,  Y10S707/99931

摘要： A system and a process for reporting network events using hierarchically-structured event databases in a distributed computing environment are disclosed. A centralized broker is executed on a designated system within the distributed computing environment. At least one security application is provided as a plug-in component on a client system interfaced remotely to the centralized broker. A local event database is maintained on the client system. The local event database includes a set of entries in which network events generated by the at least one security application are transitorily stored. Network events forwarded from the local event database are received via a communications server service. The communications server service exposes a set of communication interfaces implementing a plurality of event methods. Each communication interface defines an event management function which can be invoked by the centralized broker. Network entries in a centralized event database are accessed responsive to calls on the event management functions by the centralized broker. The centralized event database is maintained on the designated system. The centralized event database includes a set of entries in which network events received via the communications server service are stored.

摘要翻译： 公开了一种在分布式计算环境中使用分层结构的事件数据库报告网络事件的系统和过程。 在分布式计算环境中的指定系统上执行中央代理。 至少一个安全应用程序作为远程连接到集中式代理的客户端系统上的插件组件提供。 在客户端系统上维护本地事件数据库。 本地事件数据库包括一组条目，其中由至少一个安全应用程序生成的网络事件被超级存储。 通过通信服务器服务接收从本地事件数据库转发的网络事件。 通信服务器服务公开了实现多个事件方法的一组通信接口。 每个通信接口定义一个可由集中式代理调用的事件管理功能。 响应于集中式代理对事件管理功能的调用，访问集中式事件数据库中的网络条目。 集中式事件数据库保持在指定的系统上。 集中式事件数据库包括存储通过通信服务器服务接收的网络事件的一组条目。

公开(公告)号：US06550012B1

公开(公告)日：2003-04-15

申请号：US09328177

申请日：1999-06-08

申请人： Emilio Villa ,  Adrian Zidaritz ,  Michael David Varga ,  Gerhard Eschelbeck ,  Michael Kevin Jones ,  Mark James McArdle

发明人： Emilio Villa ,  Adrian Zidaritz ,  Michael David Varga ,  Gerhard Eschelbeck ,  Michael Kevin Jones ,  Mark James McArdle

IPC分类号： G06F1130

CPC分类号： H04L63/0218 ,  H04L63/0263 ,  H04L63/0823 ,  H04L63/20

摘要： System and methodology providing automated or “proactive” network security (“active” firewall) are described. The system implements methodology for verifying or authenticating communications, especially between network security components thereby allowing those components to share information. In one embodiment, a system implementing an active firewall is provided which includes methodology for verifying or authenticating communications between network components (e.g., sensor(s), arbiter, and actor(s)), using cryptographic keys or digital certificates. Certificates may be used to digitally sign a message or file and, in a complementary manner, to verify a digital signature. At the outset, particular software components that may participate in authenticated communication are specified, including creating a digital certificate for each such software component. Upon detection by a sensor that an event of interest that has occurred in the computer network system, the system may initiate authenticated communication between the sensor component and a central arbiter (e.g., “event orchestrator”) component, so that the sensor may report the event to the arbiter or “brain.” Thereafter, the arbiter (if it chooses to act on that information) initiates authenticated communication between itself and a third software component, an “actor” component (e.g., “firewall”). The arbiter may indicate to the actor how it should handle the event. The actor or firewall, upon receiving the information, may now undertake appropriate action, such as dynamically creating or modifying rules for appropriately handling the event, or it may choose to simply ignore the information.

摘要翻译： 描述了提供自动或“主动”网络安全（“主动”防火墙）的系统和方法。 该系统实现用于验证或认证通信的方法，特别是在网络安全组件之间，从而允许这些组件共享信息。 在一个实施例中，提供了实现主动防火墙的系统，其包括使用加密密钥或数字证书验证或认证网络组件（例如，传感器，仲裁器和演员）之间的通信的方法。 证书可用于对消息或文件进行数字签名，并以互补的方式验证数字签名。 首先指定可能参与认证通信的特定软件组件，包括为每个这样的软件组件创建数字证书。 在传感器检测到在计算机网络系统中发生的感兴趣的事件时，系统可以启动传感器组件和中央仲裁器（例如，“事件编排器”）组件之间的认证通信，使得传感器可以报告 事件到仲裁者或“大脑”。 此后，仲裁者（如果选择对该信息采取行动）发起自身与第三软件组件，“演员”组件（例如，“防火墙”）之间的认证通信。 仲裁者可以向演员说明应该如何处理事件。 演员或防火墙在收到信息后，现在可以采取适当的行动，例如动态创建或修改适当处理事件的规则，或者可以选择简单地忽略该信息。