TWI526872B - 用於隔離一受管理伺服器之系統及其相關方法及非暫時性電腦可讀儲存媒體 - Google Patents

用於隔離一受管理伺服器之系統及其相關方法及非暫時性電腦可讀儲存媒體 Download PDF

Info

Publication number
TWI526872B
TWI526872B TW103132517A TW103132517A TWI526872B TW I526872 B TWI526872 B TW I526872B TW 103132517 A TW103132517 A TW 103132517A TW 103132517 A TW103132517 A TW 103132517A TW I526872 B TWI526872 B TW I526872B
Authority
TW
Taiwan
Prior art keywords
managed server
performers
management
managed
server
Prior art date
Application number
TW103132517A
Other languages
English (en)
Chinese (zh)
Other versions
TW201531880A (zh
Inventor
保羅J 科納
丹尼爾R 庫克
朱拉G 方德利
馬修K 葛萊恩
慕克許 庫布塔
安德魯S 魯兵
傑瑞B 史考特
杜卡蘭 維奇西
Original Assignee
伊洛米歐公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/249,145 external-priority patent/US9942102B2/en
Priority claimed from US14/474,916 external-priority patent/US9882919B2/en
Application filed by 伊洛米歐公司 filed Critical 伊洛米歐公司
Publication of TW201531880A publication Critical patent/TW201531880A/zh
Application granted granted Critical
Publication of TWI526872B publication Critical patent/TWI526872B/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Multi Processors (AREA)
TW103132517A 2013-11-04 2014-09-19 用於隔離一受管理伺服器之系統及其相關方法及非暫時性電腦可讀儲存媒體 TWI526872B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201361899468P 2013-11-04 2013-11-04
US14/249,145 US9942102B2 (en) 2013-04-10 2014-04-09 Handling changes in a distributed network management system that uses a logical multi-dimensional label-based policy model
US14/249,128 US9882783B2 (en) 2013-04-10 2014-04-09 Distributed network management using a logical multi-dimensional label-based policy model
US14/474,916 US9882919B2 (en) 2013-04-10 2014-09-02 Distributed network security using a logical multi-dimensional label-based policy model
PCT/US2014/054505 WO2015076904A2 (en) 2013-11-04 2014-09-08 Distributed network security using a logical multi-dimensional label-based policy model

Publications (2)

Publication Number Publication Date
TW201531880A TW201531880A (zh) 2015-08-16
TWI526872B true TWI526872B (zh) 2016-03-21

Family

ID=53180366

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103132517A TWI526872B (zh) 2013-11-04 2014-09-19 用於隔離一受管理伺服器之系統及其相關方法及非暫時性電腦可讀儲存媒體

Country Status (5)

Country Link
EP (1) EP3066581B1 (enExample)
JP (1) JP6491221B2 (enExample)
CN (1) CN105683943B (enExample)
TW (1) TWI526872B (enExample)
WO (1) WO2015076904A2 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI630488B (zh) * 2017-08-04 2018-07-21 中華電信股份有限公司 支援多樣性端對端網路隔離的虛擬私人網路服務供裝系統

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10608945B2 (en) 2016-02-27 2020-03-31 Illumio, Inc. Creating rules for labeled servers in a distributed network management system
US20210021471A1 (en) * 2019-07-15 2021-01-21 Microsoft Technology Licensing, Llc Techniques for managing virtual networks
US12111921B2 (en) * 2022-03-10 2024-10-08 Denso Corporation Incident response according to risk score
CN119254513B (zh) * 2024-10-16 2025-10-10 紫金山实验室 基于轻量化架构的拟态防御方法、系统、设备、介质和产品

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5968176A (en) * 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
US7673323B1 (en) * 1998-10-28 2010-03-02 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
EP1157524B1 (en) * 1999-03-03 2007-12-19 Ultradns, Inc. Scalable and efficient domain name resolution
GB2393607B (en) * 2001-06-27 2004-12-08 Arbor Networks Method and a system for monitoring control signal traffic over a computer network
EP1745631A1 (en) * 2004-05-12 2007-01-24 Alcatel Automated containment of network intruder
US7849502B1 (en) * 2006-04-29 2010-12-07 Ironport Systems, Inc. Apparatus for monitoring network traffic
US20080184277A1 (en) * 2007-01-26 2008-07-31 Microsoft Corporation Systems management policy validation, distribution and enactment
US8925101B2 (en) * 2010-07-28 2014-12-30 Mcafee, Inc. System and method for local protection against malicious software
US8813227B2 (en) * 2011-03-29 2014-08-19 Mcafee, Inc. System and method for below-operating system regulation and control of self-modifying code
WO2012160809A1 (en) * 2011-05-23 2012-11-29 Nec Corporation Communication system, control device, communication method, and program

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI630488B (zh) * 2017-08-04 2018-07-21 中華電信股份有限公司 支援多樣性端對端網路隔離的虛擬私人網路服務供裝系統

Also Published As

Publication number Publication date
CN105683943B (zh) 2019-08-23
TW201531880A (zh) 2015-08-16
JP6491221B2 (ja) 2019-03-27
CN105683943A (zh) 2016-06-15
EP3066581B1 (en) 2019-06-26
JP2017502620A (ja) 2017-01-19
EP3066581A4 (en) 2017-08-23
WO2015076904A2 (en) 2015-05-28
WO2015076904A3 (en) 2015-08-20
EP3066581A2 (en) 2016-09-14

Similar Documents

Publication Publication Date Title
US11503042B2 (en) Distributed network security using a logical multi-dimensional label-based policy model
US10212191B2 (en) Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model
US10693718B2 (en) Updating management instructions for bound services in a distributed network management system
CN105074692B (zh) 使用基于逻辑多维标签的策略模型的分布式网络管理系统
TWI670606B (zh) 修復基於網路子圖偵測之不應有訊務型樣之方法、處理網路流量查詢之方法、電腦可讀非暫時性儲存媒體及電腦系統
TWI526872B (zh) 用於隔離一受管理伺服器之系統及其相關方法及非暫時性電腦可讀儲存媒體
US11509694B1 (en) Methods and systems for network device reconfigurations