-
公开(公告)号:US07904960B2
公开(公告)日:2011-03-08
申请号:US10832588
申请日:2004-04-27
IPC分类号: H04L9/00
CPC分类号: H04L63/1416
摘要: Systems and methods for virtualizing network intrusion detection system (IDS) functions based on each packet's source and/or destination host computer operating system (OS) type and characteristics are described. Virtualization is accomplished by fingerprinting each packet to determine the packet's target OS and then vetting each packet in a virtual IDS against a reduced set of threat signatures specific to the target OS. Each virtual IDS, whether operating on a separate computer or operating as a logically distinct process or separate thread running on a single computer processor, may also operate in parallel with other virtual IDS processes. IDS processing efficiency and speed are greatly increased by the fact that a much smaller subset of threat signature universe is used for each OS-specific packet threat vetting operation.
摘要翻译: 描述了基于每个数据包的源和/或目标主机操作系统(OS)类型和特性来虚拟化网络入侵检测系统(IDS)功能的系统和方法。 通过对每个数据包进行指纹识别来确定数据包的目标操作系统,然后根据目标操作系统特有的一组减少的威胁签名对虚拟IDS中的每个数据包进行审核,从而实现虚拟化。 每个虚拟IDS,无论是在单独的计算机上运行还是作为逻辑上不同的进程运行,或者在单个计算机处理器上运行的单独的线程,也可以与其他虚拟IDS进程并行运行。 IDS处理效率和速度大大增加,因为对于每个特定于操作系统的数据包威胁审核操作使用了威胁签名领域的一小部分。
-
公开(公告)号:US07574741B2
公开(公告)日:2009-08-11
申请号:US11110144
申请日:2005-04-20
申请人: James Aviani , Jean-Philippe Champagne , Matthew Gnagy , Michael Hall , Ravishankar Ganesh Ithal
发明人: James Aviani , Jean-Philippe Champagne , Matthew Gnagy , Michael Hall , Ravishankar Ganesh Ithal
CPC分类号: G06F21/554 , G06F21/56 , G06F2221/2127
摘要: A method and system for preventing the detection of an operating system by an intruder, the operating system installed on a host in a network, is provided. The intruder transmits a network probe for operating system detection. The network probe is identified and a response is generated to the network probe, generated by the operating system, is modified. The modified response provides the intruder with false information related to the operating system, thereby misleading the intruder about the type of operating system.
摘要翻译: 提供一种用于防止入侵者检测操作系统的方法和系统,安装在网络中的主机上的操作系统。 入侵者发送用于操作系统检测的网络探测器。 网络探测器被识别,并且由操作系统生成的对网络探测器的响应被修改。 修改的响应为入侵者提供与操作系统相关的虚假信息,从而误导入侵者有关操作系统的类型。
-
公开(公告)号:US07577837B1
公开(公告)日:2009-08-18
申请号:US10418877
申请日:2003-04-17
IPC分类号: H04L29/06
CPC分类号: H04L63/104 , H04L63/0428 , H04L63/164
摘要: A process for managing encrypted group communication according to a single security association (SA) for network traffic from a sender includes receiving a request for an encrypted communication among a plurality of network devices. A common decryption key and a common security parameters index (SPI) are provided to each of the network devices participating in the communication. The common security parameters index facilitates locating, in respective databases associated with each of the network devices, security association information that is associated with the common security association. Information is encrypted based on the common security association, and unicasted to each of the network devices. In an embodiment, the common security parameters index provided to each network device is established by the sender. For example, the SPI is established by a conference server and sent to each device participating in a voice conference.
摘要翻译: 根据用于来自发送方的网络业务的单个安全关联(SA)来管理加密组通信的过程包括在多个网络设备之间接收对加密通信的请求。 公共解密密钥和公共安全参数索引(SPI)被提供给参与通信的每个网络设备。 公共安全参数索引有助于在与每个网络设备相关联的相应数据库中定位与公共安全关联相关联的安全关联信息。 基于公共安全关联对信息进行加密,并单播到每个网络设备。 在一个实施例中,提供给每个网络设备的公共安全参数索引由发送者建立。 例如,SPI由会议服务器建立,并发送给参与语音会议的每个设备。
-
公开(公告)号:US20080289040A1
公开(公告)日:2008-11-20
申请号:US10832588
申请日:2004-04-27
IPC分类号: H04L9/00
CPC分类号: H04L63/1416
摘要: Systems and methods for virtualizing network intrusion detection system (IDS) functions based on each packet's source and/or destination host computer operating system (OS) type and characteristics are described. Virtualization is accomplished by fingerprinting each packet to determine the packet's target OS and then vetting each packet in a virtual IDS against a reduced set of threat signatures specific to the target OS. Each virtual IDS, whether operating on a separate computer or operating as a logically distinct process or separate thread running on a single computer processor, may also operate in parallel with other virtual IDS processes. IDS processing efficiency and speed are greatly increased by the fact that a much smaller subset of threat signature universe is used for each OS-specific packet threat vetting operation.
摘要翻译: 描述了基于每个数据包的源和/或目标主机操作系统(OS)类型和特性来虚拟化网络入侵检测系统(IDS)功能的系统和方法。 通过对每个数据包进行指纹识别来确定数据包的目标操作系统,然后根据目标操作系统特有的一组减少的威胁签名对虚拟IDS中的每个数据包进行审核,从而实现虚拟化。 每个虚拟IDS,无论是在单独的计算机上运行还是作为逻辑上不同的进程运行,或者在单个计算机处理器上运行的单独的线程,也可以与其他虚拟IDS进程并行运行。 IDS处理效率和速度大大增加,因为对于每个特定于操作系统的数据包威胁审核操作使用了威胁签名领域的一小部分。
-
-
-
搜索结果
4 条记录 (耗时 0.012 秒)
