公开(公告)号：US5884025A

公开(公告)日：1999-03-16

申请号：US795373

申请日：1997-02-04

申请人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

发明人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

IPC分类号： G06F13/00 ,  H04L29/06 ,  H04L9/00 ,  G06F15/163

CPC分类号： H04L63/0236

摘要： A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.

摘要翻译： 一种用于筛选在诸如专用网络的被保护网络之间传送的数据分组和诸如公共网络的另一网络之间的数据分组的系统。 该系统包括具有多个（具体为三个）类型的网络端口的专用计算机：一个连接到每个私有和公共网络，以及一个连接到代理网络，其包含预定数量的主机和服务，其中一些 可能会反映在专用网络中发现的一个子集。 代理网络与专用网络隔离，因此不能作为入侵者的跳点使用。 根据其内容，状态信息和其他标准（包括其源和目的地），屏幕上接收到的数据包（进入或离开专用网络中的主机）被过滤，并且屏幕采取行动，这取决于 过滤阶段。 可以允许数据包通过或不改变其数据，IP（因特网协议）地址等，或者可以丢弃具有或不发送到分组的发送者的错误消息。 可以向代理网络上的主机发送或不进行分组，该主机执行由给定分组指定的预期目的地主机的一些或全部功能。 通过分组而不添加与筛选系统相关的任何网络地址，允许筛选系统在不被该地址识别的情况下起作用，因此更难以将其定位为IP实体。 由入侵者

公开(公告)号：US5878231A

公开(公告)日：1999-03-02

申请号：US795374

申请日：1997-02-04

申请人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

发明人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

IPC分类号： G06F13/00 ,  H04L29/06 ,  G06F13/38 ,  G06F15/17

CPC分类号： H04L63/0236

摘要： A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.

摘要翻译： 一种用于筛选在诸如专用网络的被保护网络之间传送的数据分组和诸如公共网络的另一网络之间的数据分组的系统。 该系统包括具有多个（具体为三个）类型的网络端口的专用计算机：一个连接到每个私有和公共网络，以及一个连接到代理网络，其包含预定数量的主机和服务，其中一些 可能会反映在专用网络中发现的一个子集。 代理网络与专用网络隔离，因此不能作为入侵者的跳点使用。 根据其内容，状态信息和其他标准（包括其源和目的地），屏幕上接收到的数据包（进入或离开专用网络中的主机）被过滤，并且屏幕采取行动，这取决于 过滤阶段。 可以允许数据包通过或不改变其数据，IP（因特网协议）地址等，或者可以丢弃具有或不发送到分组的发送者的错误消息。 可以向代理网络上的主机发送或不进行分组，该主机执行由给定分组指定的预期目的地主机的一些或全部功能。 通过分组而不添加与筛选系统相关的任何网络地址，允许筛选系统在不被该地址识别的情况下起作用，因此更难以将其定位为IP实体。 由入侵者

公开(公告)号：US5802320A

公开(公告)日：1998-09-01

申请号：US444351

申请日：1995-05-18

申请人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

发明人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

IPC分类号： G06F13/00 ,  H04L29/06 ,  G06F15/163

CPC分类号： H04L63/0236

摘要： A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.

公开(公告)号：US20080271018A1

公开(公告)日：2008-10-30

申请号：US11772673

申请日：2007-07-02

申请人： Andrew Gross ,  Carolyn Turbyfill ,  John Clemens ,  Letitia Larry

发明人： Andrew Gross ,  Carolyn Turbyfill ,  John Clemens ,  Letitia Larry

IPC分类号： G06F9/455

CPC分类号： G06F21/577

摘要： An assurance system for creating and evaluating a plurality of virtual application environments that emulate and evaluate a plurality of target systems. Information such as network configuration, interface information, and software packages or subsystems are imported into the virtual application environments. The assurance system may be used for purposes of testing, and delivering comprehensive reports of the likely results on the target systems based on results from the virtual application environments, including such things as configuration changes to the environments, environment load and stress conditions, environment security, software installation to the environments, and performance levels of the environments among other things.

摘要翻译： 一种用于创建和评估模拟和评估多个目标系统的多个虚拟应用环境的保证系统。 诸如网络配置，接口信息和软件包或子系统之类的信息被导入到虚拟应用环境中。 保证系统可以用于测试，并根据虚拟应用环境的结果，提供目标系统上可能的结果的综合报告，包括对环境的配置更改，环境负载和压力条件，环境安全性 ，软件安装到环境，以及其他环境的性能水平。

公开(公告)号：US20080270104A1

公开(公告)日：2008-10-30

申请号：US11772667

申请日：2007-07-02

申请人： Robert J. Stratton ,  John Hawley ,  Andrew Gross ,  Carolyn Turbyfill ,  John Clemens

发明人： Robert J. Stratton ,  John Hawley ,  Andrew Gross ,  Carolyn Turbyfill ,  John Clemens

IPC分类号： G06F9/455

CPC分类号： G06F21/577

摘要： An assurance system for evaluating a target application environment using a mixed environment including a virtual environment and the target environment. The assurance system emulates and evaluates the target environment. Information such as network configuration, interface information, and software packages or subsystems are imported into the virtual application environment. The assurance system may be used for purposes of testing, and delivering comprehensive reports of the likely results on the target system based on a comparison of the virtual application environment to the target environment, including such things as configuration changes to the environment, environment load and stress conditions, environment security, software installation to the environment, and environment performance levels among other things.

摘要翻译： 一种使用包括虚拟环境和目标环境在内的混合环境来评估目标应用环境的保证系统。 保证系统模拟和评估目标环境。 诸如网络配置，接口信息，软件包或子系统等信息被导入到虚拟应用环境中。 保证系统可以用于测试，并根据虚拟应用环境与目标环境的比较，提供目标系统上可能的结果的综合报告，包括对环境的配置更改，环境负载和 应力条件，环境安全，软件安装到环境以及环境绩效等方面。

公开(公告)号：US20080271025A1

公开(公告)日：2008-10-30

申请号：US11948441

申请日：2007-11-30

申请人： Andrew Gross ,  John Clemens ,  Carolyn Turbyfill

发明人： Andrew Gross ,  John Clemens ,  Carolyn Turbyfill

IPC分类号： G06F9/50

CPC分类号： G06F11/368 ,  G06F11/3051 ,  G06F21/577

摘要： An assurance system for testing the functionality of a computer system by creating an overlay of the computer system and routing selected traffic to the overlay while assessing the performance of the system. The system may be used for purposes of managing the testing of the computer system and delivery of comprehensive reports of the likely results on the computer system based on results generated by the assurance system, including such things as configuration changes to the environment, environment load and stress conditions, environment security, software installation to the environment, and environment performance levels among other things.

摘要翻译： 一种保证系统，用于通过在评估系统的性能的同时创建计算机系统的覆盖层并将选定的流量路由到覆盖层来测试计算机系统的功能。 该系统可以用于管理计算机系统的测试和基于保证系统生成的结果在计算机系统上提供可能结果的综合报告，包括对环境的配置改变，环境负荷和 应力条件，环境安全，软件安装到环境以及环境绩效等方面。

公开(公告)号：US20080271019A1

公开(公告)日：2008-10-30

申请号：US11772679

申请日：2007-07-02

申请人： Robert J. Stratton ,  John Hawley ,  Andrew Gross ,  Carolyn Turbyfill ,  John Clemens

发明人： Robert J. Stratton ,  John Hawley ,  Andrew Gross ,  Carolyn Turbyfill ,  John Clemens

IPC分类号： G06F9/455

CPC分类号： G06F21/577

摘要： An assurance system for creating and evaluating a virtual application environment that emulates and evaluates a target system. Information such as network configuration, interface information, and software packages or subsystems are imported into the virtual application environment. The assurance system may be used for purposes of testing, and delivering comprehensive reports of the likely results on the target system based on results from the virtual application environment, including such things as configuration changes to the environment, environment load and stress conditions, environment security, software installation to the environment, and environment performance levels among other things.

摘要翻译： 用于创建和评估模拟和评估目标系统的虚拟应用程序环境的保证系统。 诸如网络配置，接口信息，软件包或子系统等信息被导入到虚拟应用环境中。 保证系统可以用于测试，并根据虚拟应用环境的结果，提供关于目标系统可能结果的综合报告，包括对环境的配置更改，环境负载和压力条件，环境安全性 软件安装到环境以及环境绩效等方面。