WO2005107296A8 - Network security system - Google Patents

Network security system

Info

Publication number
WO2005107296A8
WO2005107296A8 PCT/US2005/011899 US2005011899W WO2005107296A8 WO 2005107296 A8 WO2005107296 A8 WO 2005107296A8 US 2005011899 W US2005011899 W US 2005011899W WO 2005107296 A8 WO2005107296 A8 WO 2005107296A8
Authority
WO
WIPO (PCT)
Prior art keywords
network
security system
accessible service
network security
communication request
Prior art date
Application number
PCT/US2005/011899
Other languages
French (fr)
Other versions
WO2005107296A3 (en
WO2005107296A2 (en
Inventor
Brian Dinello
Donald Ii Gray
Original Assignee
Vigilantminds Inc
Brian Dinello
Donald Ii Gray
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vigilantminds Inc, Brian Dinello, Donald Ii Gray filed Critical Vigilantminds Inc
Publication of WO2005107296A2 publication Critical patent/WO2005107296A2/en
Publication of WO2005107296A8 publication Critical patent/WO2005107296A8/en
Publication of WO2005107296A3 publication Critical patent/WO2005107296A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]

Abstract

Methods and systems for preventing unacceptable communication requests from being transmitted to a network-accessible service are disclosed. A domain name server for a local network including a network-accessible service returns an address for a network security system remote from the local network in response to a request for the address of the network-accessible service. The network security system processes communication requests directed to the network-accessible service to determine whether the communication request is a network intrusion attempt. If so, the network security system performs a network intrusion prevention technique, such as discarding the communication request, generating an alert or message or storing at least a portion of the communication request. Otherwise, the network security system forwards the communication request to the network-accessible service. A firewall on the local network may discard requests destined for the network-accessible service unless the source address equals a public address of the network security system.
PCT/US2005/011899 2004-04-19 2005-04-07 Network security system WO2005107296A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US56343704P 2004-04-19 2004-04-19
US60/563,437 2004-04-19
US10/918,171 US7673049B2 (en) 2004-04-19 2004-08-13 Network security system
US10/918,171 2004-08-13

Publications (3)

Publication Number Publication Date
WO2005107296A2 WO2005107296A2 (en) 2005-11-10
WO2005107296A8 true WO2005107296A8 (en) 2006-08-24
WO2005107296A3 WO2005107296A3 (en) 2007-08-09

Family

ID=35187000

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/011899 WO2005107296A2 (en) 2004-04-19 2005-04-07 Network security system

Country Status (2)

Country Link
US (1) US7673049B2 (en)
WO (1) WO2005107296A2 (en)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8776206B1 (en) * 2004-10-18 2014-07-08 Gtb Technologies, Inc. Method, a system, and an apparatus for content security in computer networks
US8984140B2 (en) * 2004-12-14 2015-03-17 Hewlett-Packard Development Company, L.P. Managing connections through an aggregation of network resources providing offloaded connections between applications over a network
CN101084658A (en) * 2004-12-15 2007-12-05 杉中顺子 Network connection service providing device
JP2006180095A (en) * 2004-12-21 2006-07-06 Matsushita Electric Ind Co Ltd Gateway, and access control method of web server
US20060221971A1 (en) * 2005-04-05 2006-10-05 Laure Andrieux Method and apparatus for automatically managing network routes
US7429921B2 (en) * 2005-10-27 2008-09-30 Viking Electronic Service Llc Communication system for a fire alarm or security system
US20070214232A1 (en) * 2006-03-07 2007-09-13 Nokia Corporation System for Uniform Addressing of Home Resources Regardless of Remote Clients Network Location
US7356603B2 (en) * 2006-03-29 2008-04-08 Rauland - Borg Corporation Integrated system of loads with multiple public awareness functions
US9154472B2 (en) * 2006-07-12 2015-10-06 Intuit Inc. Method and apparatus for improving security during web-browsing
GB2449852A (en) * 2007-06-04 2008-12-10 Agilent Technologies Inc Monitoring network attacks using pattern matching
US7680917B2 (en) * 2007-06-20 2010-03-16 Red Hat, Inc. Method and system for unit testing web framework applications
US8291495B1 (en) * 2007-08-08 2012-10-16 Juniper Networks, Inc. Identifying applications for intrusion detection systems
US8112800B1 (en) 2007-11-08 2012-02-07 Juniper Networks, Inc. Multi-layered application classification and decoding
US8429739B2 (en) * 2008-03-31 2013-04-23 Amazon Technologies, Inc. Authorizing communications between computing nodes
US8572717B2 (en) * 2008-10-09 2013-10-29 Juniper Networks, Inc. Dynamic access control policy with port restrictions for a network security appliance
WO2010091186A2 (en) * 2009-02-04 2010-08-12 Breach Security, Inc. Method and system for providing remote protection of web servers
US9398043B1 (en) 2009-03-24 2016-07-19 Juniper Networks, Inc. Applying fine-grain policy action to encapsulated network attacks
EP2486527A1 (en) * 2009-10-06 2012-08-15 Telefonaktiebolaget LM Ericsson (publ) User interest and identity control on internet
JP2013523043A (en) 2010-03-22 2013-06-13 エルアールディシー システムズ、エルエルシー How to identify and protect the integrity of a source dataset
EP2630774A1 (en) 2010-10-22 2013-08-28 Telefonaktiebolaget L M Ericsson (PUBL) Differentiated handling of network traffic using network address translation
WO2016046920A1 (en) * 2014-09-24 2016-03-31 三菱電機株式会社 Load distribution device, load distribution method and program
US9847971B2 (en) * 2015-11-03 2017-12-19 Cisco Technology, Inc. System and method for providing high availability in routers using an L1 bypass
US10075416B2 (en) 2015-12-30 2018-09-11 Juniper Networks, Inc. Network session data sharing
JP6781109B2 (en) * 2016-07-06 2020-11-04 日本電信電話株式会社 Traffic controls and methods
US10505894B2 (en) * 2016-10-13 2019-12-10 Microsoft Technology Licensing, Llc Active and passive method to perform IP to name resolution in organizational environments
US10701092B2 (en) * 2016-11-30 2020-06-30 Cisco Technology, Inc. Estimating feature confidence for online anomaly detection
FR3076011B1 (en) * 2017-12-21 2019-12-27 Safran Electronics & Defense METHOD FOR MONITORING THE OPERATION OF A COMPLEX ELECTRONIC COMPONENT
US11297106B2 (en) * 2019-07-08 2022-04-05 Secnap Network Security Corp. Pre-routing intrusion protection for cloud based virtual computing environments
US11671375B2 (en) * 2021-07-15 2023-06-06 Verizon Patent And Licensing Inc. Systems and methods for software defined hybrid private and public networking

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5557742A (en) * 1994-03-07 1996-09-17 Haystack Labs, Inc. Method and system for detecting intrusion into and misuse of a data processing system
US5892903A (en) * 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
JP3966598B2 (en) * 1998-03-04 2007-08-29 富士通株式会社 Server selection system
US6321336B1 (en) * 1998-03-13 2001-11-20 Secure Computing Corporation System and method for redirecting network traffic to provide secure communication
US6434600B2 (en) * 1998-09-15 2002-08-13 Microsoft Corporation Methods and systems for securely delivering electronic mail to hosts having dynamic IP addresses
US6487666B1 (en) * 1999-01-15 2002-11-26 Cisco Technology, Inc. Intrusion detection signature analysis using regular expressions and logical operators
US6405318B1 (en) * 1999-03-12 2002-06-11 Psionic Software, Inc. Intrusion detection system
US6351811B1 (en) * 1999-04-22 2002-02-26 Adapt Network Security, L.L.C. Systems and methods for preventing transmission of compromised data in a computer network
US6687831B1 (en) * 1999-04-29 2004-02-03 International Business Machines Corporation Method and apparatus for multiple security service enablement in a data processing system
US6650641B1 (en) * 1999-07-02 2003-11-18 Cisco Technology, Inc. Network address translation using a forwarding agent
US6687222B1 (en) * 1999-07-02 2004-02-03 Cisco Technology, Inc. Backup service managers for providing reliable network services in a distributed environment
US7065657B1 (en) * 1999-08-30 2006-06-20 Symantec Corporation Extensible intrusion detection system
US6996843B1 (en) * 1999-08-30 2006-02-07 Symantec Corporation System and method for detecting computer intrusions
US6510464B1 (en) * 1999-12-14 2003-01-21 Verizon Corporate Services Group Inc. Secure gateway having routing feature
US6324648B1 (en) * 1999-12-14 2001-11-27 Gte Service Corporation Secure gateway having user identification and password authentication
US6944167B1 (en) * 2000-10-24 2005-09-13 Sprint Communications Company L.P. Method and apparatus for dynamic allocation of private address space based upon domain name service queries
DE60124295T8 (en) * 2000-11-30 2007-12-06 Lancope, Inc. RIVER-BASED DETECTION OF AN INSERT INTO A NETWORK
US7131140B1 (en) * 2000-12-29 2006-10-31 Cisco Technology, Inc. Method for protecting a firewall load balancer from a denial of service attack
US7039721B1 (en) * 2001-01-26 2006-05-02 Mcafee, Inc. System and method for protecting internet protocol addresses
US7107609B2 (en) * 2001-07-20 2006-09-12 Hewlett-Packard Development Company, L.P. Stateful packet forwarding in a firewall cluster
US7099957B2 (en) * 2001-08-23 2006-08-29 The Directtv Group, Inc. Domain name system resolution
US7093294B2 (en) * 2001-10-31 2006-08-15 International Buisiness Machines Corporation System and method for detecting and controlling a drone implanted in a network attached device such as a computer
US6961783B1 (en) * 2001-12-21 2005-11-01 Networks Associates Technology, Inc. DNS server access control system and method
US7076803B2 (en) * 2002-01-28 2006-07-11 International Business Machines Corporation Integrated intrusion detection services
US7222366B2 (en) * 2002-01-28 2007-05-22 International Business Machines Corporation Intrusion event filtering
US6654882B1 (en) * 2002-05-24 2003-11-25 Rackspace, Ltd Network security system protecting against disclosure of information to unauthorized agents
US7299491B2 (en) * 2003-04-30 2007-11-20 Microsoft Corporation Authenticated domain name resolution

Also Published As

Publication number Publication date
US20050243789A1 (en) 2005-11-03
US7673049B2 (en) 2010-03-02
WO2005107296A3 (en) 2007-08-09
WO2005107296A2 (en) 2005-11-10

Similar Documents

Publication Publication Date Title
WO2005107296A3 (en) Network security system
US9781137B2 (en) Fake base station detection with core network support
WO2004075012A3 (en) System and method for simplified secure universal access and control of remote network electronic resources
WO2008104835A3 (en) System and method of providing access to instant messaging services via a wireless network
EP1175061A3 (en) Computer systems, in particular virtual private networks
WO2001082548A3 (en) Method and system for protection against denial of service attacks
WO2001073522A3 (en) Methods and apparatus for securing access to a computer
WO2004114085A3 (en) System and method for providing notification on remote devices
WO2003101023A3 (en) Method and system for wireless intrusion detection
JP2005079706A (en) System and apparatus for preventing illegal connection to network
US20070180527A1 (en) Dynamic network security system and control method thereof
GB0519466D0 (en) Network communications
US11641270B2 (en) Key diversification in a tracking device environment
WO2006138526A3 (en) Method and apparatus for reducing spam on peer-to-peer networks
US20070210909A1 (en) Intrusion detection in an IP connected security system
JPWO2015174100A1 (en) Packet transfer device, packet transfer system, and packet transfer method
TW200631354A (en) Real-time packet processing system and method
US20040243843A1 (en) Content server defending system
US20220060338A1 (en) Data protection in a tracking device environment
CN110611683A (en) Method and system for alarming attack source
US8559632B2 (en) Method for transferring messages comprising extensible markup language information
US6897776B1 (en) Electronic countermeasure (ECM) system and method
JP2002091917A5 (en) Network security device and connection management method
ATE312464T1 (en) INTERNET PROTOCOL TELEPHONE SECURITY ARCHITECTURE
WO2003025697A3 (en) Protecting network traffic against spoofed domain name system (dns) messages

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase