-
公开(公告)号:US20120216273A1
公开(公告)日:2012-08-23
申请号:US13030360
申请日:2011-02-18
申请人: James Rolette , Edward Ross , Damon Fleury
发明人: James Rolette , Edward Ross , Damon Fleury
IPC分类号: G06F17/00
CPC分类号: G06F21/577 , G06F2221/033 , H04L12/4641 , H04L63/0209 , H04L63/0227
摘要: Securing a virtual environment includes: in a host device, intercepting a packet addressed to a virtual machine implemented by the host device; redirecting the packet to a security device external to the host device through an egress tunnel; and delivering the packet to the virtual machine if the host device receives an indication from the security device that the packet is approved.
摘要翻译: 保护虚拟环境包括:在主机设备中拦截由主机设备实现的寻址到虚拟机的分组; 通过出口隧道将数据包重定向到主机设备外部的安全设备; 以及如果所述主机设备从所述安全设备接收到所述分组被批准的指示,则将所述分组递送到所述虚拟机。
-
公开(公告)号:US09460289B2
公开(公告)日:2016-10-04
申请号:US13030360
申请日:2011-02-18
申请人: James Rolette , Edward Ross , Damon Fleury
发明人: James Rolette , Edward Ross , Damon Fleury
CPC分类号: G06F21/577 , G06F2221/033 , H04L12/4641 , H04L63/0209 , H04L63/0227
摘要: Securing a virtual environment includes: in a host device, intercepting a packet addressed to a virtual machine implemented by the host device; redirecting the packet to a security device external to the host device through an egress tunnel; and delivering the packet to the virtual machine if the host device receives an indication from the security device that the packet is approved.
摘要翻译: 保护虚拟环境包括:在主机设备中拦截由主机设备实现的寻址到虚拟机的分组; 通过出口隧道将数据包重定向到主机设备外部的安全设备; 以及如果所述主机设备从所述安全设备接收到所述分组被批准的指示,则将所述分组递送到所述虚拟机。
-
公开(公告)号:US20140153435A1
公开(公告)日:2014-06-05
申请号:US14235112
申请日:2011-08-31
IPC分类号: H04L12/26
CPC分类号: H04L43/062 , H04L41/0893 , H04L41/5054 , H04L43/026 , H04L43/028 , H04L63/0245 , H04L63/1408 , H04L63/145
摘要: Packet inspection in a network device includes a first stage circuit to monitor packets being switched by a network interface in the network device. The first stage circuit includes at least one pattern matcher to identify selected flows in the packets satisfying first criteria and to divert the selected flows from standard processing in the network interface. A second stage circuit receives the selected flows, performs deep packet inspection on the selected flows to identify further selected flows satisfying a second criteria, and controls the network interface to apply alternative processing to the further selected flows and allow the selected flows other than the further selected flows to rejoin the standard processing.
摘要翻译: 网络设备中的分组检测包括:第一阶段电路,用于监视由网络设备中的网络接口切换的分组。 第一级电路包括至少一个模式匹配器,用于识别满足第一标准的分组中的所选流,并且从网络接口中的标准处理转移所选择的流。 第二级电路接收所选择的流,对所选择的流执行深度分组检查,以识别满足第二标准的进一步选择的流,并且控制网络接口对另外选择的流应用替代处理,并允许除了另外的流 选择流量重新加入标准处理。
-
-
搜索结果
3 条记录 (耗时 0.011 秒)
