AU2009257197A1 - Computer network security system - Google Patents

Computer network security system Download PDF

Info

Publication number
AU2009257197A1
AU2009257197A1 AU2009257197A AU2009257197A AU2009257197A1 AU 2009257197 A1 AU2009257197 A1 AU 2009257197A1 AU 2009257197 A AU2009257197 A AU 2009257197A AU 2009257197 A AU2009257197 A AU 2009257197A AU 2009257197 A1 AU2009257197 A1 AU 2009257197A1
Authority
AU
Australia
Prior art keywords
data
source
filter
rejected
downloaded
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2009257197A
Inventor
Geoff Rhodes
David Roberts
Roger Smith
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WEBSAFE SECURITY Pty Ltd
Original Assignee
WEBSAFE SECURITY Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2008902989A external-priority patent/AU2008902989A0/en
Application filed by WEBSAFE SECURITY Pty Ltd filed Critical WEBSAFE SECURITY Pty Ltd
Priority to AU2009257197A priority Critical patent/AU2009257197A1/en
Publication of AU2009257197A1 publication Critical patent/AU2009257197A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Virology (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Description

WO 2009/149516 PCT/AU2009/000747 COMPUTER NETWORK SECURITY SYSTEM Field of the Invention 5 This invention relates to computer network security systems. Whilst the invention may be adapted for controlling and monitoring any suitable information provided over a distributed communications network, for convenience it shall be described herein in terms of a security system for monitoring and controlling 10 internet access and content being distributed over the internet. Background to the Invention The internet is a tool that is used by millions of people every day. Due to differing tastes, needs and interests the information provided by the internet is varied and 15 some of it may be considered inappropriate, distasteful or offensive to some people. As a result many different groups ranging from parents to the management of a company may wish to limit access to information on the internet, or even prevent access altogether. To achieve this many groups use an internet filter that restricts access to certain areas on the internet. 20 One method of internet filtering is software that can be installed directly onto a personal computer or computer network. This method provides a computer owner or network administrator with the power to identify any information that may be considered undesirable to the users of the computer or network. This method of 25 filtering can be overcome since a person who is direct control of the computer or network has access to the filtering method and can change the settings without notifying another user until it may be too late. Another method used is internet filtering that is controlled by the users Internet 30 Service Provider (ISP). Although this method is not software directly loaded onto the computer or network, it is still within the control of a person who is directly in control of the computer or network, hence similar problems can arise relating to the ease with which the filtering can be overcome. 35 Accordingly, it is an object of the present invention to overcome or ameliorate one or more of disadvantages of the prior art by providing a computer network security system.
WO 2009/149516 PCT/AU2009/000747 Summary of the Invention In one embodiment, the present invention provides a method of monitoring the transfer of data, the method including the steps of: requesting data from a designated source; 5 comparing data downloaded from the designated source against a first filter set of predefined requirements for safe access to reject or accept the downloaded data; determining the reason the rejected data is rejected by the first filter; for rejected data is that non-malicious, comparing the source from which the 10 data is downloaded with the designated source and rejecting the data where the source does not match the designated source; and for data from the designated source, filtering the content according to a second filter set of predefined requirements and enabling access to the data that satisfies the second filter set of predefined requirements. 15 The present invention provides increased security by filtering and comparing downloaded data with predetermined requirements such as applications contained within the data or embedded files to reduce the chance that malicious data will be passed from source to source. Malicious data includes, but is not limited to, data 20 which may adversely affect a computer or computer network or includes undesirable content, for example adult content. The method can further include the steps of: for data that is malicious, comparing the malicious data with a set of known 25 data anomalies and rejecting data which falls within the set of known data anomalies; and for data which is outside the set of known data anomalies, potentially storing the data for further investigation or passing the data to relevant authorities for relevant processing. The further investigation can include determining if the data 30 contains hidden information. For example, undesirable content can be contained within a photograph embedded in a text document. The present invention also provides a system for monitoring communications between a first computer, the first computer being able to be connected to the 35 internet, and a second computer, the system including: a monitoring device, operably interposed between the computers, comprising: WO 2009/149516 PCT/AU2009/000747 means for comparing data downloaded from a source against a first filter set of predefined requirements for safe access to reject or accept the downloaded data; means for determining the reason the rejected data is rejected by the first filter; 5 for rejected data is that non-malicious, means for comparing the source from which the data is downloaded with the designated source and rejecting the data where the source does not match the designated source; and for data from the designated source, means for filtering the content according to a second filter set of predefined requirements and enabling access to the data that 10 satisfies the second filter set of predefined requirements. The monitoring device can further include three filters. A first filter for comparing data downloaded from a source against a first filter set of predefined requirements for safe access to reject or accept the downloaded data; a second filter for determining the 15 reason the rejected data is rejected by the first filter and comparing the source from which the data is downloaded with the designated source and rejecting the data where the source does not match the designated source, and filtering the content according to a second filter set of predefined requirements and enabling access to the data that satisfies the second filter set of predefined requirements; and a third 20 filter for analizing data payloads and determining if the data fits within certain criteria. The criteria can include, but are not limited to, data encapsulated within peer to peer connections, chat or messenger traffic, or traffic that may contain hidden or disguised payloads. The data is also scanned for malicious content against a set of known data anomalies and rejected if it falls within the set of known data anomalies. Data 25 anomalies may include unsigned Active-X files or photographs hidden within document files. The monitoring device can include one or more storage devices for storing the data to be compared and can also store the rejected data. Preferably, each filter is 30 associated with a separate storage device. The monitoring device can also include a proxy storage server for storing data which has been filtered and is allowed to pass through the system. The use of a proxy server advantageously speeds up use of the system as it can store data which is 35 frequently requested by a compuer.
WO 2009/149516 PCT/AU2009/000747 The system can further include a key for connection to the client computer and transmitting a code to the monitoring device before data can be transferred between the client and the server. The key can comprise erasable programmable read-only memory (EPROM) and the code can be programmed directly into the EPROM. 5 Further, the key includes a tamper evident seal or built in circuitry which destroys the information once the key has been opened. In another embodiment, the present invention can provide software for use with a computer including a processor and associated member device for storing the 10 software, the software including a series of instructions to cause the processor to carry out a method described above. The first computer and second computer can be a client-server relationship, such as a home or office user connecting to an internet service provider (ISP). The ISP can 15 control, monitor and manage the internet or computer network system. The system of the present invention can be adapted to act as an intermediary between the user and a telecommunications provider which is required to connect to an ISP. Similarly the system can be adapted to act as an intermediary between the 20 user and the internet or the like so that all outgoing and incoming access and document filtering can be monitored to assist in safeguarding the integrity of the user's computer and data. The system can be adapted to manage all traffic including access to secure and non 25 secure sites. Further, the system can restrict internet access and mail through firewall rules and port restrictions which will be set and monitored by the ISP. The third filter can be a stegonographic filter adapted to determine is the data contains hidden information. 30 The present invention also provides a method of monitoring data communications, the method including the steps of: requesting data from a designated source; comparing data downloaded from a source against a first filter set of 35 predefined requirements for safe access to accept, reject or further investigate the downloaded data; WO 2009/149516 PCT/AU2009/000747 accepting the data if it is received from a previously identified safe source; or terminating the data if it receive from a previously known unsafe source; or 5 further investigation the data it is received from an unknown source by scanning the data for malicious content; where the data does not include suspicious content, accepting the data; or where the data does include suspicious content, rejecting the 10 data determining the reason the rejected data is rejected by the first filter set; where the rejected data is malicious, terminating the data; where the rejected data is non-malicious, comparing the source from which the data is downloaded with the designated source and 15 terminating the data where the source does not match the designated source; and for data from the designated source, filtering the content according to a second filter set of predefined requirements and accepting the data that satisfies the second filter set of predefined requirements. 20 The present invention allows users to view legitimate website, or any other data, which may be rejected by conventional firewall. The method and system are able to provide this flexibility by monitoring content and further investigating content which may initially look suspicious (and therefore would be rejected by a conventional 25 firewall) but instead is non-threatening to a computer or network of computers. Brief Description of the Drawing Figures In order that the invention may be more readily understood we will describe by way of non-limiting example of a specific embodiment thereof. 30 Figure 1 is a diagram of the system according to a preferred embodiment the present invention. Figure 2 is a detailed diagram of the system shown in Figure 1. 35 Figure 3 is a detailed diagram of the system shown in Figure 1.
WO 2009/149516 PCT/AU2009/000747 Figure 4 is a flow chart illustration an example method of monitoring a computer network system. Figure 5a and 5b form a detailed flow chart illustration an example method of 5 monitoring a computer network system. Description of an Embodiment of the Invention The present invention provides a system 100 for monitoring communications between a first server computer 50, which is connected to the internet, and a second 10 client computer 20. The system may also include a monitoring device 40, operably interposed between the client 20 and the server 20 which includes means, in the form of alpha filter 41, for comparing data downloaded from a source against a first filter set of predefined requirements for safe access to reject or accept the downloaded data; means, in the form of delta filter 42, for determining the reason the 15 rejected data is rejected by the alpha filter 41. If the rejected data is non-malicious, the source from which the data is downloaded is compared at step 150 with the designated source at step 120 and rejected the data where the source does not match the designated source at step 155. If the data is from the designated source 120, means for filtering the content at step 160 according to a second filter set of 20 predefined requirements and enabling access to the data at step 170 that satisfies the second filter set of predefined requirements. It is envisaged that the features and functionality of the security system and/or its components may be varied to suit different information content, network systems and/or other applications. 25 The present invention also provides a method as shown in Figure 4. The method includes requesting data from a designated source at step 500 and comparing data downloaded from a source against a first filter set of predefined requirements at step 501. If the data meets the requirements, it is accepted at step 502, but if not it is initially rejected at step 503. At step 504, the reason for rejecting the data is 30 determined by testing, at step 505, if the data is downloaded from the requested source. If the data was not downloaded from the requested source, it is rejected at step 507. If the data is from the requested source, it is further analysed at step 506 to determine if it meets a second set of requirement. If the data meets a second set of requirements, access to it is enabled at step 508, otherwise it is rejected. 35 An internet service provider 50 is adapted to provide a means for controlling, monitoring and managing the internet and computer network security system and WO 2009/149516 PCT/AU2009/000747 providing third party protection for at least one user. The user may preferably be an individual or business user wanting to protect their computer and data. The service provider is adapted to provide protection for the user's computer away from the user so that it cannot be seen as what protection is in place or circumvented by skilled 5 users. The system 100 acts as an intermediary between the user 20 and a telecommunications provider 25 which is required to connect to an ISP 50. Similarly the system can be adapted to act as an intermediary between the user and the internet or the like so that all outgoing and incoming access and document filtering can be monitored to assist in safeguarding the integrity of the user's computer and 10 data. The system has a proxy storage server 130. The server is adapted to receive and store information from the internet prior to being directed through to the user's computer. The server is a cache server which is only adapted to contain filtered and 15 clean internet information after it has been passed through a filtering system to ensure that access to the internet is not unduly slowed. Thus, a clean feed of information is passed from the server to the user's computer. Additional security software may be operated on a separate server to provide real time tracking of events and logs to maintain the integrity of the system. 20 The invention preferably has provided a monitoring device 40 which is adapted to monitor and control access to the internet. The monitoring device utilises a DSLAM connection 46 and is adapted to manage all traffic including access to secure and non-secure sites. It is envisaged that automatic direct access will be provided to 25 secure sites (VPN, RDP) such as Government or education sites. All other internet access and mail will be restricted through firewall rules and port restrictions which wil l be set and monitored by the service provider. All non-allocated ports will preferably be closed down to prevent unauthorised access or hacking and all required ports will be redirected. The monitoring device 40 reviews what access is required and permits 30 or denies access with the correct restrictions. Access may include, but not be limited to, the following: o VPN Access - full access to the internet through port 1723, GRE and UDP 500 to anywhere on the internet, requires access with username and password. 35 e RDP Access - full access to port 3389 with username and password. * POP3 Access - incoming mail checked for SPAM and viruses.
WO 2009/149516 PCT/AU2009/000747 o SMTP Access - outgoing mail checked for viruses and spam, anything over a defined threshold is restricted, user computers are not zombies or part of bot. o Other Requested Ports - access to any other port that may need to be accessed such as FTP, IMAP, Game ports, SSH and other approved ports or 5 the like. o HTTP/HTTPS - access provided with filtration process. o IMIChat - will be scanned to determine if conversation is safe and drop connection upon detection of bad conversation/connection. Any content provided through the generic internet access (HTTP Access) and mail 10 will be required to undergo a filtration process with the exception of HTTPS, VPN and RDP access where there is no change in data. It is envisaged that an inbound firewall may also be provided which is adapted to only allow designated ports back, as required and also only allow these ports to flow back into the network if they are concurrent and connected. The connection must be established from the inside to 15 allow for the return traffic back in. It is envisaged that a remote management from the WebSafe portal with a firewall and switch equipment may also be provided to allow connection to elements of the system for provisioning and fault resolution. Figure 2 illustrates the invention having a tiered filtering system. The filtering system 20 is a three-tiered filtering system for all internet traffic accessible using internet browsing programs such as internet explorer and firefox or the like. The filtering system provides a managed connection to the internet through a closed, monitored system that utilises multiple filters. Each filter has provided a bank of servers which can be scaled to allow potentially hundreds and millions of connections. Each filter is 25 designed to filter items including, but not limited to, inappropriate content, illegal ports, malicious code, phishing scams, SPAM, active X or the like. Each filter is provided with a deleted storage area 30 which is a designated deletion area for storing the deleted items so that only the filtered content is allowed through. Using the filtering system of the invention, no access will be allowed on unregulated ports. 30 As a result, the system provides a cleaner pipe for access to the internet. A first filter is an alpha filter 41. The alpha filter 41 is designed to check the source to which a user is being directed. The alpha filter 41 preferably has black and white list restrictions to indicate the content which should be allowed or discarded as it passes 35 through each filter. The black list 125 contains a list of sources known to contain WO 2009/149516 PCT/AU2009/000747 malicious data or inappropriate content. The white list contains a list of desirable sources. The white list is able to have sources added or removed. The source will initially be checked against the white list for approval and initial 5 scanning. A black list 125 is further utilized to determine if it is banned, in which case the connection will be dropped. Where the source is not on the black list the system will check at step 126 if the source has been downloaded before. If the source has previously been downloaded, the system will check and retrieve the source from the cache server at step 127 and replace the dynamic source with new 10 information. Where the source has not been previously downloaded, it will be downloaded and stored in a 'sandpit' 128. The sandpit is a temporary disc storage area. Content in the 'sandpit' 128 which is not on the white list will be scanned at step 134 for source, 15 active X and malicious code and on approval will be passed to cache 130 for storage if requirements are met or to the delta 42 and/or steg filter 43 if requirements are not met and the data is not clean. A second filter is a delta filter 42. The delta filter 42 is adapted to review content 20 which has not passed the initial predefined requirements, that is the data contained applications or other undesirable code. The delta filter 42 determines what triggered the alarm 136. Possible alarm triggers may include, but not be limited to active X; zombie / bot net or phishing attacks or the like. Where the alarm trigger is a malicious code or poisoned source 137, the content will be passed directly to the steg filter 43. 25 Otherwise, the source will then be checked to see it is the same as the user requested at step 150. If the source is as request and the content is clean the request will be processed 170. Clean data is passed to the cache 130 server for storage or alternatively, passed to the steg filter 43 if it is suspicious. If the source is incorrect, because a user has been redirected to a different webpage, or it the 30 content is determined to be undesirable 155, the source will be deemed dangerous and the information will be dropped and not passed onto the user. A third filter is a stegnographic filter 43. The steg filter 43 is adapted to provide the highest level of security and management for content which has an anomaly and 35 does not pass predefined requirements after filtering by the alpha 41 and delta 42 filter. If the anomaly is not noteworthy at step 141 the information will be dropped immediately and reported to the client as a dangerous source at step 142.
WO 2009/149516 PCT/AU2009/000747 Alternatively, the anomaly will be documented at step 143, prior to the information being dropped. If the anomaly is noteworthy it is scanned and reported to a high tech crime unit if the access is illegal or immoral. 5 At step 178 data that is received by the stegnographic filter 43 is analysed to determine if the data is traffic from a peer-to-peer connection. At step 179 the data from that traffic is compared with a database of allowed application and data streams. If the data is safe is passed to the cache 130. 10 It is envisaged that the user's computer may also be protected by anti-virus and anti spam software to provide an additional layer of protection for incoming content and ensuring that outgoing content will not be corrupt and refused by, or affect the integrity of, the present system. 15 The stegonagraphic filter 43 may not be employed at all times, only handling information that is presented to it that did not meet the rule sets of the first two layers 41, 42 of filtering. Alternatively, the stegonagraphic filter 43 would be employed for use for certain situations. Such as Embedded content within embedded content within a standard application content payload (jpeg withing jpeg within a word 20 document)... Although the third filter is handling information that is passed to it from the second filter it has a larger role in the filter system to track and manage peer to peer traffic. This filter is designed to monitor peer to peer traffic and pass only traffic that does not 25 fit designated filtering criteria and removal of traffic that has a destructive payload The system may be enhanced by including a key. The key is a hardware device provided to the user in the form of a USB connection. It is installed by communicating with the user's internet service. The key has a code built into the device, which is 30 then transmitted to the monitoring device. The monitoring device will only allow Internet traffic to be transmitted to the user after the presence of the key and successful reception of the code held within the key has been received and accepted. 35 The key is designed to be transportable, hence the user can unplug the key and take the key to another Internet connection and connect to the monitoring device. This WO 2009/149516 PCT/AU2009/000747 would allow the user to travel and connect to the Internet in a secure fashion from different locations. The key includes EPROM technology and the code is programmed into the EPROM. 5 The key is protected from tampering by the use of two methods, the first of which is the use of tamper evident seals to show if tampering has occurred and the second is the use of built in circuitry that would destroy the information held in the EPROM in the event the key is physically opened. 10 The method of the present invention may also be implemented on a cut down proprietary operating system, that is loaded from flash ROM technology within the a stand alone unit. The unit can provide full connectivity to the internet but can reduce some of the normal problems and security issues that are involved in operating a normal PC. The unit is designed to allow people who are not familiar or comfortable 15 using traditional PC equipment to access the internet without the concerns of downloading material they were not intending to or having the PC being infected by malicious software. The unit is also designed to allow parents who, although they understand PC technology, can provide this unit as a controlled and safe appliance for young children to access the internet. 20 While we have described herein a particular embodiment of an internet and computer network security system, it is further envisaged that other embodiments of the invention could exhibit any number and combination of any one of the features previously described. However, it is to be understood that any variations and 25 modifications can be made without departing from the spirit and scope thereof.

Claims (25)

1. A method of monitoring the transfer of data, the method including the steps of: requesting data from a designated source; 5 comparing data downloaded from a source against a first filter set of predefined requirements for safe access to reject or accept the downloaded data; determining the reason the rejected data is rejected by the first filter; for rejected data that is non-malicious, comparing the source from which the data is downloaded with the designated source and rejecting the data where the 10 source does not match the designated source; and for data from the designated source, filtering the content according to a further filter set of predefined requirements and enabling access to the data that satisfies the further filter set of predefined requirements. 15
2. A method according to claim 1 further including the steps of: for data that is malicious, comparing the malicious data with a set of known data anomalies and rejecting data which falls within the set of known data anomalies; and for data which is outside the set of known data anomalies, storing the data for 20 further investigation.
3. A method according to claim 2 wherein the further investigation includes determining if the data contains hidden information. 25
4. A method according to any one of claims 1 to 3 wherein the source is a universal resource locator for an internet web page.
5. A method according to any one of the preceding claims wherein the data includes any one or more of: data downloaded from a webpage, peer-to-peer traffic, 30 chat traffic or messenger traffic.
6. A method according to any one of the preceding claims wherein the step of determining the reason the rejected data is rejected by the first filter includes packet inspection of the data or inspecting an application associated with the data. 35
7. A method according to any one of the preceding claims further including the step of the further filter set of predefined requirements and accepting the data that WO 2009/149516 PCT/AU2009/000747 satisfies the further filter set of predefined requirements wherein the further filter set of predefined requirements includes: a) monitoring for embedded content within embedded content within a standard application content payload such as jpeg within jpeg within a word 5 document; or b) monitoring peer to peer traffic and pass only traffic that fits designated filtering criteria and removal of traffic that has a destructive payload.
8. A system for monitoring communications between a first computer, the first 10 computer being able to be connected to the internet, and a second computer, the system including a monitoring device, operably interposed between the first and second computers, comprising: means for comparing data downloaded from a source against a first filter set 15 of predefined requirements for safe access to reject or accept the downloaded data; means for determining the reason the rejected data is rejected by the first filter; for rejected data is that non-malicious, means for comparing the source from which the data is downloaded with the designated source and rejecting the data 20 where the source does not match the designated source; and for data from the designated source, means for filtering the content according to a second filter set of predefined requirements and enabling access to the data that satisfies the second filter set of predefined requirements. 25
9. A system as claimed in claim 8 wherein the monitoring device includes a proxy storage filter for storing the data to be compared.
10. A system as claimed in claim 8 wherein the proxy storage filter stores the rejected data. 30
11. A system as claimed in any one of claims 8 to 10 wherein the means for comparing data downloaded from a source against a first filter set of predefined requirements for safe access to reject or accept the downloaded data is a first filter. 35
12. A system as claimed in any one of claims 8 to 11 wherein the means for determining the reason the rejected data is rejected by the first filter is a second filter. WO 2009/149516 PCT/AU2009/000747
13. A system as claimed in claim 12 wherein comparing the source from which the data is downloaded with the designated source and rejecting the data where the source does not match the designated source is preformed by the second filter. 5
14. A system as claimed in claim 12 or claim 13 wherein filtering the content according to a second filter set of predefined requirements and enabling access to the data that satisfies the second filter set of predefined requirements is performed by the second filter. 10
15. A system as claimed in any one of claims 12 to 14 further including a third filter for analizing data to determine if the data falls within s set of criteria.
16. A system as claimed in claim 15 wherein the set of criteria includes data anomalies such as hidden or disguised data. 15
17. A system as claimed in any one of claims 8 to 16 wherein the system further includes a key for connection to the client computer wherein the key transmits a code to the monitoring device before data can be transferred between the client and the server. 20
18. A system as claimed in claim 17 wherein the key comprises erasable programmable read-only memory (EPROM) and the code is hard-coded into the EPROM. 25
19. A system as claimed in claim 17 or claim 18 wherein the key includes a tamper evident seal.
20. A system as claimed in claim 12 or claim 13 wherein the key includes built in circuitry which destroys the information once the key has been opened. 30
21. Software for use with a computer including a processor and associated member device for storing the software, the software including a series of instructions to cause the processor to carry out a method according to any one of claims 1 to 7. 35 WO 2009/149516 PCT/AU2009/000747
22. A method of monitoring data communications, the method including the steps of: requesting data from a designated source; comparing data downloaded from a source against a first filter set of 5 predefined requirements for safe access to accept, reject or further investigate the downloaded data; accepting the data if it is received from a previously identified safe source; or terminating the data if it receive from a previously known unsafe 10 source; or further investigation the data it is received from an unknown source by scanning the data for malicious content; where the data does not include suspicious content, accepting the data; or 15 where the data does include suspicious content, rejecting the data determining the reason the rejected data is rejected by the first filter set; where the rejected data is malicious, terminating the data; where the rejected data is non-malicious, comparing the source from 20 which the data is downloaded with the designated source and terminating the data where the source does not match the designated source; and for data from the designated source, filtering the content according to a further filter set of predefined requirements and accepting the data that satisfies the further filter 25 set of predefined requirements.
23. A method of monitoring data communications as claimed in claim 22 wherein the further filter set of predefined requirements includes accepting the data that satisfies the further filter set of predefined requirements wherein the further filter set of 30 predefined requirements includes: a) monitoring for embedded content within embedded content within a standard application content payload such as jpeg within jpeg within a word document; or b) monitoring peer to peer traffic and pass only traffic that fits designated 35 filtering criteria and removal of traffic that has a destructive payload. WO 2009/149516 PCT/AU2009/000747
24. A method of monitoring data communications substantially as hereinbefore described with reference to the drawings.
25. A system for monitoring communications between a first computer, the first 5 computer being able to be connected to the internet, and a second computer, the system substantially as hereinbefore described with reference to the drawings.
AU2009257197A 2008-06-13 2009-06-12 Computer network security system Abandoned AU2009257197A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2009257197A AU2009257197A1 (en) 2008-06-13 2009-06-12 Computer network security system

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
AU2008902989 2008-06-13
AU2008902989A AU2008902989A0 (en) 2008-06-13 Internet and computer network security system
AU2009900796A AU2009900796A0 (en) 2009-02-24 Internat and Computer Network Security System
AU2009900796 2009-02-24
PCT/AU2009/000747 WO2009149516A1 (en) 2008-06-13 2009-06-12 Computer network security system
AU2009257197A AU2009257197A1 (en) 2008-06-13 2009-06-12 Computer network security system

Publications (1)

Publication Number Publication Date
AU2009257197A1 true AU2009257197A1 (en) 2009-12-17

Family

ID=41416290

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2009257197A Abandoned AU2009257197A1 (en) 2008-06-13 2009-06-12 Computer network security system

Country Status (2)

Country Link
AU (1) AU2009257197A1 (en)
WO (1) WO2009149516A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8726387B2 (en) * 2011-02-11 2014-05-13 F-Secure Corporation Detecting a trojan horse
US20130041901A1 (en) * 2011-08-12 2013-02-14 Rawllin International Inc. News feed by filter
US10015136B2 (en) 2013-01-31 2018-07-03 Telefonaktiebolaget Lm Ericsson (Publ) Method and firewall for soliciting incoming packets

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5835726A (en) * 1993-12-15 1998-11-10 Check Point Software Technologies Ltd. System for securing the flow of and selectively modifying packets in a computer network
US7215637B1 (en) * 2000-04-17 2007-05-08 Juniper Networks, Inc. Systems and methods for processing packets
US6922786B1 (en) * 2000-10-31 2005-07-26 Nortel Networks Limited Real-time media communications over firewalls using a control protocol
US20020133586A1 (en) * 2001-01-16 2002-09-19 Carter Shanklin Method and device for monitoring data traffic and preventing unauthorized access to a network

Also Published As

Publication number Publication date
WO2009149516A1 (en) 2009-12-17

Similar Documents

Publication Publication Date Title
US9462007B2 (en) Human user verification of high-risk network access
US10542006B2 (en) Network security based on redirection of questionable network access
US7890612B2 (en) Method and apparatus for regulating data flow between a communications device and a network
US20060026680A1 (en) System and method of characterizing and managing electronic traffic
US20080196099A1 (en) Systems and methods for detecting and blocking malicious content in instant messages
AU2003239220A1 (en) Systems and methods for a protocol gateway
Chopra Security issues of firewall
Razumov et al. Developing of algorithm of HTTP FLOOD DDoS protection
AU2009257197A1 (en) Computer network security system
Göksel et al. Perimeter network security solutions: A survey
Kizza Firewalls
KR101450961B1 (en) Method and system for blocking sophisticated phishing mail by monitoring inner and outer traffic
Sousa A Review on Cyber Attacks and Its Preventive Measures
Kantheti et al. Performance and evaluation of firewalls and security
Banday et al. A study of Indian approach towards cyber security
WO2008086224A2 (en) Systems and methods for detecting and blocking malicious content in instant messages
Hussain Use of Firewall and Ids To Detect and Prevent Network Attacks
Straub Information Security Managing Risk with Defense in Depth
Wu et al. General precautions against security threats for computer networks in SMEs: from the perspective of big data and IOT
Kaplesh et al. Firewalls: A study on Techniques, Security and Threats
Nielson Classical Network Security Technology
Suhag Paradigmatic Approaches for Network Security and Preventing Intrusions: A Secure Computer Shield
Morgus et al. The Idealized Internet vs. Internet Realities (Version 1.0)
Hackl et al. State of the art in network-related extrusion prevention systems
Signals Directorate ASD’s Information Security Manual

Legal Events

Date Code Title Description
MK4 Application lapsed section 142(2)(d) - no continuation fee paid for the application