AU773314B2 - Network session wall - Google Patents

Network session wall Download PDF

Info

Publication number
AU773314B2
AU773314B2 AU13613/02A AU1361302A AU773314B2 AU 773314 B2 AU773314 B2 AU 773314B2 AU 13613/02 A AU13613/02 A AU 13613/02A AU 1361302 A AU1361302 A AU 1361302A AU 773314 B2 AU773314 B2 AU 773314B2
Authority
AU
Australia
Prior art keywords
session
message
network
communication
wall
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU13613/02A
Other versions
AU1361302A (en
Inventor
Ziv Dascalu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CA Inc
Original Assignee
Computer Associates Think Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU49920/97A external-priority patent/AU4992097A/en
Application filed by Computer Associates Think Inc filed Critical Computer Associates Think Inc
Publication of AU1361302A publication Critical patent/AU1361302A/en
Application granted granted Critical
Publication of AU773314B2 publication Critical patent/AU773314B2/en
Assigned to COMPUTER ASSOCIATES THINK, INC. reassignment COMPUTER ASSOCIATES THINK, INC. Amend patent request/document other than specification (104) Assignors: ABIRNET LTD.
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Landscapes

  • Computer And Data Communications (AREA)

Description

-J4 P/00/011 28/191 Regulaton 3.2(2)
AUSTRALIA
Patents Act 1990 COMPLETE SPECIFICATION STANDARD PATENT Application Number: Lodged: Invention Title: NETWORK SESSION WALL The following statement is a full description of this invention, including the best method of performing it known to :-us NETWORK SESSION WALL FIELD AND BACKGROUND OF THE INVENTION The present invention relates to local area networks, and wide area networks which consists of at least one local area network, for providing communication between computers and/or other network connected devices. The communication is based on well known communication rules, known as protocols (a set of rules) known to all parties participating in a session. A session is a conversation between two or 0 more parties using a standard protocol. A party that initiates a session is called 0* '"'client." A party that is connected to the client and accepts an invitation to join a 10 session is called a "server." A session is always established by a client inviting one or more servers to attend. Additional clients may attend as well.
More particularly, the present invention relates to a method and means for restricting the access of specific clients to specific servers for specific protocols or 0 data content. This is accomplished using a device located on the network and capable of passively listening to network traffic, analyzing it and responding to it when access is to be denied.
0 0o Presently, there are a number of solutions available for controlling communications over a network. One such controlling apparatus is a firewall. This is a machine located between an internal network and external networks connected thereto. The only way to communicate outside of the internal network is through the firewall. Therefore, a firewall is known as an active device that is managed for access control, and, in some cases, for authentication and encryption. By placing firewalls at strategic points between network segments, using routers; bridges and repeaters, it is possible to use this technology for access control between network stations located on different network segments. However, this solution is effectively limited, because a server station must reside on a different network segment than the communicating client station in order to monitor the communication. Internal intruders may install their own devices on the segment behind the firewall and thus get unlimited access to all machines inside the secured local area network. Also. because a firewall requires that all network traffic to pass through it and be processed for access control, the firewall causes a degradation in the throughput of the network. Accordingly, a firewall is also known as a network bottleneck.
10 Other methods for controlling communications over a network are various software products that implement secured protocols which include authentication.
Using such software, the client identifies itself either directly or using an authentication trusted server; the server (in the communication) reciprocates by identifying itself as well. Using a pre defined security protocol, both parties either 15 accept or deny the session. This requires both parties to use the same security protocol. This method also carries an implied trust in the authentication server when such a server is employed.
There is therefore a need for, and it would be highly advantageous to have, a passive network device that provides access control at a requested level over a local area network and a wide area network without using conventional software security and authentication methods.
SUMMARY OF THE INVENTION The present invention is a session wall and associated method for monitoring and controlling communications over a computer network.
The present invention provides, in one aspect for use in a computer network facilitating communication sessions between network devices, a session wall including: a network adapter for attaching the session wall to the network; data memory; a processor connected to said data memory and to said network adapter; and a communication session control system wherein data pertinent to the control of at least one of the communication sessions is stored in said memory, a portion of said at least one session is read by said processor such that said communication control system passively listens to said portion of said at least one session, said processor comparing said portion with a set of access rules stored in said memory, and, when said at least one session is not allowed according to said access rules, issuing a message to at least one of the network devices involved in said at least one session to stop further communication between the network devices.
The present invention provides, in another aspect for use in a computer 0' network facilitating communication sessions between network devices, including at least one client, a message wall including: a network adapter for attaching the session wall to the network; data memory; 25 a processor connected to said data memory and to said network adapter; and a communication session control system wherein data pertinent to the control of at least one of the communication sessions is stored in said memory, a portion of said at least one session is read by said processor, said o 30 processor comparing said portion with a set of access. rules stored in said •.*memory, and, when said at least one session is not allowed according to said access rules, issuing a message to at least one of the network devices involved in S: said at least one session, wherein said message emulates a message using an inter-device communication protocol from a respective server, said message causing said client not to accept further responses from said server during said at least one session.
The present invention provides, in another aspect for use in a computer network facilitating communication sessions between network devices, a method of controlling the communication sessions, the method including the steps of: providing network information; providing access information; passively listening to a portion of at least one of the communication sessions; comparing said portion with said access information; and when said at least one communication session is not allowed according to said access information, issuing a message to at least one of the network devices involved in said at least one session to stop further communication between the network devices.
The present invention provides, in another aspect a method for use in a computer network facilitating communication sessions between network devices for controlling the communication sessions, the method including: providing network information; providing access information; passively listening to a portion of at least one of the communication sessions; comparing said portion with said access information; and 2 5. when said at least one communication session is not allowed according to 25 said access information, issuing a message to at least one of the network devices, such as a client, involved in said at least one session to stop further communication between the network devices, wherein said message is a message emulated from a respective server using an inter-device communication protocol, said message causing said client not to accept further responses from said server during said at least one session.
The present invention provides, in another aspect for use in a computer network facilitating communication sessions between network devices, a method of controlling the communication sessions, the method including: i of controlling the communication sessions, the method including: providing network information; providing access information; reading a portion of at least one of the communication sessions; comparing said portion with said access information; when said at least one communication session is not allowed according to said access information, issuing a message to at least one of the network devices involved in said at least one session, said at least one of the network devices including at least one server.
According to the teachings of the present invention there is preferably provided, a session wall device featuring a network adapter for attaching the session wall to a network, a memory, a processor, all suitably interconnected and a communication session control system. The memory is any medium for data storage, such as, but not limited to Flash memory, conventional magnetic memory disk or diskette, and Read Only Memory (ROM). The processor functions to perform the various tasks associated with the network session control system.
The network adapter is any hardware component enabling network communication between a session wall device and another network device.
According to a preferred embodiment, the network adapter receives communications in several protocols simultaneously and transmits messages in several protocols.
Preferably, the communication session control system features data pertinent to the control of communication between network devices, stored in the memory. This data includes network information and access information.
Network information includes information regarding the network, such as network 25 topology, defining which network devices are servers and which are clients and defining the communication protocols between network devices. Access information is a set of rules typically realized as a table of groups of servers, groups of clients, and rules between them. The rules define actions that should take place when a specific set of protocols are used when the two or more parties communicate, and optionally, specific data content, or specific data sequences to be passed over the network. According to further features in preferred .ol.embodiments of the invention, the rules contain logical and mathematical combinations according to which a specific action is to be performed.
Preferably, the session control system passively listens to communications traversing the network and reads a portion of each communication. It then compares the data read with the access data in order to determine whether the message is permitted or not. If the communication is not allowed, the session wall issues a message to at least one of the devices involved in the communication. The term 'listen' in the context of the present invention is directed at the process of an electronic device receiving data communication.
Thus, the term 'passive listening' is directed at an electronic device receiving data communication not designated for the device without interfering in any way with the transmission of that communication to its intended destination.
According to further features in preferred embodiments of the invention described below, the device to which the message is sent is a client.
According to further features in preferred embodiments of the invention, the message issued features either an emulated message from a respective server, a notice that a respective server has ended the session, or a notice that the session has been blocked, or any combination thereof.
According to further features in preferred embodiments of the invention, the device to which the message is sent is a server.
According to further features in preferred embodiments of the invention, the message sent to the server features either an emulated message from a respective client to end the current session or a data string causing the server not to respond to additional messages from the respective client in the current session, or both.
To According to still further features in preferred embodiments of the invention 25 described below, the session wall issues two different messages: one to the client and another to the server.
According to further features in preferred embodiments of the invention described below, when the session wall fails to issue an appropriate message, it issues a succession of communication message (conforming to the appropriate 30 system protocol) in order to block transmission by another network device. A further feature according to this embodiment is to provide a timer configured to limit the number of consecutive messages sent in order not to block the network 6a indefinitely. The timer is realized either as a separate device, or as software executed by the processor.
Preferably, according to the teachings of the present invention, there is also provided a method for controlling communication between network devices including the steps of: providing network information; providing access information; reading portions of communication traversing the network; comparing the read communication with the access information; and when the communication is not allowed according to the access information, issuing any of the aforementioned messages to an appropriate network device involved in the communication.
According to further features in preferred embodiments of the invention, the method further includes providing the network information using one of the aforementioned methods for providing network information.
According to still further features in preferred embodiments of the invention described below, access information is provided by having the session wall passively listen to network traffic and allowing all active communication links.
According to further features in preferred embodiments of the invention, the method further features the step of, when a message is not issued as it should have been, issuing a succession of communication messages in order to block transmission by another network device. According to still further features in this preferred embodiment, the succession is limited in order not to block the S. network indefinitely.
25 According to further features in preferred embodiments of the invention, there is provided a method wherein a plurality of network devices are provided, each device capable of performing each of the steps in the method outlined above, and further providing a communication protocol for communication between these devices. The different steps involved in the method described above are executed by various of the session wall devices, whereby the devices coordinate by communicating with each other using the above mentioned protocol.
6b According to still further features in preferred embodiments of the invention, the above mentioned configuration is employed as a back-up.
Accordingly, the plurality of devices are located on a single network segment.
When one device does not function properly, another of the devices automatically operates in its stead.
Other aspects of the present invention are disclosed in the specification and/or defined in the claims, forming a part of the description of the invention.
ooo°
S
o. oo oo BRIEF DESCRIPTION OF THE DRAWINGS The invention is herein described, by way of example only, with reference to the accompanying drawings, wherein: FIG. 1 illustrates the operation of a session wall as a block diagram; FIG. 2 illustrates various hardware components of a session wall device: FIG. 3 illustrates a network configured with a plurality of session wall devices.
DESCRIPTION OF THE PREFERRED EMBODIMENTS S• The present invention is of a session wall device connected to a local area network for passively listening to communication sent over the network, and for generating messages to various network devices. When received, these messages are interpreted as messages sent either by the session wall or by another network device.
The principles and operation of the session wall according to the present invention may be better understood with reference to the drawings and the accompanying description.
Referring now to the Figures, Figures 1 and 2 show Network Adapter 2 as part of a session wall device. The network adapter is a hardware component for attaching a session wall device to network 1. Network Adapter 2 receives network communication in several protocols simultaneously. Network Adapter 2 also transmits messages in several protocols.
Figure 1 illustrates how, in operation, data is transferred from Network Adapter 2 to Receiver/Transmitter Handler 4. Receiver/Transmitter Handler 4 is a software logic that stores received network traffic in Received Data Buffer 6.
Protocol Scanner 16 is a set of software routines that scans data in Received Data Buffer 6 and compares it with Access Rules 10 to determine whether the message is permitted or not. When Protocol Scanner 16 detects an event which is not permitted.
Protocol Scanner 16 generates a message which will terminate the communication session in which that event took place. Protocol Scanner 16 stores that message in Blocking Data Buffer 8 and notifies Receiver/Transmitter Handler 4 that data should be transmitted. Receiver/Transmitter Handler 4 scans Blocking Data Buffer 8. and transmits data contained therein to network 1 via Network Adapter 2.
As mentioned above, if Protocol Scanner 16 detects that an event not Spermitted according to Access Rules 10 occurred over the network, a session wall 10 issues a message which will terminate that communication session. Accordingly. a session wall sends a message to both parties involved in the session. In a message to the server, a session wall either notifies that the client wishes to close the current session, or it sends a specific "terminate session" message to the server using the particular communication protocol used by the server. That message causes the server to stop responding to additional client messages in that specific session. In the message to the client, a session wall either emulates data from the server causing the client to misinterpret it so future responses from the server for that session will not be accepted properly, or a session wall will notify the client that the server dropped the connection. According to yet another embodiment of the invention, a session wall sends the client a previously defined message to notify that the session was blocked.
According to further features in preferred embodiments of the invention described below, the session wall features an additional layer of session control.
Accordingly, in cases when, due to malfunction or any other reason, the actions listed above are not performed the session wall injects a rapid succession of communication messages into the network that conform to the system protocol. so that any other device seeking to transmit will encounter a "collision." In order to prevent the network from being tied up indefinitely by such action, the session wall is additionally fitted with timer device 24 arranged to limit the number of consecutive messages that will be sent. Alternatively, the timer is realized as software executed by the processor.
Access rules 10 mentioned above are a table of groups of servers, groups of clients, and rules between them. The rules define actions which should take place when a specific set of protocols is used when two or more parties communicate, and also. when specific data content, or specific data sequences are passed over the 10 network. The definition contains several logical and mathematical combinations after S"which a specific action is to be performed. For example, if a client is connecting to a Telnet server and is using an FTP session on that server, the session wall will issue a command to the Telnet server to terminate the FTP session. Another example is that if a client is limited to two concurrent sessions of Telnet and FTP together and he tries 15 to open a third session, both server and client will get a message that the other party closed the connection in order to inhibit the third session.
The access rules are written to memory 22 in various ways. depending (among other things) on the level of security required. For example, a degree of security is achieved by allowing a learning period when the network is first set up. During this period the session wall "self-learns" the network topology which devices send data fi-om within the local network and which devices are connected from other segments), which devices are servers and which devices are clients, and which protocols are used between them, by passively listening to network traffic. According to one embodiment, the session wall is configured to automatically accept all existing access and thus set up its own access rules for each device forbidding new devices or new protocols. This is illustratively shown in Figure 1 as Access Rules Generator 12.
According to further features in preferred embodiments, more sophisticated rules are loaded (or self-learned rules are edited) using data provided as control frames from a network manager. If the possibility of the network manager being misused or counterfeited needs to be allowed for, the control frames are supplied from a special input device (not shown). The session wall device also features Central Processing Unit 20 for handling any processing tasks required during session wall operation.
O
According to further features in preferred embodiments of the invention.
10 several session wall devices perform a common task together. This is figuratively shown in Figure 3 featuring session wall devices 30 and 32. To this end, the various session wall devices may be located on the same segment of a local area network (as shown in the Figure) or on different segments of a wide area network. In order to perform a common task, the session wall devices feature a secured protocol to communicate. Using this protocol they automatically maintain which device will perform which task. The access rules between the devices are shared via software illustratively shown in Figure 1 as Access Rules Synchronizer 14. This software receives rules from other session wall products connected to the network and transmits access rules to other session wall products. In addition, Access Rules Synchronizer 14 also scans received data in order to automatically determine access rules and suggest them to be used. As mentioned above, in such a configuration each device is responsible for a portion of the rules. According to further features in this preferred embodiment, this configuration is used for backup purposes. Thus, if one device stops performing the other devices will automatically replace it. assumine that the)' have access to the same network segment.
It will be appreciated that the above descriptions are intended only to serve as examples, and that many other embodiments are possible within the spirit and the scope of the present invention.
a. a.
a a a. aaa a a a.
C
a a a.
a a a.
11

Claims (37)

1. For use in a computer network facilitating communication sessions between network devices, a session wall including: a network adapter for attaching the session wall to the network; data memory; a processor connected to said data memory and to said network adapter; and a communication session control system wherein data pertinent to the control of at least one of the communication sessions is stored in said memory, a portion of said at least one session is read by said processor such that said communication control system passively listens to said portion of said at least one session, said processor comparing said portion with a set of access rules stored in said memory, and, when said at least one session is not allowed according to said access rules, issuing a message to at least one of the network devices involved in said at least one session to stop further communication between the network devices.
2. A session wall as claimed in claim 1, wherein said at least one network device is a client.
3. A session wall as claimed in claim 1, wherein said at least one network device is a server. 25
4. A session wall as claimed in claim 2, wherein said message emulates a message from a respective server, said message causing said client not to accept further responses from said server during said at least one session.
5. A session wall as claimed in claim 2, wherein said message features a notice that a respective server has ended said at least one session. 0 !1 Ill: l 13
6. A session wall as claimed in claim 2, wherein said message features a notice that said at least one session has been blocked.
7. A session wall as claimed in claim 3, wherein said message emulates a request from a respective client to end said at least one session.
8. A session wall as claimed in claim 1, wherein said message is a message to a client and a different message to a respective server.
9. A session wall as claimed in claim 1, further including the step of: when said at least one session is not allowed according to said access rules, and said message is not issued, injecting a succession of communication messages in order to block transmission by another network device.
10. A session wall as claimed in claim 9, further including a timer configured to limit the duration of said succession of messages.
11. A session wall as claimed in claim 1, wherein said data pertinent to the control of at least one of the communication sessions are self learned by the session wall.
12. A session wall as claimed in claim 1, wherein said data pertinent to the control of at least one of the communication sessions are provided using control frames.
13. For use in a computer network facilitating communication sessions between network devices, a method of controlling the communication sessions, the method including the steps of: providing network information; providing access information; passively listening to a portion of at least one of the communication sessions; comparing said portion with said access information; and 14 when said at least one communication session is not allowed according to said access information, issuing a message to at least one of the network devices involved in said at least one session to stop further communication between the network devices.
14. A method as claimed in claim 13, wherein said message is issued to a client.
A method as claimed in claim 14, wherein said message emulates a message from a respective server, said message causing said client not to accept further responses from said server during said at least one session.
16. A method as claimed in claim 14, wherein said message features a notice that said at least one session has ended.
17. A method as claimed in claim 14, wherein said message features a notice that said at least one session has been blocked.
18. A method as claimed in claim 13, wherein said message is issued to a server. S19. A method as claimed in claim 18, wherein said message emulates a message from a respective client, said message causing said server to end said at least one session.
S• S
20. A method as claimed in claim 13, wherein said message includes a message to a client and a different message to a server.
21. A method as claimed in claim 13, further including the step of: when said at least one session is not allowed according to said access information, and said message is not issued, injecting a succession of communication messages in order to block transmission by another network •o device.
22. A method as claimed in claim 21, wherein said succession of messages is limited.
23. A method as claimed in claim 13, wherein said network information is provided by listening to network traffic.
24. A method as claimed in claim 23, wherein said access information is defined by network traffic at a particular time.
25. A method as claimed in claim 13, wherein said network information is provided using control frames.
26. A method as claimed in claim 13, wherein a plurality of session wall devices execute said steps and coordinate said execution using an inter-device communication protocol.
27. A method as claimed in claim 26, said plurality of session wall devices located on a common network segment, further including the step of: when one of said session wall devices does not function properly, executing functions of said non-functioning session wall device by another of said session wall devices.
28. A method for use in a computer network facilitating communication sessions between network devices for controlling the communication sessions, 25 the method including: providing network information; providing access information; passively listening to a portion of at least one of the communication sessions; comparing said portion with said access information; and o oooooo 24 Feb 2004 19:49 Smoorenburg nttrnejs +613 9712 0159 p.4 16 when said at least one communication session is not allowed according to said access information, issuing a message to at least one of the network devices, such as a client, Involved in said at least one session to stop further communication between the network devices, wherein said message is a message emulated from a respective server using an inter-device communication protocol, said message causing said client not to accept further responses from said server during said at least one session.
29. For use in a computer network facilitating communication sessions between network devices, including at least one client, a session wall including: a network adapter for attaching the session wall to the network; data memory; a processor connected to said data memory and to said network adapter; and a communication session control system wherein data pertinent to the control of at least one of the communication sessions is stored in said memory, a portion of said at least one session is read by said processor, said S: processor comparing said portion with a set of access rules stored in said memory, and, when said at least one session is not allowed according to said 20 access rules, issuing a message to at least one of the network devices involved in said at least one session, wherein said message emulates a message using an inter-device communication protocol from a respective server, said message causing said client not to accept further responses from said server during said at least one session.
30. A session wall as claimed in claim 29, wherein said message features a Snotice that a respective server has ended said at least one session.
31. For use in a computer network facilitating communication sessions 30 between network devices, a method of controlling the communication sessions, the method including: providing network information; providing access information; COMS ID No: SMBI-00633711 Received by IP Australia: Time 19:51 Date 2004-02-24 17 reading a portion of at least one of the communication sessions; comparing said portion with said access information; when said at least one communication session is not allowed according to said access information, issuing a message to at least one of the network devices involved in said at least one session, said at least one of the network devices including at least one server.
32. A method as claimed in claim 31, wherein said message emulates a message from a respective client, said message causing said server to end said at least one session.
33. A computer recording medium including computer executable code for use in a computer network facilitating communication sessions between network devices, a computer executable code controlling the communication sessions, including: code for providing network information; code for providing access information; code for passively listening to a portion of at least one of the communication sessions; code for comparing said portion with said access information; and when said at least one communication session is not allowed according to said access information, code for issuing a message to at least one of the network devices involved in said at least one session to stop further communication between the network devices.
34. A computer recording medium including computer executable cord for use in a computer network facilitating communication sessions between network devices for controlling the communication sessions, the computer recording medium including: 30 code for providing network information; code for providing access information; code for passively listening to a portion of at least one of the communication sessions; 18 code for comparing said portion with said access information; and when said at least one communication session is not allowed according to said access information, code for issuing a message to at least one of the network devices, such as a client, involved in said at least one session to stop further communication between the network, wherein said message is a message emulated from a respective server using an inter-device communication protocol, said message causing said client not to accept further responses from said server during said at least one session.
35. A computer recording medium including computer executable code for use in a computer network facilitating communication sessions between network devices, the computer recording medium including: code for providing network information; code for providing access information; code for reading a portion of at least one of the communication sessions; code for comparing said portion with said access information; when at least one communication session is not allowed according to said access information, code for issuing a message to at least one of the network devices involved in said at least one session, said at least one of the network devices including at least one server.
36. A session wall as claimed in acclaim 1 or 29, substantially as herein i: described with reference to the accompanying drawings. 25
37. A method as claimed in claims 13, 28 or 31, substantially as herein odescribed with reference to the accompanying drawings. DATED this 3 1 st day of December 2003 COMPUTER ASSOCIATES THINK, INC a -°"-SMOORENBURG PATENT TRADE MARK ATTORNEYS PO BOX 9 KANGAROO GROUND VIC 3097 :AUSTRALIA
AU13613/02A 1996-10-29 2002-01-25 Network session wall Ceased AU773314B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08739518 1996-10-29
AU49920/97A AU4992097A (en) 1996-10-29 1997-10-21 Network session wall

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
AU49920/97A Division AU4992097A (en) 1996-10-29 1997-10-21 Network session wall

Publications (2)

Publication Number Publication Date
AU1361302A AU1361302A (en) 2002-03-14
AU773314B2 true AU773314B2 (en) 2004-05-20

Family

ID=32398695

Family Applications (1)

Application Number Title Priority Date Filing Date
AU13613/02A Ceased AU773314B2 (en) 1996-10-29 2002-01-25 Network session wall

Country Status (1)

Country Link
AU (1) AU773314B2 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU7393194A (en) * 1993-12-17 1995-07-03 Taligent, Inc. Object-oriented secured communications system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU7393194A (en) * 1993-12-17 1995-07-03 Taligent, Inc. Object-oriented secured communications system

Also Published As

Publication number Publication date
AU1361302A (en) 2002-03-14

Similar Documents

Publication Publication Date Title
US5958015A (en) Network session wall passively listening to communication session, with use of access rules, stops further communication between network devices by emulating messages to the devices
AU2002330421B2 (en) System and implementation method of controlled multicast
US5124984A (en) Access controller for local area network
DE60221557T2 (en) METHOD AND DEVICE FOR ADDRESS TRANSLATION FOR SECURED CONNECTIONS
US7207061B2 (en) State machine for accessing a stealth firewall
US8856884B2 (en) Method, apparatus, signals, and medium for managing transfer of data in a data network
EP1997263B1 (en) Techniques for managing keys using a key server in a network segment
US5727146A (en) Source address security for both training and non-training packets
US20070033646A1 (en) Suspension and resumption of secure data connection session
CN116055254B (en) Safe and trusted gateway system, control method, medium, equipment and terminal
CN103404103A (en) System and method for combining an access control system with a traffic management system
US20050055579A1 (en) Server apparatus, and method of distributing a security policy in communication system
US8014406B2 (en) System and method of inserting a node into a virtual ring
CN107205026A (en) A kind of Point-to-Point Data Transmission method and system
CN110266678A (en) Security attack detection method, device, computer equipment and storage medium
US7788715B2 (en) Authentication for transmission control protocol
CN108881127A (en) A kind of method and system of control remote access permission
Mehner et al. No need to marry to change your name! attacking profinet io automation networks using dcp
US20050204160A1 (en) Method for establishing directed circuits between parties with limited mutual trust
CN109040112A (en) network control method and device
CN102316119B (en) Security control method and equipment
AU773314B2 (en) Network session wall
KR20180028742A (en) 2-way communication apparatus capable of changing communication mode and method thereof
US6915431B1 (en) System and method for providing security mechanisms for securing network communication
CN108768969A (en) A kind of network penetrating system and penetrating method

Legal Events

Date Code Title Description
TC Change of applicant's name (sec. 104)

Owner name: COMPUTER ASSOCIATES THINK, INC.

Free format text: FORMER NAME: ABIRNET LTD

FGA Letters patent sealed or granted (standard patent)