-
1.发明申请公开(公告)号:US20080060076A1
公开(公告)日:2008-03-06
申请号:US11877496
申请日:2007-10-23
申请人: Evan Webb , Christopher Boscolo , Robert Gilde
发明人: Evan Webb , Christopher Boscolo , Robert Gilde
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L63/1408 , H04L63/1441 , H04L63/20
摘要: An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device's audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.
摘要翻译: 一种装置,系统和方法旨在实际上同时实现来自多个网络有利位置的网络漏洞的审计。 多个网络优势点可以包括但不限于远程/分支企业站点,企业周边的设备,安全边界的任一侧,甚至通过安全边界。 在一个实施例中,审计员执行反映的审计,从而延长对网络漏洞的审计,以提供对内部,外部和远程企业网络站点的全面360度审计。 在一个实施例中,可以使用单个审核设备来实现本发明,以及被配置为扩展审计设备的审计范围的一个或多个审计扩展设备。 审计设备和一个或多个审计扩展设备可以使用加密的网络信道通过安全边界和/或跨多个网络进行通信。
-
公开(公告)号:US20060164199A1
公开(公告)日:2006-07-27
申请号:US11336692
申请日:2006-01-19
申请人: Robert Gilde , Xin Shen
发明人: Robert Gilde , Xin Shen
IPC分类号: H01F27/24
CPC分类号: H04L63/10 , H04L12/4641 , H04L63/1408 , H04L63/1433 , H04L67/025
摘要: An apparatus, system, and method for managing dynamic network access control. The invention provides services and controlled network access that includes quarantining nodes so that they may be identified, audited, and provided an opportunity to be brought into compliance with a security policy. The invention is configured to detect a device seeking to join the network, and determine if the device is allowed to join the network. If the invention determines that the device is not to be allowed, the device may be quarantined using a VLAN. The suspect device may then be audited for vulnerabilities. If vulnerabilities are identified, remediation may be employed to guide the suspect device, a user, and/or administrator of the suspect device towards a resolution of the vulnerabilities, such that the device may be reconfigured for acceptance onto the network.
摘要翻译: 一种用于管理动态网络访问控制的设备,系统和方法。 本发明提供了包括隔离节点的服务和受控网络访问,使得它们可以被识别,审计,并且提供了符合安全策略的机会。 本发明被配置为检测寻求加入网络的设备,并且确定设备是否被允许加入网络。 如果发明确定不允许设备,则可以使用VLAN隔离该设备。 然后可以对可疑设备进行审计以获取漏洞。 如果识别到漏洞,则可以采用修复来引导可疑设备的可疑设备,用户和/或管理员来解决这些漏洞,使得设备可以被重新配置以便接收到网络上。
-
公开(公告)号:US20060161653A1
公开(公告)日:2006-07-20
申请号:US11331776
申请日:2006-01-13
申请人: Evan Webb , Christopher Boscolo , Robert Gilde
发明人: Evan Webb , Christopher Boscolo , Robert Gilde
IPC分类号: G06F15/173
CPC分类号: H04L63/1433 , G06F21/577 , H04L63/1408 , H04L63/1441 , H04L63/20
摘要: An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device's audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.
-
4.发明授权Network appliance for vulnerability assessment auditing over multiple networks 有权用于通过多个网络进行漏洞评估审核的网络设备公开(公告)号:US07310669B2
公开(公告)日:2007-12-18
申请号:US11331776
申请日:2006-01-13
IPC分类号: G06F15/173 , H04L9/00 , G06F11/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L63/1408 , H04L63/1441 , H04L63/20
摘要: An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device's audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.
摘要翻译: 一种装置,系统和方法旨在实际上同时实现来自多个网络有利位置的网络漏洞的审计。 多个网络优势点可以包括但不限于远程/分支企业站点,企业周边的设备,安全边界的任一侧,甚至通过安全边界。 在一个实施例中,审计员执行反映的审计,从而延长对网络漏洞的审计,以提供对内部,外部和远程企业网络站点的全面360度审计。 在一个实施例中,可以使用单个审核设备来实现本发明,以及被配置为扩展审计设备的审计范围的一个或多个审计扩展设备。 审计设备和一个或多个审计扩展设备可以使用加密的网络信道通过安全边界和/或跨多个网络进行通信。
-
5.发明申请公开(公告)号:US20130091534A1
公开(公告)日:2013-04-11
申请号:US11461321
申请日:2006-07-31
IPC分类号: H04L29/06
CPC分类号: H04L63/0227 , H04L12/4641 , H04L63/10 , H04L63/1433 , H04L63/20 , H04L67/025
摘要: A system, method, and apparatus are directed to managing access to a network. An agent may intercept a network packet transmitted by an enforcement point in response to a request from a device to join the network. The agent identifies, based on the network packet, a port number on the enforcement point at which the request is received. The agent may transmit the port number to a NACA to enable security enforcement operations to be performed on the device. Another device may reside outside the quarantined network and be enabled by the NACA to direct a remediation measure to be performed on the device using at least the port number. The NACA may spoof an ARP response with an address of the NACA to restrict access to resources. The NACA may also place the device into one of a plurality of quarantined networks.
摘要翻译: 系统,方法和装置被引导以管理对网络的访问。 代理可以响应于来自设备加入网络的请求来拦截由执行点发送的网络分组。 代理根据网络数据包识别接收请求的执行点上的端口号。 代理可以将端口号发送到NACA,以便在设备上执行安全执行操作。 另一个设备可能驻留在隔离网络之外,并由NACA启用以使用至少端口号在设备上执行修复措施。 NACA可能会使用NACA的地址欺骗ARP响应,以限制对资源的访问。 NACA还可以将设备放置在多个隔离网络中的一个中。
-
公开(公告)号:US20060168648A1
公开(公告)日:2006-07-27
申请号:US11337408
申请日:2006-01-23
申请人: Alexandru Vank , Xin Shen , Matt Cobb , Brad Robel-Forrest , Evan Webb
发明人: Alexandru Vank , Xin Shen , Matt Cobb , Brad Robel-Forrest , Evan Webb
CPC分类号: H04L63/205 , H04L63/08 , H04L63/10 , H04L63/162 , H04L63/20
摘要: The invention enables a client device that does not support IEEE 802.1X authentication to access at least some resources provided through a switch that supports 802.1X authentication by using dynamic authentication with different protocols. When the client device attempts to join a network, the switch monitors for an 802.1X authentication message from the client device. In one embodiment, if the client fails to send an 802.1X authentication message, respond to an 802.1X request from the switch, or a predefined failure condition is detected the client may be deemed incapable of supporting 802.1X authentication. In one embodiment, the client may be initially placed on a quarantine VLAN after determination that the client fails to perform an 802.1X authentication within a backoff time limit. However, the client may still gain access to resources based on various non-802.1X authentication mechanisms, including name/passwords, digital certificates, or the like.
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.013 秒)
