-
1.发明授权Network appliance for vulnerability assessment auditing over multiple networks 有权用于通过多个网络进行漏洞评估审核的网络设备公开(公告)号:US07310669B2
公开(公告)日:2007-12-18
申请号:US11331776
申请日:2006-01-13
IPC分类号: G06F15/173 , H04L9/00 , G06F11/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L63/1408 , H04L63/1441 , H04L63/20
摘要: An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device's audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.
摘要翻译: 一种装置,系统和方法旨在实际上同时实现来自多个网络有利位置的网络漏洞的审计。 多个网络优势点可以包括但不限于远程/分支企业站点,企业周边的设备,安全边界的任一侧,甚至通过安全边界。 在一个实施例中,审计员执行反映的审计,从而延长对网络漏洞的审计,以提供对内部,外部和远程企业网络站点的全面360度审计。 在一个实施例中,可以使用单个审核设备来实现本发明,以及被配置为扩展审计设备的审计范围的一个或多个审计扩展设备。 审计设备和一个或多个审计扩展设备可以使用加密的网络信道通过安全边界和/或跨多个网络进行通信。
-
2.发明授权Network appliance for vulnerability assessment auditing over multiple networks 有权用于通过多个网络进行漏洞评估审核的网络设备公开(公告)号:US08554903B2
公开(公告)日:2013-10-08
申请号:US11877496
申请日:2007-10-23
IPC分类号: G06F15/173 , G06F11/00 , H04L9/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L63/1408 , H04L63/1441 , H04L63/20
摘要: An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device's audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.
摘要翻译: 一种装置,系统和方法旨在实际上同时实现来自多个网络有利位置的网络漏洞的审计。 多个网络优势点可以包括但不限于远程/分支企业站点,企业周边的设备,安全边界的任一侧,甚至通过安全边界。 在一个实施例中,审计员执行反映的审计,从而延长对网络漏洞的审计,以提供对内部,外部和远程企业网络站点的全面360度审计。 在一个实施例中,可以使用单个审核设备来实现本发明,以及被配置为扩展审计设备的审计范围的一个或多个审计扩展设备。 审计设备和一个或多个审计扩展设备可以使用加密的网络信道通过安全边界和/或跨多个网络进行通信。
-
公开(公告)号:US08520512B2
公开(公告)日:2013-08-27
申请号:US11461321
申请日:2006-07-31
IPC分类号: H04L12/28
CPC分类号: H04L63/0227 , H04L12/4641 , H04L63/10 , H04L63/1433 , H04L63/20 , H04L67/025
摘要: A system, method, and apparatus are directed to managing access to a network. An agent may intercept a network packet transmitted by an enforcement point in response to a request from a device to join the network. The agent identifies, based on the network packet, a port number on the enforcement point at which the request is received. The agent may transmit the port number to a NACA to enable security enforcement operations to be performed on the device. Another device may reside outside the quarantined network and be enabled by the NACA to direct a remediation measure to be performed on the device using at least the port number. The NACA may spoof an ARP response with an address of the NACA to restrict access to resources. The NACA may also place the device into one of a plurality of quarantined networks.
摘要翻译: 系统,方法和装置被引导以管理对网络的访问。 代理可以响应于来自设备加入网络的请求来拦截由执行点发送的网络分组。 代理根据网络数据包识别接收请求的执行点上的端口号。 代理可以将端口号发送到NACA,以便在设备上执行安全执行操作。 另一个设备可能驻留在隔离网络之外,并由NACA启用以使用至少端口号在设备上执行修复措施。 NACA可能会使用NACA的地址欺骗ARP响应,以限制对资源的访问。 NACA还可以将设备放置在多个隔离网络中的一个中。
-
公开(公告)号:US08477609B1
公开(公告)日:2013-07-02
申请号:US12723576
申请日:2010-03-12
CPC分类号: H04L12/4641 , H04L47/10 , H04L47/125 , H04L47/2441
摘要: Distributing network traffic to multiple traffic management devices. A distributor receives packets from a network and may act as a layer 2 switch or router, to distribute the packet to one of a group of traffic management devices. The distributor may receive packets from servers that the traffic management devices are managing communications to. When distributing packets to traffic management devices, information may be used to determine which traffic management device each packet should be sent to. The distributor causes packets in a flow to be delivered to the same traffic management device. Many configurations are possible for connecting the distributor to the traffic management devices, including connecting each traffic management device to a physical or virtual port on the distributor, connecting the traffic management devices to the distributor using a virtual local area network, and connecting the traffic management devices to a layer 2 switch.
摘要翻译: 将网络流量分配到多个流量管理设备。 分发者从网络接收分组,并且可以充当二层交换机或路由器,以将分组分发到一组流量管理设备中。 分发者可以从流量管理设备管理通信的服务器接收数据包。 当向流量管理设备分发数据包时,可以使用信息来确定每个数据包应该发送到哪个流量管理设备。 分发器将流中的数据包传送到相同的流量管理设备。 许多配置可能用于将分发器连接到流量管理设备,包括将每个流量管理设备连接到分发器上的物理或虚拟端口,使用虚拟局域网将流量管理设备连接到分发者,并且连接流量管理 设备到第2层交换机。
-
5.发明申请公开(公告)号:US20130091534A1
公开(公告)日:2013-04-11
申请号:US11461321
申请日:2006-07-31
IPC分类号: H04L29/06
CPC分类号: H04L63/0227 , H04L12/4641 , H04L63/10 , H04L63/1433 , H04L63/20 , H04L67/025
摘要: A system, method, and apparatus are directed to managing access to a network. An agent may intercept a network packet transmitted by an enforcement point in response to a request from a device to join the network. The agent identifies, based on the network packet, a port number on the enforcement point at which the request is received. The agent may transmit the port number to a NACA to enable security enforcement operations to be performed on the device. Another device may reside outside the quarantined network and be enabled by the NACA to direct a remediation measure to be performed on the device using at least the port number. The NACA may spoof an ARP response with an address of the NACA to restrict access to resources. The NACA may also place the device into one of a plurality of quarantined networks.
摘要翻译: 系统,方法和装置被引导以管理对网络的访问。 代理可以响应于来自设备加入网络的请求来拦截由执行点发送的网络分组。 代理根据网络数据包识别接收请求的执行点上的端口号。 代理可以将端口号发送到NACA,以便在设备上执行安全执行操作。 另一个设备可能驻留在隔离网络之外,并由NACA启用以使用至少端口号在设备上执行修复措施。 NACA可能会使用NACA的地址欺骗ARP响应,以限制对资源的访问。 NACA还可以将设备放置在多个隔离网络中的一个中。
-
6.发明授权公开(公告)号:US07996886B1
公开(公告)日:2011-08-09
申请号:US12234592
申请日:2008-09-19
IPC分类号: G06F7/04
CPC分类号: H04L9/3263 , H04L63/0823 , H04L63/166 , H04L2209/56 , H04L2209/76 , H04L2209/805
摘要: A system and method for providing persistence in a secure network access by using a client certificate sent by a client device to maintain the identity of a target. A security handshake is performed with a client device to establish a secure session. A target is determined. A client certificate is associated with the target. During subsequent secure sessions, the client certificate is used to maintain persistent communications between the client and a target. A session ID can be used in combination with the client certificate, by identifying the target based on the session ID or the client certificate, depending on which one is available in a client message.
摘要翻译: 一种用于通过使用由客户端设备发送的客户端证书来保持目标的身份来在安全网络访问中提供持久性的系统和方法。 使用客户端设备执行安全握手以建立安全会话。 确定目标。 客户端证书与目标相关联。 在后续安全会话期间,客户端证书用于维护客户端和目标客户端之间的持续通信。 会话ID可以与客户端证书结合使用,根据会话ID或客户端证书来识别目标,具体取决于客户端消息中哪个可用。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.018 秒)
