Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-04-30
2001-10-02
Trammell, James P. (Department: 2161)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000
Reexamination Certificate
active
06298445
ABSTRACT:
TECHNICAL FIELD
This invention relates generally to computer security software and systems.
BACKGROUND INFORMATION
The rapid development of intranets, extranets and the internet has introduced an increased level of security problems for network managers, computer information systems professionals, individual users, and corporations with an expanding base of telecommuters. With the advent of electronic mail and electronic commerce via the internet, computer information security is an increasing worldwide concern. The responsibilities of system administrators to provide and monitor network connections for security breaches has substantially increased. Furthermore, with the rapid increase of new computer users and the constant development of sophisticated techniques for breaching established network security systems, system administrators are unable to provide their clients and servers with adequate protection. As a result, computer network systems have become increasingly vulnerable to attacks.
In an attempt to prevent unwanted access to computer networks, systems administrators have employed various techniques. One such technique employs a firewall to protect the network clients and servers. A firewall is a screen between a user external to the network and the network and is usually the first line of defense against unauthorized users seeking access to a network. The firewall behaves much like an electronic filter that determines whether a particular user has the requisite security clearance to gain access to the network or computer. As an initial defense, the firewall generally provides adequate protection. However, depending upon the concentration of network traffic, quality of the firewall, and the sophistication, skill and motivation of the person seeking access, the firewall becomes vulnerable to attack. Furthermore, firewalls are designed to prevent unauthorized external access and do not prevent internal users from breaching network security.
In addition, there are products available in the public domain directed to uncovering security vulnerabilities within networks. Although the software tools are not explicitly designed for use by hackers, the tools may be used to gain unauthorized access to a network. For example, a software tool that is widely available is the system administrator tool for analyzing networks (SATAN). This software tool may be used to probe for security holes within a network and highlight network vulnerabilities. An intruder is then able take advantage of the information obtained from SATAN to gain unauthorized access to a network.
The list of network vulnerabilities is always changing and usually well known by hackers. Over the years, hackers have developed many techniques for breaching computer security. Many of the techniques often involve exploiting the vulnerabilities associated with particular software packages. For example, hackers are aware of vulnerabilities in software programs like electronic mail (e-mail), software features like remote login (rlogin), or security weaknesses in particular word processing programs, and they use this information to gain unauthorized access to a network or computer.
One technique used by hackers to breach computer network security is Internet Protocol spoofing (IP spoofing). Using this technique, an unauthorized user gains access to a network by hiding their true location and masking their Internet Protocol (IP) address or root address. In doing so, the IP address appears acceptable to a network server and the unauthorized user is granted access to the network.
Another known method for breaching network security is the buffer overflow technique. Hackers use this technique to gain access to a network through insecure implementation of a file in a file transfer protocol (FTP) server, an electronic mail system, a network file server (NFS), or through a common gateway interface (CGI). The buffer is essentially a temporary holding place in memory with a fixed size for processing computer programs and a hacker may cause too much information to be placed in a buffer. When the buffer is beyond its capacity, an overflow occurs. The overflow is then sent to another part of memory within a server. The hacker is then able to gain privileged access to the computer from inside the new location in memory, and as a result, security is breached.
Whenever an unauthorized user breaches network security and is allowed free access to the system, the damage that might result is unpredictable. However, because some of the system vulnerabilities and techniques used by hackers are known, a system administrator may use that information to make the network less vulnerable to attack. However, the system administrator is required to remain constantly vigilant as to the new attacks being used by hackers, and then use that information to protect the network, clients and servers from the newly found vulnerability.
SUMMARY OF THE INVENTION
While some system administrators may be equipped with software packages that assist them in providing security for their networks, updates to those software packages typically are not automatically provided in real-time, nor are they provided as soon as a new vulnerability is discovered. One aspect of the present invention is that it automatically provides, in real-time, software enhancements with-updated information regarding security vulnerabilities. Thus, a user, system administrator, server, etc. is able to implement prevention techniques before a security breach occurs. In accordance with this aspect of the invention, the enhancement that was sent is then integrated into the computer security software. Before the integration, a computer check can be performed to determine the integrity and the authenticity of the enhancement. The computer check can use cryptographic techniques such as digital signatures and Pretty Good Privacy™ (PGP™) encryption.
In one aspect, the invention provides the most recent information regarding new security attacks. A user can either request the enhancement, or it can be automatically sent (e.g., via the internet) when it becomes available. The software enhancement can include a new version of the software and an update to a database of known security vulnerabilities. A user thus can obtain instant access to the latest security vulnerabilities and employ immediate remedial action before a security breach occurs. Thus, systems and methods according to the invention are not bounded by a static database of security vulnerabilities information. The present invention obviates the need to manually update a computer security system.
In another aspect, the invention relates to a network security detector that is used to monitor security intrusions on a network. The network security detector (NSD) may consist of a single software application dedicated to continuously scanning the network. However, in the disclosed invention the NSD consists of a first application that provides real-time intrusion detection; a second application that behaves like a system manager; a third application that is able to simulate attacks on the network and monitor Internet Protocol devices; a fourth application that performs a comprehensive security assessment of the network; and a fifth application responsible for receiving the software enhancements.
In another aspect, the invention relates to an integrated system for assessing vulnerabilities. The integrated system includes a database of security vulnerabilities and various modules. A first module accesses the database and assesses security vulnerabilities of an operating system of a computer. A second module accesses the database and assesses security vulnerabilities of a computer network that includes the computer. A third module accesses the database and assesses security vulnerabilities in passwords used to access the computer or the network. A fourth module accesses the database and assesses security vulnerabilities of a remote computer connected to the network. A fifth module receives an update to the database and updates the database. A sixth mo
Allouch David
Shostack Adam
Elisca Pierre E.
Kress Hugh R.
Netect, Ltd.
Trammell James P.
Winstead Sechrest & Minick
LandOfFree
Computer security does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Computer security, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Computer security will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2617687