-
公开(公告)号:US09237027B2
公开(公告)日:2016-01-12
申请号:US13828546
申请日:2013-03-14
发明人: Daniel Joseph Ellard , Alden Warren Jackson , Christine Elaine Jones , Josh Forrest Karlin , Victoria Ursula Manfredi , David Patrick Mankins , William Timothy Strayer
IPC分类号: G06F15/16 , G06F15/173 , H04L12/24
CPC分类号: H04L63/20 , H04L12/24 , H04L41/00 , H04L51/12 , H04L51/28 , H04L61/1511 , H04L61/2539 , H04L63/02 , H04L63/0236 , H04L67/104
摘要: Systems and methods for protecting a network including preventing data traffic from exiting the network unless a domain name request has been performed by a device attempting to transmit the data traffic. In an embodiment, a device within the protected network attempting to send data outside the protected network requests an address for a destination outside the protected network from a domain name server (DNS). In response, the DNS provides an address of the destination to the device and a gateway. In response to receiving the address, the gateway temporarily allows access to the address. In an embodiment, a DNS is coupled to a protected network and the gateway, the DNS provides an external address to a device in response to a request; and a mapping to the gateway; the gateway, coupled to a protected network and an external network, allows traffic according to the mapping.
摘要翻译: 用于保护网络的系统和方法,包括防止数据流量离开网络,除非域名请求已被尝试发送数据业务的设备执行。 在一个实施例中,受保护网络内尝试在受保护网络外发送数据的设备向域名服务器(DNS)请求受保护网络外的目标地址。 作为响应,DNS向设备和网关提供目的地的地址。 响应于接收地址,网关临时允许访问地址。 在一个实施例中,DNS被耦合到受保护的网络和网关,DNS响应于请求向设备提供外部地址; 和映射到网关; 耦合到受保护网络和外部网络的网关允许根据映射的流量。
-
公开(公告)号:US20150358279A1
公开(公告)日:2015-12-10
申请号:US13828427
申请日:2013-03-14
发明人: Daniel Joseph Ellard , Alden Warren Jackson , Christine Elaine Jones , Josh Forrest Karlin , Victoria Ursula Manfredi , David Patrick Mankins , William Timothy Strayer
CPC分类号: H04L63/20 , H04L12/24 , H04L41/00 , H04L51/12 , H04L51/28 , H04L61/1511 , H04L61/2539 , H04L63/02 , H04L63/0236 , H04L67/104
摘要: Systems and methods for protecting a network including providing a mapping between internal addresses as seen by devices of the protected network and external addresses; providing devices with a mapped address for a destination in response to a lookup request; rewriting, at a gateway, destination addresses of packets exiting the protected network based on the mapping; and rewriting, at the destination-network gateway, source addresses of packets entering the protected network based on the mapping. Embodiments include a gateway coupled to a protected network, an external network, and a name server. The name server, in response to a hostname lookup request, configured to provide a network device with the internal address; and the gateway with a mapping including the internal address, the addresses of the device, and the hostname. The gateway configured to rewrite destination addresses of outbound packets, and source addresses of inbound packets, based on the mapping.
摘要翻译: 用于保护网络的系统和方法,包括提供受保护网络的设备和外部地址所看到的内部地址之间的映射; 向设备提供响应于查找请求的目的地的映射地址; 在网关处,基于所述映射重写退出所述受保护网络的分组的目的地址; 并且在目的网络网关处根据映射重写进入受保护网络的分组的源地址。 实施例包括耦合到受保护网络的网关,外部网络和名称服务器。 响应于主机名查找请求,所述名称服务器被配置为向网络设备提供所述内部地址; 网关具有映射,包括内部地址,设备地址和主机名。 网关配置为根据映射重写出站报文的目的地址和入方向报文的源地址。
-
公开(公告)号:US09723023B2
公开(公告)日:2017-08-01
申请号:US13828427
申请日:2013-03-14
发明人: Daniel Joseph Ellard , Alden Warren Jackson , Christine Elaine Jones , Josh Forrest Karlin , Victoria Ursula Manfredi , David Patrick Mankins , William Timothy Strayer
CPC分类号: H04L63/20 , H04L12/24 , H04L41/00 , H04L51/12 , H04L51/28 , H04L61/1511 , H04L61/2539 , H04L63/02 , H04L63/0236 , H04L67/104
摘要: Systems and methods for protecting a network including providing a mapping between internal addresses as seen by devices of the protected network and external addresses; providing devices with a mapped address for a destination in response to a lookup request; rewriting, at a gateway, destination addresses of packets exiting the protected network based on the mapping; and rewriting, at the destination-network gateway, source addresses of packets entering the protected network based on the mapping. Embodiments include a gateway coupled to a protected network, an external network, and a name server. The name server, in response to a hostname lookup request, configured to provide a network device with the internal address; and the gateway with a mapping including the internal address, the addresses of the device, and the hostname. The gateway configured to rewrite destination addresses of outbound packets, and source addresses of inbound packets, based on the mapping.
-
公开(公告)号:US20150358285A1
公开(公告)日:2015-12-10
申请号:US13828546
申请日:2013-03-14
发明人: Daniel Joseph Ellard , Alden Warren Jackson , Christine Elaine Jones , Josh Forrest Karlin , Victoria Ursula Manfredi , David Patrick Mankins , William Timothy Strayer
CPC分类号: H04L63/20 , H04L12/24 , H04L41/00 , H04L51/12 , H04L51/28 , H04L61/1511 , H04L61/2539 , H04L63/02 , H04L63/0236 , H04L67/104
摘要: Systems and methods for protecting a network including preventing data traffic from exiting the network unless a domain name request has been performed by a device attempting to transmit the data traffic. In an embodiment, a device within the protected network attempting to send data outside the protected network requests an address for a destination outside the protected network from a domain name server (DNS). In response, the DNS provides an address of the destination to the device and a gateway. In response to receiving the address, the gateway temporarily allows access to the address. In an embodiment, a DNS is coupled to a protected network and the gateway, the DNS provides an external address to a device in response to a request; and a mapping to the gateway; the gateway, coupled to a protected network and an external network, allows traffic according to the mapping.
摘要翻译: 用于保护网络的系统和方法,包括防止数据流量离开网络,除非域名请求已被尝试发送数据业务的设备执行。 在一个实施例中,受保护网络内尝试在受保护网络外发送数据的设备向域名服务器(DNS)请求受保护网络外的目标地址。 作为响应,DNS向设备和网关提供目的地的地址。 响应于接收地址,网关临时允许访问地址。 在一个实施例中,DNS被耦合到受保护的网络和网关,DNS响应于请求向设备提供外部地址; 和映射到网关; 耦合到受保护网络和外部网络的网关允许根据映射的流量。
-
-
-
搜索结果
4 条记录 (耗时 0.013 秒)
