WO2004028107A2 - Controle de transmissions de donnees - Google Patents

Controle de transmissions de donnees Download PDF

Info

Publication number
WO2004028107A2
WO2004028107A2 PCT/EP2003/010120 EP0310120W WO2004028107A2 WO 2004028107 A2 WO2004028107 A2 WO 2004028107A2 EP 0310120 W EP0310120 W EP 0310120W WO 2004028107 A2 WO2004028107 A2 WO 2004028107A2
Authority
WO
WIPO (PCT)
Prior art keywords
data
control system
monitoring
security
network
Prior art date
Application number
PCT/EP2003/010120
Other languages
German (de)
English (en)
Other versions
WO2004028107A3 (fr
Inventor
Peter Kämper
Original Assignee
Kaemper Peter
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kaemper Peter filed Critical Kaemper Peter
Priority to AU2003271599A priority Critical patent/AU2003271599A1/en
Publication of WO2004028107A2 publication Critical patent/WO2004028107A2/fr
Publication of WO2004028107A3 publication Critical patent/WO2004028107A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Definitions

  • the present invention relates to security in network-based data transmissions and in particular security aspects in data transmissions between at least two networks, also taking into account data transmissions within a network which are provided for transmission to another network.
  • firewalls In order to ensure the security of data transfers between two networks, systems known as “firewalls” are usually used.
  • network as used here encompasses arrangements comprising single or multiple units, for example in the form of computer systems, from and to which data can be transmitted. Examples of this are the Internet, intranets, individual arrangements comprising computer units, for example designed as personal computers, with devices or associated devices for data transmissions to and from other systems and the like.
  • a firewall essentially serves to prevent undesired, impermissible data transfers from one network to another network.
  • a firewall also protects a network against unauthorized access from another network, whereby data transmissions from another network which are usually required for access and / or which initiate access are prevented if they would lead to unauthorized access.
  • a firewall In order to prevent unwanted, unauthorized data transfers and accesses and to allow desired, permitted data transfers and accesses, a firewall generally uses so-called packet filtering.
  • data are generally transmitted in packets, the packets comprising information, for example the source of the data to be transmitted, the destination to which the data are to be transmitted, and protocols used to create the data to be transmitted (for example protocols for Creation of text documents, graphic documents, video / audio documents, executable software codes, for example in the form of software programs, and the like) etc.
  • Packet filtering defines rules that are intended to prevent data transfers from certain sources and / or to certain destinations, for example. According to such rules, a firewall prevents or permits data transfers from one network to another network.
  • proxy For data transfers between two networks, it is often necessary to use a so-called proxy in a network, which enables data transfers from this network to another network in the first place.
  • proxies are often used as security systems for data transmission. Since a proxy of a computer system that requires the proxy to communicate with other networks or systems is a prerequisite for data transmission to and from this network, the proxy can also be used to only allow or prevent certain data transmissions. For example, it is possible to enable the users of a network to access certain services and / or data provided by another network by means of a proxy. For this purpose, for example, protocols used in connection with the services and / or data of the network to be accessed can be used. Examples of this are so-called HTTP proxies and FTP proxies, which only allow data transfers according to HTTP or FTP. It is also known to provide virus protection for data transmissions by means of a proxy.
  • IDS intrusion detection systems
  • the main task of an IDS is to identify the violation of security regulations or requirements and to initiate appropriate countermeasures.
  • an IDS In order to be able to identify an attack, an IDS must be provided with information that indicates how an attack can be identified.
  • unauthorized third parties use certain, often repetitive, techniques to launch an attack. This means that attacks on a network take place according to patterns that are referred to as signatures in this area.
  • signatures include TCP port scans, UDP port scans, IP packets with incorrect parameters, tunneling, encapsulating, flooding and the like.
  • the object of the present invention is generally to eliminate disadvantages of known security measures and methods in data transmissions, in particular between networks.
  • the present invention is intended to make it possible to avoid the disadvantages existing in known security systems, known as firewalls, proxy and LOS, in order to increase the security in data transmissions between networks and, moreover, to provide application-specific, individual and user-friendly security solutions.
  • the approach of the present invention on which the stated object is based is generally to use systems for monitoring, controlling and analyzing data transmissions between networks in a manner which allows the individual security measures of different systems and their own systems to be used. to increase safety and, on the other hand, to combine security measures of different systems and to use synergy effects so that overall security is increased and can also be adapted, preferably continuously.
  • the present invention allows individual security systems to be adapted to the currently desired and required security requirements as a function of one another and taking security measures, data monitoring results (for example in the form of corresponding protocols) and the like of individual security systems.
  • the present invention takes the approach of implementing individual security systems in such a way that they essentially only have the means (e.g. hardware and software) that are directly required for their intended operation.
  • the data required for commissioning ("booting") and for actual operation are not stored locally in individual safety devices, but are provided centrally.
  • the invention provides that software programs required for operation, for example in the form of operating systems, are reduced to a minimum required for actual operation.
  • the following invention teaches that data and information that are generated by individual security systems with regard to data transmissions through networks are not stored locally in the corresponding security systems, but rather are logged centrally. A unit comparable to a database can be used here.
  • the present invention provides a monitoring system according to claim 1, a data type control system according to claim 17, a data content control system according to claim 26, a data transfer control system according to claim 34, a control system according to claim 43 and a security environment according to claim 51 for network-based data transfers.
  • Computer system individual computer systems, personal computers, computer clusters, computer network, etc.
  • Network networked data connections, communication systems, computer systems, routers, nodes, etc; the Internet; Connections between at least two networks; Etc.
  • Security requirements Definitions of permitted data transfers, file types, transfer times, transfer rates, data sources, data contents, transfer destinations, connection confirmations, control of connections, data targets, data sources, etc.
  • Storage unit non-volatile storage, hard drives, streamers, databases, skin storage, caches, storage media, etc.
  • Storage subunit see storage unit
  • Input unit keyboard, mouse, microphone, data interfaces, (ISDN cards, modems), scanners, character input devices, light pens, etc.
  • Instructions for controlling the operation of a system by a user software code, input of single / multiple commands, interactive use of a control program, etc.
  • Interface unit modems, network cards, liter face devices and devices, etc.
  • Operating data operating software, software code (parts), operating system (parts), parameters for software and hardware, scripts, database structure, database contents, database control, drivers, process data, process control, protocols, user and application data, etc.
  • Security requirement data characterizing security requirements: Data which define security requirements (see above)
  • the present invention provides methods according to claims ... which are preferably used to operate the aforementioned systems or the aforementioned security environment.
  • the present invention provides software products according to claims ..., which enable the implementation of individual or multiple steps of individual or multiple methods according to the invention.
  • FIG. 1 is a schematic representation of a security environment according to the invention
  • FIG. 2 shows a schematic illustration of a data type control system according to the invention
  • FIG. 3 shows a schematic illustration of a data content control system according to the invention
  • 4 shows a schematic illustration of a data transmission control system according to the invention
  • FIG. 5 shows a schematic illustration of a monitoring system according to the invention
  • 6 to 15 are schematic representations of different views of graphical user interfaces according to the invention.
  • FIG. 16 shows a schematic illustration of a control system according to the invention.
  • a security environment SU is used for data transmissions between a first network NW1 and a second network NW2. Data transfers can take place both from the network NW1 to the network NW2 and in the reverse direction. It should be noted, however, that, as can be seen from the following, there is no direct data connection between the networks NW1 and NW2.
  • the first network NW1 is an intranet network.
  • the first network NW1 comprises a plurality of computer devices referred to as clients CL1, ... CLn. Data transfers from and to the clients CL1, ..., CLn take place with respect to the second network NW2 via the router R1. Data transfers between the clients CL1, ..., CLn takes place within the first network NW1 via the invention not shown in this figure between the "clients CL1, ..., CLn.
  • the second network NW2 is the Internet, a router R2 being provided for data transmissions from and to the second network NW ".
  • the router R1 and / or router R2 is (are) integrated in the security environment SU as a component thereof.
  • Data to be transmitted from the second network NW2 to the first network NW1 is transmitted from the router R2 to a data type control system FW.
  • the FW data type control system is used, among other things, for packet filtering for data transmissions data packets used from the second network NW2. Therefore, the data type control system FW can be compared to a firewall in this regard.
  • a PROXY data content control system that works with the FW data control system is considered a proxy server for network services and / or protocols such as HTTP, HTTPS, DNS, SMTP, FTP and the like. Therefore, the PROXY data content control system can be compared to a proxy server in this regard. Furthermore, the PROXY data content control system is used to separate LP data streams, to control the content of data transmitted via the data type control system FW (for example with regard to pornographic content), to provide virus protection with regard to logging activities carried out with regard to data transmissions from and to the second network NW2 and the like , To the outside, i.e. The second network NW2 only recognizes the LP address of the external router R2. From the point of view of the second network NW2, the PROXY data content control system performs its services anonymously. This can also apply to the first network NW1.
  • a data transmission analysis system IDS which is included in the security environment SU and which works together with the data type control system FW and the data content control system PROXY, serves to identify attack patterns or signatures used in the case of unauthorized access or attacks from the second network NW2 to the first network NW1.
  • the LDS data transmission analysis system is comparable to a known intrusion detection system.
  • a monitoring system AS uses a database, which is shown in this figure merely as an integrated unit, in which a logging of data and / or information relating to data transmission is logged.
  • logging which is also required by law, includes attacks / intrusions and intrusion / attack attempts, data transmissions to the first network NW1 and from there via the security environment SU to another network, for example the second network NW2 and the like.
  • the monitoring system AS can also be referred to as an Audi server.
  • the monitoring system AS communicates with the aforementioned systems FW, PROXY and LDS via an internal bus system BUS-INT or a comparable communication connection, which can be implemented as a communication network, for example.
  • the internal bus system BUS-INT is physically composed of communication connections, for example in the form of buses, cables and the like, which are used for data transfers between the network works NW1 and NW2 or the routers R1 and R2 are used, physically separated.
  • control system BM can also be referred to as a boot and management server for the security environment SU.
  • the control system BM also communicates with the other components within the safety environment SU via the internal bus system BUS-INT.
  • the security environment SU can be at least partially redundant.
  • two data type control systems two data content control systems, two can be used.
  • the communication connections used for internal communication purposes within the security environment SU can also be designed redundantly by means of two internal bus systems.
  • the security environment SU can also be designed redundantly by means of the two routers for instead of the routers R1 and R2.
  • the data type control system FW controls data flows between the second network NW2 and the first network NW1.
  • data packets with certain data types e.g. real audio
  • data packets that cannot be identified are not forwarded. Then these are not to be checked.
  • the data packets are logged and used for analysis, especially with regard to attack detection. A complete blocking of data is also possible.
  • the FW data type control system only allows data packets whose origin, content and destination correspond to specified rules.
  • the FW data type control system is comparable to a traffic light.
  • the traffic light only controls the flow of traffic, but does not control the content of the wagons (here data).
  • the FW data type control system does not do this either, since the traffic flow (data transmission) would then no longer be possible.
  • a content control during data transmissions takes place here using the data content control system PROXY and the LDS data transmission analysis system.
  • the data type control system FW comprises a computer system FW-RS (for example with a single CPU (800 MHz, 512 MB), two external NICs, an internal "boot” - NIC, an internal "proxy” - NIC). Data transmission speeds of 2 Mbit to 2 Gbit (fiber optic cabling) are provided.
  • FW-RS for example with a single CPU (800 MHz, 512 MB), two external NICs, an internal "boot” - NIC, an internal "proxy” - NIC).
  • Data transmission speeds of 2 Mbit to 2 Gbit (fiber optic cabling) are provided.
  • a special, very small Unix kernel is used as the operating system for the data type control system FW, from which almost all services that are not absolutely necessary are removed. Only one network type driver is supported in the first line. As explained below, support for playback and input units (e.g. monitor, mouse, keyboard etc.) is generally not provided. This makes the kernel very fast and very stable and can be updated quickly (“update”). Furthermore, the kernel cannot execute any foreign code (e.g. in the event of an attack), since the kernel does not provide any services for this. Rather, only known software and hardware are supported. The resulting inflexibility of the data type control system FW leads to increased security.
  • the data type control system FW can comprise an interface unit FW-LNT, e.g. in the form of a modem or a computer interface. This allows the FW data type control system to be supported, e.g. via phone.
  • the interface unit FW-LNT can be designed in such a way that NW1 and NW2 is reachable.
  • “remote" access is only possible with the approval and support of a user, since the FW-INT interface unit is normally switched off. If necessary, the user must activate the FW-INT interface unit and enable access to the FW data type control system. This may also require the transmission of a password. For control purposes, such processes are also logged using the monitoring system AS. After completion, the interface unit FW-INT is deactivated again to prevent further access.
  • the central control and management of the data type control system FW takes place via the control system BM.
  • the user management of the data type control system FW can only be carried out locally on the control system BM itself.
  • additional devices such as a keyboard, a monitor and the like.
  • Additional security measures can be taken, such as recording biometric data ("fingerprint") and entering passwords or code words.
  • the data type control system FW starts ("booted") from the control system BM. New settings, operating modes, rules and the like for the data type control system FW can be made centrally by means of the control system BM. A special feature is that existing settings, operating parameters and the like in a memory of the data type control system FW are not used during booting. Like any computer system, it is also necessary to use files, parameters, data, information, etc. for an operating system of the data type control system FW to operate the data type control system. For example, files are used which contain user information, user names, passwords and the like, which are used when data transmissions are checked by the data type control system FW. These files can be an attack, for example. An attempt is made to modify these files.
  • Rules or rule sets are defined for the data type control system, according to which the data type control system FW permits or prevents data transfers from the second network NW2.
  • Such rule sets define who can transfer which data from where to where and which data can be accessed.
  • Such rules are usually stored in a so-called flat file.
  • a disadvantage of this procedure is that the protection defined by means of such rules stored in such a file cannot be divided into individual rules. This generally has the consequence that a security device serving as a firewall is not administered differently by different users can.
  • rule sets provided for operating the data type control system FW are present in a database assigned to the control system BM.
  • this rule set database which is available, for example, for several security environments SU, individual rules or rule sets are defined, according to which data type control systems FW monitor or control data transfers. Furthermore, it is provided that the individual rules and rule sets of the rule set database are assigned information about which security environment may use which rules and / or rule sets. This also applies to changes to rules and rule sets in the rule set database, as described below in connection with changes to rules and rule sets for the FW data type control system.
  • Rules and rule sets are created application-specifically. Rules and rule sets can be entered by means of a graphical user interface of the control system BM. The rules and rule sets are generally stored as so-called script files by the control system BM. A change of rules and rule sets can generally not be carried out directly on the data type control system FW.
  • logs created by the FW data type control system are also not saved locally. Rather, the internal bus system BUS-INT transmits protocol information from the data type control system FW, for example in the form of log files, to the monitoring system AS and stores it there in a database for later use. This makes it impossible for an attacker to access and change logs created by the data type control system. That is, an attacker is unable to track his "traces", i.e. change or delete logs indicating his attack. It is provided that the logging takes place in real time and the data are transmitted in encrypted form to the monitoring system AS.
  • the combination of logging using the AS monitoring system allows security-related processes to be better recognized than is possible with conventional firewalls (for example: Mr. Müller is allowed to carry out HTTP transmissions through the FW data type control system
  • Mr. Müller is allowed to carry out HTTP transmissions through the FW data type control system
  • the attacker issuing Mr. Müller can penetrate the FW data type control system, although no data transfers originate from the real Mr. Müller, who, for example, does not work on his workstation (PC), but this is recognized by the SU security environment).
  • the utilization of the data type control system FW has a decisive de Significance, since the FW computer system requires computing time to process the data packets. The more resources are available, the better and the more attacks can be warded off by the data type control system FW. It is therefore envisaged that the data type control system FW is normally used in a range of 5 - 10% and in terms of its memory up to 15%. This provides enough reserves for attacks.
  • the load is distributed via IP routing.
  • load distribution it should be noted in particular that the performance of the data type control system FW available in the event of an attack is sufficient to detect an attack and, if necessary, to avert it.
  • the PROXY data content control system enables the connections from outside to inside and vice versa, ie from the second network NW2 to the first network NW1 and vice versa.
  • the PROXY data content control system receives all the data passed through by the FW data type control system, for example as HTTP, FTP, SMTP and DNS packets. These are examined by the data content control system PROXY with regard to their content and, if necessary, filtered. Static filtering methods can be used here. Words and terms that have or could have a special meaning can be entered for this (eg words with a pornographic meaning, words with a business reference ("Annual Report", "Internal", "Confidential”, etc.).
  • PROXY data content control system Data packets with such "dirty" and internal content can then be recognized by the PROXY data content control system. This applies not only to data transmissions from the second network NW2 to the first network NW1 but also in the opposite direction. Another task of the PROXY data content control system is virus protection. • • • ' ⁇ " '
  • Logs created by the PROXY data content control system are also not saved locally. Rather, the internal bus system BUS-INT transmits protocol information from the PROXY data content control system, for example in the form of log files, to the monitoring system AS and stores it there in a database for later use. This makes it impossible for an attacker to access and change logs created by the data type control system. This is made even more difficult by the fact that local firewalls are provided for the PROXY data content control system. It is provided that the logging takes place in real time and the data are transmitted in encrypted form to the monitoring system AS.
  • the data content control system PROXY comprises a computer system.
  • Data type control system PROXY computer system A special, very small Unix kernel is used as the operating system for the PROXY data content control system, from which almost all services that are not absolutely necessary are removed.
  • support for playback and input units e.g. monitor, mouse, keyboard etc.
  • the kernel cannot execute any foreign code (e.g. in the event of an attack), since the kernel does not provide any services for this. Rather, only known software and hardware are supported. The resulting inflexibility of the PROXY data content control system leads to increased security.
  • the data content control system PROXY can have an interface unit PROXY-INT, e.g. in the form of a modem or a computer interface. This allows the PROXY data content control system to be supported, e.g. via phone.
  • the interface unit PROXY-LNT can be designed such that NW1 and NW2 cannot be reached via one of these networks is.
  • remote access is only possible with the approval and support of a user, since the PROXY-LNT interface unit is normally switched off.
  • the user must activate the PROXY-INT interface unit and enable access to the PROXY data content control system.
  • the transmission of a password may also be necessary for this.
  • such processes are also logged using the monitoring system AS.
  • the PROXY-LNT interface unit is deactivated again to prevent further access.
  • the central control and administration of the data content control system PROXY is carried out via the control system control system BM, which is only carried out locally on the control system BM itself.
  • the PROXY data content control system for which additional devices such as a keyboard, a monitor and the like can be used.
  • additional devices such as a keyboard, a monitor and the like can be used.
  • further measures can be taken, such as recording biometric data ("fingerprint”) and entering passwords or code words.
  • the PROXY data content control system starts ("booted") from the BM control system.
  • New settings, operating modes, rules and the like for the PROXY data content control system can be made centrally by means of the BM control system.
  • a special feature is that settings, operating parameters and the like present in a memory of the PROXY data content control system are not used during booting.
  • the data transmission control system IDS comprises a computer system LDS-RE, protocol instances (not designated), a storage unit PROXY-MEM (e.g. in the form of a database) with attack patterns and signatures provided therein.
  • Logs created by the PROXY data content control system are also not saved locally. Rather, the monitoring system AS serves as a higher-level "guardian", for which protocol information from the data content control system PROXY, for example in the form of log files, is transmitted to the monitoring system AS via the internal bus system BUS-LNT and stored there in a database for later use. This makes it impossible for an attacker to access and change logs created by the data type control system. This is made even more difficult by the fact that local firewalls are provided for the PROXY data content account system. It is provided that the logging takes place in real time and the data are transmitted in encrypted form to the monitoring system AS. It is envisaged that the data transmission control system LDS recognizes attack patterns on the basis of a dynamic database, which at predetermined intervals, e.g. every four hours. The update is advantageously carried out automatically.
  • the data transmission control system IDS detects an attack, this can be prevented by means of the data transmission control system LOS and the data type control system FW. If necessary or desired, characterizing attacks are transmitted to the monitoring system AS in a pre-filtered manner, in order, for example, to also inform the user or operator of the To ensure safety environment SU.
  • a special, very small Unix kernel is used as the operating system for the data transfer control system LDS, from which almost all services that are not absolutely necessary are removed. As explained below, support for playback and input units (eg monitor, mouse, keyboard etc.) is generally not provided either. This makes the kernel very fast and very stable and can be updated quickly (“update”). Furthermore, the kernel cannot execute any foreign code (eg in the event of an attack) because the kernel does not have any services for this. Rather, only known software and Hardware supported. The resulting inflexibility of the data transmission control system IDS leads to increased security.
  • the data transmission account system LDS comprises an interface unit LDS-INT, e.g. in the form of a modem or a computer interface. This allows support of the data transfer control system LDS e.g. via phone.
  • the interface unit LOS-INT can be designed such that NW1 and NW2 cannot be reached via one of these networks is.
  • remote access is only possible with the approval and support of a user, since the LDS-INT interface unit is normally switched off. If necessary, the user must activate the IDS-INT interface unit and allow access to the LDS data transfer control system. This may also require the transmission of a password. For control purposes, such processes are also logged using the monitoring system AS. After completion, the interface unit IDS-INT is deactivated again to prevent further access.
  • the main task of the monitoring system AS illustrated in FIG. 5 is to store and analyze the received logs of the data type control system FW, the data content control system PROXY and the data transfer control system LDS. Furthermore, the monitoring system AS receives logs from the control system control system BM, which can be used to additionally check the information, provided by the aforementioned control systems, data type control system FW, PROXY and LDS, for correctness, consistency and the like.
  • Logs are written to a memory unit AS-MEM comparable to a database.
  • the storage unit AS-MeM comprises a first storage sub-unit AS-MEM-RT, which serves as a "real-time" database. Logs of a first period of time are stored and analyzed by means of these. This period can e.g. for current logging ("inert for the last 1, 2, 5, 10, ... minutes").
  • logging of a second period can be stored, for example for a period of the last 1, 2, 5, 10, 12 ... months.
  • the first and second memory subunits AS-MEM-RT and AS-MEM-LT can be used separately or in combination for the analysis of logging.
  • the monitoring system AS In order to prevent illegal database access, the monitoring system AS also communicates via the internal bus system BUS-INT. Physical access to the monitoring system AS only exists within the monitoring system AS itself ("in Computer cabinet ")
  • the monitoring system AS comprises a computer system AS-RS (for example with an Intel®-compatible CPU, possibly designed as a multiple processor system, at least one RAID-5, an internal NIC, several external NICs, VGA support, support for UNIXO-based software applications and the same).
  • a locally arranged input unit AS-LN is used to operate the monitoring system AS. may include a keyboard, a mouse, a microphone, and the like.
  • the monitoring system AS has a playback unit monitoring system AS-DIS (e.g. a VGA monitor) and a graphic user interface AS-GUI that can be displayed for the graphic display of logging lines themselves and / or of control and analysis results with regard to the logs to be used. Examples of different views of the graphical user interface AS-GUI can be seen in FIGS. 6 to 15.
  • Storage media e.g. hard disks
  • Storage media e.g. hard disks
  • this can only be done locally controlled.
  • it is necessary to shut down the entire safety environment SU when the monitoring system AS is taken out of operation. Data transfers to and from the first network NW1 are then not possible. This also applies to decommissioning the other components of the SU safety environment.
  • the monitoring system AS combines the log entries of the various systems and can thus carry out attacks, attempted attacks and burglaries due to logging of individual systems FW, PROXY, LDS and BM, but also by combining logs of several of the systems FW, PROXY, LDS and Determine BM.
  • Logs ("log files") of different conventional systems are generally not synchronized in time, which is why a relationship between the logs of separate systems has so far not been recognized. This is made possible by the monitoring system monitoring system AS, and in particular by its ability to act in a manner comparable to that in the database.
  • the combination of different logging of the control systems FW, PROXY and data transmission control system LDS, possibly in combination with logs of the control system BM, can identify a previously unrecognizable intrusion.
  • the set of rules is very complex and will only be developed in cooperation with the user.
  • the monitoring system AS should log all data. This enables all systems FW, PROXY, JOS and control system BM, which work together with the monitoring system AS, to optimize the operation in terms of security during data transfers. If for example The FW data type control system must also not allow FTP data packets to be communicated to the first network NW1. If the monitoring system AS is nevertheless certain that such data will be transmitted, an error or an attack is inferred therefrom. How to react to such conditions is defined in guidelines which indicate to the security environment and / or the users and users of the security environment how to react.
  • the rules for the AS monitoring system can be changed after installation. This can be done automatically, by means of the security assignment SU itself, e.g. under control of the control system control system BM, and / or by external changes to the safety environment SU. Changes made to the SU security environment from outside are subject to restrictions for security reasons, as described below.
  • the goal of an attack is often to prevent the communication options of the security environment SU, for example to deactivate its email server.
  • the monitoring system AS can transmit corresponding information via several communication paths.
  • an AS-GSM unit for communication via a mobile, cellular telephone network is e.g. by SMS and / or voice messages.
  • Other transmission options include digital and analog image, sound, and fax transmissions and the like.
  • the time in which the monitoring system AS reacts to attacks, attempted attacks and intrusions is generally defined individually with users of the security environment, security environment SU, also for individuals of the same and / or for different attacks, attempted attacks and intrusions.
  • the stored data of the monitoring system AS characterize the entire first network NW1, its users and their behavior. This data is therefore extremely worth protecting, for which the highest possible security level is advantageously defined.
  • Security levels from 0 to 5.5 are defined as the maximum value in the field.
  • the security level of the monitoring system AS can be defined as 4.
  • the monitoring system AS can have an interface unit AS-INT, for example in the form of a modem or a computer interface. This allows the monitoring system AS to be supported, for example by telephone.
  • the interface unit AS-INT can be may be that NW1 and NW2 cannot be reached via one of these networks.
  • control system BM comprises a computer system BM computer system which can only be accessed locally.
  • BM computer system which can only be accessed locally.
  • the BM control system is protected against misuse by the fact that there is no physical possibility of external access.
  • the control system BM communicates in the safety environment SU via the internal bus system BUS-INT. As stated above, all modifications and data required for operation are provided by the control system BM or at least initiated or transmitted under its control and control. Required data are stored in a memory unit BM-MEM of the control system BM.
  • the locally provided input unit BM-LN can be used to enter data and / or information required for system modifications, for example.
  • control system BM can have an interface unit BM-INT, e.g. in the form of a modem or a computer interface. This allows the control system BM to be supported, e.g. via phone.
  • interface unit BM-INT can be designed such that NW1 and NW2 cannot be reached via one of these networks is.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Maintenance And Management Of Digital Transmission (AREA)

Abstract

L'invention concerne un système de surveillance pour contrôler la sécurité de transmissions de données s'effectuant par réseaux, comportant un système informatique (AS-RS) pour déterminer, sur la base de premières données provenant d'au moins un système (FW, PROXY, IDS) pour contrôler de premières transmissions de données entre un premier réseau (NW1) et un second réseau (NW2), qui caractérisent dans chaque cas certaines des premières transmissions de données, si les transmissions de données répondent à de premières exigences prédéfinies en matière de sécurité.
PCT/EP2003/010120 2002-09-11 2003-09-11 Controle de transmissions de donnees WO2004028107A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003271599A AU2003271599A1 (en) 2002-09-11 2003-09-11 Monitoring of data transmissions

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10241974.4 2002-09-11
DE2002141974 DE10241974B4 (de) 2002-09-11 2002-09-11 Überwachung von Datenübertragungen

Publications (2)

Publication Number Publication Date
WO2004028107A2 true WO2004028107A2 (fr) 2004-04-01
WO2004028107A3 WO2004028107A3 (fr) 2004-06-17

Family

ID=31895772

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2003/010120 WO2004028107A2 (fr) 2002-09-11 2003-09-11 Controle de transmissions de donnees

Country Status (3)

Country Link
AU (1) AU2003271599A1 (fr)
DE (1) DE10241974B4 (fr)
WO (1) WO2004028107A2 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9369438B2 (en) 2011-05-20 2016-06-14 Bae Systems Plc Supervised data transfer
WO2021122298A1 (fr) * 2019-12-19 2021-06-24 Siemens Mobility GmbH Dispositif de transmission pour la transmission de données
WO2021122293A1 (fr) * 2019-12-19 2021-06-24 Siemens Mobility GmbH Dispositif de transmission pour la transmission de données

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004016582A1 (de) * 2004-03-31 2005-10-27 Nec Europe Ltd. Verfahren zur Überwachung und zum Schutz eines privaten Netzwerks vor Angriffen aus einem öffentlichen Netz
TW200644495A (en) * 2005-06-10 2006-12-16 D Link Corp Regional joint detecting and guarding system for security of network information
DE102005046935B4 (de) * 2005-09-30 2009-07-23 Nokia Siemens Networks Gmbh & Co.Kg Netzwerkzugangsknotenrechner zu einem Kommunikationsnetzwerk, Kommunikationssystem und Verfahren zum Zuweisen einer Schutzvorrichtung
DE102011002717B4 (de) * 2011-01-14 2015-05-28 Siemens Aktiengesellschaft Netzwerkfiltereinrichtung und Verfahren zum Schutz eines Systemanlagennetzwerks
DE102011003310A1 (de) * 2011-01-28 2012-08-02 Siemens Aktiengesellschaft Netzwerkgerät für ein Automatisierungsnetzwerk
DE102014102627B3 (de) 2014-02-27 2015-07-02 Fujitsu Technology Solutions Intellectual Property Gmbh Arbeitsverfahren für ein System sowie System
DE102017221889B4 (de) 2017-12-05 2022-03-17 Audi Ag Datenverarbeitungseinrichtung, Gesamtvorrichtung und Verfahren zum Betrieb einer Datenverarbeitungseinrichtung oder Gesamtvorrichtung
DE102019129253B4 (de) 2019-10-30 2023-02-09 Hans-Jürgen Kuhn Verfahren und Computer-System zur Abwehr eines Angriffes von Schadsoftware durch elektronische Nachrichten

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001084775A2 (fr) * 2000-04-28 2001-11-08 Internet Security Systems, Inc. Systeme et procede de gestion d'evenements de securite dans un reseau
WO2002013486A2 (fr) * 2000-08-07 2002-02-14 Xacct Technologies Limited Systeme, procede et produit programme informatique, destines au traitement d'informations comptables de reseau
US20020032793A1 (en) * 2000-09-08 2002-03-14 The Regents Of The University Of Michigan Method and system for reconstructing a path taken by undesirable network traffic through a computer network from a source of the traffic
WO2002023805A2 (fr) * 2000-09-13 2002-03-21 Karakoram Limited Surveillance de l'activite d'un reseau
US20020083175A1 (en) * 2000-10-17 2002-06-27 Wanwall, Inc. (A Delaware Corporation) Methods and apparatus for protecting against overload conditions on nodes of a distributed network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19820525A1 (de) * 1998-05-08 1999-11-11 Alcatel Sa Verfahren, Softwaremodul, Schnittstelleneinrichtung, Endgerät und Server zur Weiterleitungskontrolle von Paketen abgeschlossener Paketsequenzen paketvermittelter Netzwerke
US7146505B1 (en) * 1999-06-01 2006-12-05 America Online, Inc. Secure data exchange between date processing systems
US20020069356A1 (en) * 2000-06-12 2002-06-06 Kwang Tae Kim Integrated security gateway apparatus
US20020093527A1 (en) * 2000-06-16 2002-07-18 Sherlock Kieran G. User interface for a security policy system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001084775A2 (fr) * 2000-04-28 2001-11-08 Internet Security Systems, Inc. Systeme et procede de gestion d'evenements de securite dans un reseau
WO2002013486A2 (fr) * 2000-08-07 2002-02-14 Xacct Technologies Limited Systeme, procede et produit programme informatique, destines au traitement d'informations comptables de reseau
US20020032793A1 (en) * 2000-09-08 2002-03-14 The Regents Of The University Of Michigan Method and system for reconstructing a path taken by undesirable network traffic through a computer network from a source of the traffic
WO2002023805A2 (fr) * 2000-09-13 2002-03-21 Karakoram Limited Surveillance de l'activite d'un reseau
US20020083175A1 (en) * 2000-10-17 2002-06-27 Wanwall, Inc. (A Delaware Corporation) Methods and apparatus for protecting against overload conditions on nodes of a distributed network

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9369438B2 (en) 2011-05-20 2016-06-14 Bae Systems Plc Supervised data transfer
WO2021122298A1 (fr) * 2019-12-19 2021-06-24 Siemens Mobility GmbH Dispositif de transmission pour la transmission de données
WO2021122293A1 (fr) * 2019-12-19 2021-06-24 Siemens Mobility GmbH Dispositif de transmission pour la transmission de données
CN114766087A (zh) * 2019-12-19 2022-07-19 西门子交通有限责任公司 传输数据的传输设备
CN114766086A (zh) * 2019-12-19 2022-07-19 西门子交通有限责任公司 用于传输数据的传输设备

Also Published As

Publication number Publication date
WO2004028107A3 (fr) 2004-06-17
DE10241974A1 (de) 2004-03-25
AU2003271599A1 (en) 2004-04-08
DE10241974B4 (de) 2006-01-05

Similar Documents

Publication Publication Date Title
DE112004000428B4 (de) Verfahren und Systeme zum Verwalten von Sicherheitsrichtlinien
DE60111089T2 (de) Verfahren und Vorrichtung zum Analysieren von einer oder mehrerer Firewalls
DE69818232T2 (de) Verfahren und system zur verhinderung des herunterladens und ausführens von ausführbaren objekten
DE19952527C2 (de) Verfahren und Transaktionsinterface zum gesicherten Datenaustausch zwischen unterscheidbaren Netzen
DE69929268T2 (de) Verfahren und System zur Überwachung und Steuerung der Netzzugriffe
DE60308722T2 (de) Verfahren, vorrichtung und computersoftware-produkt zur reaktion auf computereinbrüche
DE112019000485T5 (de) System und verfahren zum bereitstellen der sicherheit für einfahrzeuginternes netzwerk
DE102012109212B4 (de) Methoden, Vorrichtung und Herstellungsprodukte zur Bereitstellung von Firewalls für Prozesssteuerungssysteme
DE10241974B4 (de) Überwachung von Datenübertragungen
EP3451624A1 (fr) Dispositif et procédé de commande d'un réseau de communication
DE69919560T2 (de) Verfahren und system zur vorbeugung von unerwüschten betätigungen von ausführbaren objekten
DE102009054128A1 (de) Verfahren und Vorrichtung zum Zugriff auf Dateien eines sicheren Fileservers
EP3105898B1 (fr) Procédé de communication entre des systèmes informatiques sécurisés et infrastructure de réseau informatique
WO2003025758A2 (fr) Dispositif et procede pour mettre en place une politique de securite dans un systeme reparti
EP1298529A2 (fr) Unité proxy et méthode pour protéger par ordinateur un programme de serveur d'applications
EP3529967B1 (fr) Procédé de liaison d'appareils avec ce qu'il est convenu d'appeler les nuages, programme informatique impliquant une mise en oeuvre du procédé et unité de traitement destinée à exécuter le procédé
DE60302003T2 (de) Handhabung von zusammenhängenden Verbindungen in einer Firewall
DE112004000125T5 (de) Gesichertes Client-Server-Datenübertragungssystem
DE10346923A1 (de) Ein Verfahren zum Schützen der Sicherheit von Netzwerkeindringungs-Erfassungssensoren
DE102021123255A1 (de) Datenverarbeitungssystem mit mindestens einem Server (S) als Zielsystem
DE602004005992T2 (de) Datenverarbeitungssystem und Verfahren
DE60031004T2 (de) Elektronisches sicherheitssystem und verfahren für ein kommunikationsnetz
EP2436166B1 (fr) Interface de service
AT525753B1 (de) Computerimplementiertes Verfahren zur Verhinderung unerwünschter Verbindungen und Datenübertragungen von Programmen auf einem Client an ein Netzwerk
WO2016091540A1 (fr) Procédé et dispositif de transmission de données dans des réseaux séparés

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP