Distributed intrusion response system
    1.
    发明授权
    Distributed intrusion response system 有权
    分布式入侵响应系统

    公开(公告)号:US07581249B2

    公开(公告)日:2009-08-25

    申请号:US10713560

    申请日:2003-11-14

    IPC分类号: G06F11/00 G06F21/00

    摘要: A system and method to respond to intrusions detected on a network system including attached functions and a network infrastructure. The system includes means for receiving from an intrusion detection function information about intrusions, a directory service function for gathering and reporting at least the physical and logical addresses of devices of the network infrastructure associated with the detected intrusions, and a plurality of distributed enforcement devices of the network infrastructure for enforcing policies responsive to the detected intrusions. A policy decision function evaluates the reported detected intrusions and makes a determination whether one or more policy changes are required on the enforcement devices in response to a detected intrusion. A policy manager function configures the distributed enforcement devices with the responsive changed policy or policies. Policy changes rules can vary from no change to complete port blocking on one or more identified enforcement devices associated with the detected intrusion, to redirecting the associated traffic including the intrusion and these policies may be modified or removed over time as warranted by network operation.

    摘要翻译: 一种用于响应在包括附加功能和网络基础设施的网络系统上检测到的入侵的系统和方法。 该系统包括用于从入侵检测功能接收关于入侵的信息的装置,用于收集和报告至少与检测到的入侵相关联的网络基础设施的物理和逻辑地址的目录服务功能的装置,以及多个分布式执行装置 用于执行响应于检测到的入侵的策略的网络基础设施。 策略决策功能评估报告的检测到的入侵,并且确定是否需要在执行设备上响应于检测到的入侵而需要进行一个或多个策略改变。 策略管理器功能使用响应更改的策略或策略配置分布式强制实施设备。 策略更改规则可以在与检测到的入侵相关联的一个或多个识别的强制设备上的完全端口阻塞之间变化到完全端口阻塞,重定向包括入侵的相关联的流量,并且这些策略可以随着网络操作的保证而被修改或删除。

    Distributed intrusion response system
    2.
    发明申请
    Distributed intrusion response system 有权
    分布式入侵响应系统

    公开(公告)号:US20050108568A1

    公开(公告)日:2005-05-19

    申请号:US10713560

    申请日:2003-11-14

    摘要: A system and method to respond to intrusions detected on a network system including attached functions and a network infrastructure. The system includes means for receiving from an intrusion detection function information about intrusions, a directory service function for gathering and reporting at least the physical and logical addresses of devices of the network infrastructure associated with the detected intrusions, and a plurality of distributed enforcement devices of the network infrastructure for enforcing policies responsive to the detected intrusions. A policy decision function evaluates the reported detected intrusions and makes a determination whether one or more policy changes are required on the enforcement devices in response to a detected intrusion. A policy manager function configures the distributed enforcement devices with the responsive changed policy or policies. Policy changes rules can vary from no change to complete port blocking on one or more identified enforcement devices associated with the detected intrusion, to redirecting the associated traffic including the intrusion and these policies may be modified or removed over time as warranted by network operation.

    摘要翻译: 用于响应在包括附加功能和网络基础设施的网络系统上检测到的入侵的系统和方法。 该系统包括用于从入侵检测功能接收关于入侵的信息的装置,用于收集和报告至少与检测到的入侵相关联的网络基础设施的物理和逻辑地址的目录服务功能的装置,以及多个分布式执行装置 用于执行响应于检测到的入侵的策略的网络基础设施。 策略决策功能评估报告的检测到的入侵,并且确定是否需要在执行设备上响应于检测到的入侵而需要进行一个或多个策略改变。 策略管理器功能使用响应更改的策略或策略配置分布式强制实施设备。 策略更改规则可以在与检测到的入侵相关联的一个或多个识别的强制设备上的完全端口阻塞之间变化到完全端口阻塞,重定向包括入侵的相关联的流量,并且这些策略可以随着网络操作的保证而被修改或删除。

    System and method for rapid response network policy implementation
    4.
    发明申请
    System and method for rapid response network policy implementation 审中-公开
    快速响应网络策略实施的系统和方法

    公开(公告)号:US20060048142A1

    公开(公告)日:2006-03-02

    申请号:US10932824

    申请日:2004-09-02

    IPC分类号: G06F9/445

    摘要: A system and method for rapidly responding to triggering events or activities in a network system. The system includes a policy enforcement function, a policy manager function, and one or more network devices of the network system. The policy enforcement function includes one or more installed policy sets and/or policy enforcement rule sets suitably responsive to triggering events or activities. Upon detection of a trigger, the policy manager function analyzes the trigger and selects one or more appropriate policy sets and/or policy enforcement rule sets deemed to be responsive to the trigger. Each set has a unique rapid response identifier. The policy manager function signals for implementation of the one or more policy and/or rule sets, based on one or more rapid response identifiers, which are enforced through the policy enforcement function. The policy enforcement function may be a part of one or more of the one or more network infrastructure devices for implementing the policy change. The system and method enable rapid response to a detected trigger (which might be a manual input) by pre-installing responsive policy and/or rule sets first and then generating and transmitting the unique rapid response identifier(s) corresponding to one or more selected policy and/or rule sets for implementation. That is, the network device is already configured with a response through the pre-installed policy and/or rule sets. Responses may be implemented and/or removed gradually, and different network devices may be instructed to implement different policies in response to the same trigger and the same policy may be implemented with different policy enforcement rules on different devices, ports, or interfaces.

    摘要翻译: 一种用于在网络系统中快速响应触发事件或活动的系统和方法。 系统包括策略执行功能,策略管理器功能以及网络系统的一个或多个网络设备。 策略执行功能包括适合于触发事件或活动的一个或多个安装的策略集和/或策略强制规则集。 在检测到触发器时,策略管理器功能分析触发器并且选择被认为对触发器响应的一个或多个适当的策略集和/或策略执行规则集。 每组具有独特的快速响应标识符。 策略管理器功能基于通过策略执行功能强制执行的一个或多个快速响应标识符发出信号,用于实现一个或多个策略和/或规则集。 策略实施功能可以是用于实现策略改变的一个或多个网络基础设施设备中的一个或多个的一部分。 该系统和方法能够通过首先预先安排响应策略和/或规则集,然后生成和发送对应于一个或多个所选择的唯一快速响应标识符来实现对检测到的触发(其可能是手动输入)的快速响应 政策和/或规则实施。 也就是说,网络设备已经通过预先安装的策略和/或规则集配置了响应。 可以逐渐实现和/或删除响应,并且可以指示不同的网络设备响应于相同的触发来实现不同的策略,并且可以在不同的设备,端口或接口上使用不同的策略执行规则来实现相同的策略。

    System, method and apparatus for traffic mirror setup, service and security in communication networks
    7.
    发明申请
    System, method and apparatus for traffic mirror setup, service and security in communication networks 有权
    通信网络中的流镜像设置,业务和安全性的系统,方法和装置

    公开(公告)号:US20060059163A1

    公开(公告)日:2006-03-16

    申请号:US11208372

    申请日:2005-08-19

    IPC分类号: G06F17/30

    摘要: The present invention provides method and systems for dynamically mirroring network traffic. The mirroring of network traffic may comprise data that may be considered of particular interest. The network traffic may be mirrored by a mirror service portal from a mirror sender, referred to as a mirror source, to a mirror receiver, referred to as a mirror destination, locally or remotely over various network segments, such as private and public networks and the Internet. The network traffic may be mirrored to locations not involved in the network communications being mirrored. The present invention provides various techniques for dynamically mirroring data contained in the network traffic from a mirror source to a mirror destination.

    摘要翻译: 本发明提供了用于动态镜像网络业务的方法和系统。 网络流量的镜像可以包括可被认为特别感兴趣的数据。 网络流量可以由镜像服务门户从称为镜像源的镜像服务器镜像到本地或远程通过各种网段(如私有和公共网络)的镜像接收器(称为镜像目的地),以及 互联网。 可以将网络流量镜像到不涉及正在镜像的网络通信中的位置。 本发明提供了用于动态镜像从镜像源到镜像目的地的网络流量中包含的数据的各种技术。

    Method for network traffic mirroring with data privacy
    8.
    发明申请
    Method for network traffic mirroring with data privacy 有权
    网络流量镜像与数据隐私的方法

    公开(公告)号:US20050278565A1

    公开(公告)日:2005-12-15

    申请号:US11075936

    申请日:2005-03-08

    摘要: Systems and methods are provided for preserving the privacy of data contained in mirrored network traffic. The mirrored network traffic may comprise data that may be considered confidential, privileged, private, or otherwise sensitive data. For example, the data payload of a frame of mirrored network traffic may include private Voice over IP (VoIP) communications between users on one or more networks. The present invention provides various techniques for securing the privacy of data contained in the mirrored network traffic. Using the techniques of the present invention, network traffic comprising confidential, privileged, private, or otherwise sensitive data may be mirrored in such a manner as to provide for the privacy of such data over at least a portion if not all of the mirrored communications between the mirror source point and the mirror destination point.

    摘要翻译: 提供了系统和方法,用于保护镜像网络流量中包含的数据的隐私。 镜像网络流量可以包括可被认为是机密,特权,私有或其他敏感数据的数据。 例如,镜像网络业务帧的数据有效载荷可以包括在一个或多个网络上的用户之间的专用IP语音(VoIP)通信。 本发明提供了用于保护包含在镜像网络业务中的数据的隐私的各种技术。 使用本发明的技术,包括机密,特权,私有或其他敏感数据的网络业务可以以这样的方式被镜像,以便通过至少一部分(如果不是全部)的所有镜像通信提供这种数据的隐私, 镜像源点和镜像目标点。

    Method and apparatus of virtual class of service and logical queue representation through network traffic distribution over multiple port interfaces
    10.
    发明授权
    Method and apparatus of virtual class of service and logical queue representation through network traffic distribution over multiple port interfaces 有权
    通过多个端口接口的网络流量分配,虚拟服务类和逻辑队列表示的方法和装置

    公开(公告)号:US07936770B1

    公开(公告)日:2011-05-03

    申请号:US11371990

    申请日:2006-03-08

    IPC分类号: H04L21/28

    CPC分类号: H04L47/6215 H04L49/90

    摘要: A method and apparatus are provided that allows for the representation of a larger number of classes of network traffic and logical queues than is physically available on a per port basis within a network device. A number of logical queues, whose number can match the number of classes of network traffic a network device handles, may be supported across an aggregated set of ports even though the network device has fewer physical queues per port than there are classes of network traffic. The method and apparatus improve the management of network traffic sensitive to time delay and jitter, and further facilitates the operation of these applications in a simultaneous or near simultaneous manner.

    摘要翻译: 提供了一种方法和装置,其允许比在网络设备内每个端口的物理上可用的更多数量的网络流量和逻辑队列的表示。 即使网络设备每个端口的物理队列数少于网络流量类别,也可以跨越一组聚合端口来支持多个逻辑队列,其数量可以匹配网络设备处理的网络流量的数量。 该方法和装置改善对时间延迟和抖动敏感的网络业务的管理,并且进一步促进了这些应用以同时或接近同时的方式的操作。