WO2009149516A1 - Computer network security system - Google Patents
Computer network security system Download PDFInfo
- Publication number
- WO2009149516A1 WO2009149516A1 PCT/AU2009/000747 AU2009000747W WO2009149516A1 WO 2009149516 A1 WO2009149516 A1 WO 2009149516A1 AU 2009000747 W AU2009000747 W AU 2009000747W WO 2009149516 A1 WO2009149516 A1 WO 2009149516A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- source
- filter
- rejected
- downloaded
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
Definitions
- This invention relates to computer network security systems.
- the invention may be adapted for controlling and monitoring any suitable information provided over a distributed communications network, for convenience it shall be described herein in terms of a security system for monitoring and controlling internet access and content being distributed over the internet.
- the internet is a tool that is used by millions of people every day. Due to differing tastes, needs and interests the information provided by the internet is varied and some of it may be considered inappropriate, distasteful or offensive to some people. As a result many different groups ranging from parents to the management of a company may wish to limit access to information on the internet, or even prevent access altogether. To achieve this many groups use an internet filter that restricts access to certain areas on the internet.
- One method of internet filtering is software that can be installed directly onto a personal computer or computer network. This method provides a computer owner or network administrator with the power to identify any information that may be considered undesirable to the users of the computer or network. This method of filtering can be overcome since a person who is direct control of the computer or network has access to the filtering method and can change the settings without notifying another user until it may be too late.
- ISP Internet Service Provider
- the present invention provides a method of monitoring the transfer of data, the method including the steps of: requesting data from a designated source; comparing data downloaded from the designated source against a first filter set of predefined requirements for safe access to reject or accept the downloaded data; determining the reason the rejected data is rejected by the first filter; for rejected data is that non-malicious, comparing the source from which the data is downloaded with the designated source and rejecting the data where the source does not match the designated source; and for data from the designated source, filtering the content according to a second filter set of predefined requirements and enabling access to the data that satisfies the second filter set of predefined requirements.
- the present invention provides increased security by filtering and comparing downloaded data with predetermined requirements such as applications contained within the data or embedded files to reduce the chance that malicious data will be passed from source to source.
- Malicious data includes, but is not limited to, data which may adversely affect a computer or computer network or includes undesirable content, for example adult content.
- the method can further include the steps of: for data that is malicious, comparing the malicious data with a set of known data anomalies and rejecting data which falls within the set of known data anomalies; and for data which is outside the set of known data anomalies, potentially storing the data for further investigation or passing the data to relevant authorities for relevant processing.
- the further investigation can include determining if the data contains hidden information. For example, undesirable content can be contained within a photograph embedded in a text document.
- the present invention also provides a system for monitoring communications between a first computer, the first computer being able to be connected to the internet, and a second computer, the system including: a monitoring device, operably interposed between the computers, comprising: means for comparing data downloaded from a source against a first filter set of predefined requirements for safe access to reject or accept the downloaded data; means for determining the reason the rejected data is rejected by the first filter; for rejected data is that non-malicious, means for comparing the source from which the data is downloaded with the designated source and rejecting the data where the source does not match the designated source; and for data from the designated source, means for filtering the content according to a second filter set of predefined requirements and enabling access to the data that satisfies the second filter set of predefined requirements.
- the monitoring device can further include three filters.
- a first filter for comparing data downloaded from a source against a first filter set of predefined requirements for safe access to reject or accept the downloaded data; a second filter for determining the reason the rejected data is rejected by the first filter and comparing the source from which the data is downloaded with the designated source and rejecting the data where the source does not match the designated source, and filtering the content according to a second filter set of predefined requirements and enabling access to the data that satisfies the second filter set of predefined requirements; and a third filter for analizing data payloads and determining if the data fits within certain criteria.
- the criteria can include, but are not limited to, data encapsulated within peer to peer connections, chat or messenger traffic, or traffic that may contain hidden or disguised payloads.
- the data is also scanned for malicious content against a set of known data anomalies and rejected if it falls within the set of known data anomalies.
- Data anomalies may include unsigned Active-X files or photographs hidden within document files.
- the monitoring device can include one or more storage devices for storing the data to be compared and can also store the rejected data.
- each filter is associated with a separate storage device.
- the monitoring device can also include a proxy storage server for storing data which has been filtered and is allowed to pass through the system.
- a proxy server advantageously speeds up use of the system as it can store data which is frequently requested by a compuer.
- the system can further include a key for connection to the client computer and transmitting a code to the monitoring device before data can be transferred between the client and the server.
- the key can comprise erasable programmable read-only memory (EPROM) and the code can be programmed directly into the EPROM. Further, the key includes a tamper evident seal or built in circuitry which destroys the information once the key has been opened.
- the present invention can provide software for use with a computer including a processor and associated member device for storing the software, the software including a series of instructions to cause the processor to carry out a method described above.
- the first computer and second computer can be a client-server relationship, such as a home or office user connecting to an internet service provider (ISP).
- ISP internet service provider
- the ISP can control, monitor and manage the internet or computer network system.
- the system of the present invention can be adapted to act as an intermediary between the user and a telecommunications provider which is required to connect to an ISP.
- the system can be adapted to act as an intermediary between the user and the internet or the like so that all outgoing and incoming access and document filtering can be monitored to assist in safeguarding the integrity of the user's computer and data.
- the system can be adapted to manage all traffic including access to secure and non- secure sites. Further, the system can restrict internet access and mail through firewall rules and port restrictions which will be set and monitored by the ISP.
- the third filter can be a stegonographic filter adapted to determine is the data contains hidden information.
- the present invention also provides a method of monitoring data communications, the method including the steps of: requesting data from a designated source; comparing data downloaded from a source against a first filter set of predefined requirements for safe access to accept, reject or further investigate the downloaded data; accepting the data if it is received from a previously identified safe source, or terminating the data if it receive from a previously known unsafe source, or further investigation the data it is received from an unknown source by scanning the data for malicious content, where the data does not include suspicious content, accepting the data, or where the data does include suspicious content, rejecting the data determining the reason the rejected data is rejected by the first filter set, where the rejected data is malicious, terminating the data, where the rejected data is non-malicious, comparing the source from which the data is downloaded with the designated source and terminating the data where the source does not match the designated source, and for data from the designated source, filtering the content according to a second filter set of predefined requirements and accepting the data that satisfies the second filter set of predefined requirements
- the present invention allows users to view legitimate website, or any other data, which may be rejected by conventional firewall
- the method and system are able to provide this flexibility by monitoring content and further investigating content which may initially look suspicious (and therefore would be rejected by a conventional firewall) but instead is non-threatening to a computer or network of computers
- Figure 1 is a diagram of the system according to a preferred embodiment the present invention.
- FIG. 2 is a detailed diagram of the system shown in Figure 1
- Figure 3 is a detailed diagram of the system shown in Figure 1
- Figure 4 is a flow chart illustration an example method of monitoring a computer network system.
- Figure 5a and 5b form a detailed flow chart illustration an example method of monitoring a computer network system.
- the present invention provides a system 100 for monitoring communications between a first server computer 50, which is connected to the internet, and a second client computer 20.
- the system may also include a monitoring device 40, operably interposed between the client 20 and the server 20 which includes means, in the form of alpha filter 41 , for comparing data downloaded from a source against a first filter set of predefined requirements for safe access to reject or accept the downloaded data; means, in the form of delta filter 42, for determining the reason the rejected data is rejected by the alpha filter 41. If the rejected data is non-malicious, the source from which the data is downloaded is compared at step 150 with the designated source at step 120 and rejected the data where the source does not match the designated source at step 155.
- the present invention also provides a method as shown in Figure 4.
- the method includes requesting data from a designated source at step 500 and comparing data downloaded from a source against a first filter set of predefined requirements at step 501. If the data meets the requirements, it is accepted at step 502, but if not it is initially rejected at step 503.
- the reason for rejecting the data is determined by testing, at step 505, if the data is downloaded from the requested source. If the data was not downloaded from the requested source, it is rejected at step 507. If the data is from the requested source, it is further analysed at step 506 to determine if it meets a second set of requirement. If the data meets a second set of requirements, access to it is enabled at step 508, otherwise it is rejected.
- An internet service provider 50 is adapted to provide a means for controlling, monitoring and managing the internet and computer network security system and providing third party protection for at (east one user.
- the user may preferably be an individual or business user wanting to protect their computer and data.
- the service provider is adapted to provide protection for the user's computer away from the user so that it cannot be seen as what protection is in place or circumvented by skilled users.
- the system 100 acts as an intermediary between the user 20 and a telecommunications provider 25 which is required to connect to an ISP 50.
- the system can be adapted to act as an intermediary between the user and the internet or the like so that all outgoing and incoming access and document filtering can be monitored to assist in safeguarding the integrity of the user's computer and data.
- the system has a proxy storage server 130.
- the server is adapted to receive and store information from the internet prior to being directed through to the user's computer.
- the server is a cache server which is only adapted to contain filtered and clean internet information after it has been passed through a filtering system to ensure that access to the internet is not unduly slowed. Thus, a clean feed of information is passed from the server to the user's computer.
- Additional security software may be operated on a separate server to provide real time tracking of events and logs to maintain the integrity of the system.
- the invention preferably has provided a monitoring device 40 which is adapted to monitor and control access to the internet.
- the monitoring device utilises a DSLAM connection 46 and is adapted to manage all traffic including access to secure and non-secure sites. It is envisaged that automatic direct access will be provided to secure sites (VPN, RDP) such as Government or education sites. All other internet access and mail will be restricted through firewall rules and port restrictions which wil.l be set and monitored by the service provider. All non-allocated ports will preferably be closed down to prevent unauthorised access or hacking and all required ports will be redirected.
- the monitoring device 40 reviews what access is required and permits or denies access with the correct restrictions. Access may include, but not be limited to, the following:
- VPN Access full access to the internet through port 1723, GRE and UDP 500 to anywhere on the internet, requires access with usemame and password.
- RDP Access full access to port 3389 with username and password.
- POP3 Access incoming mail checked for SPAM and viruses.
- o SMTP Access outgoing mail checked for viruses and spam, anything over a defined threshold is restricted, user computers are not zombies or part of bot.
- Other Requested Ports access to any other port that may need to be accessed such as FTP, IMAP, Game ports, SSH and other approved ports or the like.
- HTTP/HTTPS access provided with filtration process.
- o IM/Chat - will be scanned to determine if conversation is safe and drop connection upon detection of bad conversation/connection.
- HTTP Access Any content provided through the generic internet access (HTTP Access) and mail will be required to undergo a filtration process with the exception of HTTPS, VPN and
- RDP access where there is no change in data.
- an inbound firewall may also be provided which is adapted to only allow designated ports back, as required and also only allow these ports to flow back into the network if they are concurrent and connected. The connection must be established from the inside to allow for the return traffic back in. It is envisaged that a remote management from the
- WebSafe portal with a firewall and switch equipment may also be provided to allow connection to elements of the system for provisioning and fault resolution.
- FIG. 2 illustrates the invention having a tiered filtering system.
- the filtering system is a three-tiered filtering system for all internet traffic accessible using internet browsing programs such as internet explorer and firefox or the like.
- the filtering system provides a managed connection to the internet through a closed, monitored system that utilises multiple filters.
- Each filter has provided a bank of servers which can be scaled to allow potentially hundreds and millions of connections.
- Each filter is designed to filter items including, but not limited to, inappropriate content, illegal ports, malicious code, phishing scams, SPAM, active X or the like.
- Each filter is provided with a deleted storage area 30 which is a designated deletion area for storing the deleted items so that only the filtered content is allowed through. Using the filtering system of the invention, no access will be allowed on unregulated ports. As a result, the system provides a cleaner pipe for access to the internet.
- a first filter is an alpha filter 41.
- the alpha filter 41 is designed to check the source to which a user is being directed.
- the alpha filter 41 preferably has black and white list restrictions to indicate the content which should be allowed or discarded as it passes through each filter.
- the black list 125 contains a list of sources known to contain malicious data or inappropriate content.
- the white list contains a list of desirable sources. The white list is able to have sources added or removed.
- the source will initially be checked against the white list for approval and initial scanning.
- a black list 125 is further utilized to determine if it is banned, in which case the connection will be dropped. Where the source is not on the black list the system will check at step 126 if the source has been downloaded before. If the source has previously been downloaded, the system will check and retrieve the source from the cache server at step 127 and replace the dynamic source with new information.
- the source Where the source has not been previously downloaded, it will be downloaded and stored in a 'sandpit' 128.
- the sandpit is a temporary disc storage area. Content in the 'sandpit' 128 which is not on the white list will be scanned at step 134 for source, active X and malicious code and on approval will be passed to cache 130 for storage if requirements are met or to the delta 42 and/or steg filter 43 if requirements are not met and the data is not clean.
- a second filter is a delta filter 42.
- the delta filter 42 is adapted to review content which has not passed the initial predefined requirements, that is the data contained applications or other undesirable code.
- the delta filter 42 determines what triggered the alarm 136. Possible alarm triggers may include, but not be limited to active X, zombie / bot net or phishing attacks or the like. Where the alarm trigger is a malicious code or poisoned source 137, the content will be passed directly to the steg filter 43. Otherwise, the source will then be checked to see it is the same as the user requested at step 150. If the source is as request and the content is clean the request will be processed 170. Clean data is passed to the cache 130 server for storage or alternatively, passed to the steg filter 43 if it is suspicious. If the source is incorrect, because a user has been redirected to a different webpage, or it the content is determined to be undesirable 155, the source will be deemed dangerous and the information will be dropped and not passed onto the user.
- a third filter is a stegnographic filter 43.
- the steg filter 43 is adapted to provide the highest level of security and management for content which has an anomaly and does not pass predefined requirements after filtering by the alpha 41 and delta 42 filter. If the anomaly is not noteworthy at step 141 the information will be dropped immediately and reported to the client as a dangerous source at step 142. Alternatively, the anomaly will be documented at step 143, prior to the information being dropped. If the anomaly is noteworthy it is scanned and reported to a high tech crime unit if the access is illegal or immoral.
- step 178 data that is received by the stegnographic filter 43 is analysed to determine if the data is traffic from a peer-to-peer connection.
- step 179 the data from that traffic is compared with a database of allowed application and data streams. If the data is safe is passed to the cache 130.
- the user's computer may also be protected by anti-virus and anti- spam software to provide an additional layer of protection for incoming content and ensuring that outgoing content will not be corrupt and refused by, or affect the integrity of, the present system.
- the stegonagraphic filter 43 may not be employed at all times, only handling information that is presented to it that did not meet the rule sets of the first two layers 41 , 42 of filtering. Alternatively, the stegonagraphic filter 43 would be employed for use for certain situations. Such as Embedded content within embedded content within a standard application content payload (jpeg withing jpeg within a word document)...
- the third filter is handling information that is passed to it from the second filter it has a larger role in the filter system to track and manage peer to peer traffic.
- This filter is designed to monitor peer to peer traffic and pass only traffic that does not fit designated filtering criteria and removal of traffic that has a destructive payload
- the system may be enhanced by including a key.
- the key is a hardware device provided to the user in the form of a USB connection. It is installed by communicating with the user's internet service. The key has a code built into the device, which is then transmitted to the monitoring device. The monitoring device will only allow Internet traffic to be transmitted to the user after the presence of the key and successful reception of the code held within the key has been received and accepted.
- the key is designed to be transportable, hence the user can unplug the key and take the key to another Internet connection and connect to the monitoring device. This would allow the user to travel and connect to the Internet in a secure fashion from different locations.
- the key includes EPROM technology and the code is programmed into the EPROM.
- the key is protected from tampering by the use of two methods, the first of which is the use of tamper evident seals to show if tampering has occurred and the second is the use of built in circuitry that would destroy the information held in the EPROM in the event the key is physically opened.
- the method of the present invention may also be implemented on a cut down proprietary operating system, that is loaded from flash ROM technology within the a stand alone unit.
- the unit can provide full connectivity to the internet but can reduce some of the normal problems and security issues that are involved in operating a normal PC.
- the unit is designed to allow people who are not familiar or comfortable using traditional PC equipment to access the internet without the concerns of downloading material they were not intending to or having the PC being infected by malicious software.
- the unit is also designed to allow parents who, although they understand PC technology, can provide this unit as a controlled and safe appliance for young children to access the internet.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2009257197A AU2009257197A1 (en) | 2008-06-13 | 2009-06-12 | Computer network security system |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2008902989A AU2008902989A0 (en) | 2008-06-13 | Internet and computer network security system | |
AU2008902989 | 2008-06-13 | ||
AU2009900796A AU2009900796A0 (en) | 2009-02-24 | Internat and Computer Network Security System | |
AU2009900796 | 2009-02-24 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009149516A1 true WO2009149516A1 (en) | 2009-12-17 |
Family
ID=41416290
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/AU2009/000747 WO2009149516A1 (en) | 2008-06-13 | 2009-06-12 | Computer network security system |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU2009257197A1 (en) |
WO (1) | WO2009149516A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120210431A1 (en) * | 2011-02-11 | 2012-08-16 | F-Secure Corporation | Detecting a trojan horse |
WO2013025126A2 (en) * | 2011-08-12 | 2013-02-21 | Rawllin International Inc. | News feed by filter |
WO2014117843A1 (en) * | 2013-01-31 | 2014-08-07 | Telefonaktiebolaget L M Ericsson (Publ) | Method and firewall for soliciting incoming packets |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5835726A (en) * | 1993-12-15 | 1998-11-10 | Check Point Software Technologies Ltd. | System for securing the flow of and selectively modifying packets in a computer network |
WO2002057935A1 (en) * | 2001-01-16 | 2002-07-25 | Captus Networks Corporation | Method and device for monitoring data traffic and preventing unauthorized access to a network |
US6922786B1 (en) * | 2000-10-31 | 2005-07-26 | Nortel Networks Limited | Real-time media communications over firewalls using a control protocol |
US7215637B1 (en) * | 2000-04-17 | 2007-05-08 | Juniper Networks, Inc. | Systems and methods for processing packets |
-
2009
- 2009-06-12 AU AU2009257197A patent/AU2009257197A1/en not_active Abandoned
- 2009-06-12 WO PCT/AU2009/000747 patent/WO2009149516A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5835726A (en) * | 1993-12-15 | 1998-11-10 | Check Point Software Technologies Ltd. | System for securing the flow of and selectively modifying packets in a computer network |
US7215637B1 (en) * | 2000-04-17 | 2007-05-08 | Juniper Networks, Inc. | Systems and methods for processing packets |
US6922786B1 (en) * | 2000-10-31 | 2005-07-26 | Nortel Networks Limited | Real-time media communications over firewalls using a control protocol |
WO2002057935A1 (en) * | 2001-01-16 | 2002-07-25 | Captus Networks Corporation | Method and device for monitoring data traffic and preventing unauthorized access to a network |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120210431A1 (en) * | 2011-02-11 | 2012-08-16 | F-Secure Corporation | Detecting a trojan horse |
US8726387B2 (en) * | 2011-02-11 | 2014-05-13 | F-Secure Corporation | Detecting a trojan horse |
GB2501203B (en) * | 2011-02-11 | 2017-03-22 | F Secure Corp | Detecting a trojan horse |
WO2013025126A2 (en) * | 2011-08-12 | 2013-02-21 | Rawllin International Inc. | News feed by filter |
WO2013025126A3 (en) * | 2011-08-12 | 2013-05-02 | Rawllin International Inc. | News feed by filter |
WO2014117843A1 (en) * | 2013-01-31 | 2014-08-07 | Telefonaktiebolaget L M Ericsson (Publ) | Method and firewall for soliciting incoming packets |
US10015136B2 (en) | 2013-01-31 | 2018-07-03 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and firewall for soliciting incoming packets |
Also Published As
Publication number | Publication date |
---|---|
AU2009257197A1 (en) | 2009-12-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9462007B2 (en) | Human user verification of high-risk network access | |
US10542006B2 (en) | Network security based on redirection of questionable network access | |
US7818565B2 (en) | Systems and methods for implementing protocol enforcement rules | |
US20080196099A1 (en) | Systems and methods for detecting and blocking malicious content in instant messages | |
US20060026681A1 (en) | System and method of characterizing and managing electronic traffic | |
US20070261112A1 (en) | Network Security Device | |
US20040111623A1 (en) | Systems and methods for detecting user presence | |
US20090222877A1 (en) | Unified network threat management with rule classification | |
US20040109518A1 (en) | Systems and methods for a protocol gateway | |
GB2422224A (en) | An anti-phishing system for enhancing network security | |
Chopra | Security issues of firewall | |
Razumov et al. | Developing of algorithm of HTTP FLOOD DDoS protection | |
WO2009149516A1 (en) | Computer network security system | |
KR101450961B1 (en) | Method and system for blocking sophisticated phishing mail by monitoring inner and outer traffic | |
CA2587867C (en) | Network security device | |
Kantheti et al. | Performance and evaluation of firewalls and security | |
WO2006062961A2 (en) | Systems and methods for implementing protocol enforcement rules | |
WO2008086224A2 (en) | Systems and methods for detecting and blocking malicious content in instant messages | |
Kaplesh et al. | Firewalls: A study on Techniques, Security and Threats | |
Hussain | Use of Firewall and Ids To Detect and Prevent Network Attacks | |
Straub | Information Security Managing Risk with Defense in Depth | |
Nielson | Classical Network Security Technology | |
Suhag | Paradigmatic Approaches for Network Security and Preventing Intrusions: A Secure Computer Shield | |
Fosić et al. | VPN network protection by IDS system implementation | |
Hackl et al. | State of the art in network-related extrusion prevention systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09761181 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009257197 Country of ref document: AU |
|
ENP | Entry into the national phase |
Ref document number: 2009257197 Country of ref document: AU Date of ref document: 20090612 Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 09761181 Country of ref document: EP Kind code of ref document: A1 |