Information security – Policy
Reexamination Certificate
2006-10-05
2011-10-18
Revak, Christopher (Department: 2431)
Information security
Policy
C726S015000, C726S022000, C713S164000
Reexamination Certificate
active
08042147
ABSTRACT:
A network security appliance that provides security to devices in industrial environments by transparently bridging traffic to the endpoint device. The security appliance securely communicates with a management server for receiving configuration data for operation of security modules in the appliance by encrypted communications. The security appliance utilizes the network address of the industrial device when communicating with a management server and is addressed by the management server using the address of one of the protected devices associated with the appliance. Learned device characteristics are provided by the appliance to the management server which tailors software and security rules to specific network vulnerabilities of the device and control protocol. The security appliance sends periodic heartbeat messages to the management server using the network address of the device. The heartbeat message can also report anomalous events which may required additional software being provided from the management server to the node.
REFERENCES:
patent: 6823383 (2004-11-01), MacBride
patent: 6970068 (2005-11-01), Pugel et al.
patent: 7176791 (2007-02-01), Sakaki et al.
patent: 7240102 (2007-07-01), Kouznetsov et al.
patent: 7246156 (2007-07-01), Ginter et al.
patent: 7587763 (2009-09-01), Yodaiken
patent: 2002/0069365 (2002-06-01), Howard et al.
patent: 2002/0099958 (2002-07-01), Hrabik et al.
patent: 2003/0051155 (2003-03-01), Martin
patent: 2003/0139821 (2003-07-01), Papadopoulos et al.
patent: 2003/0140248 (2003-07-01), Izatt
patent: 2003/0229779 (2003-12-01), Morais et al.
patent: 2004/0139350 (2004-07-01), Lyon et al.
patent: 2004/0260943 (2004-12-01), Piepiorra et al.
patent: 2005/0005093 (2005-01-01), Bartels et al.
patent: 2007/0006292 (2007-01-01), Jaenicke et al.
patent: 2009/0183254 (2009-07-01), Franco et al.
patent: 2009/0327695 (2009-12-01), Molsberry et al.
patent: 2010/0188975 (2010-07-01), Raleigh
patent: 2010/0188990 (2010-07-01), Raleigh
patent: 2010/0188992 (2010-07-01), Raleigh
patent: 2010/0191575 (2010-07-01), Raleigh
patent: 2010/0191846 (2010-07-01), Raleigh
patent: 2010/0191847 (2010-07-01), Raleigh
patent: 10138865 (2003-02-01), None
patent: 0 986 229 (1999-08-01), None
patent: 1 024 627 (2000-01-01), None
patent: 1 414 216 (2003-10-01), None
patent: WO03/015369 (2003-02-01), None
patent: WO/2004/071047 (2004-08-01), None
patent: WO 2007/038872 (2007-04-01), None
Sabastien Jeanquier, An Analysis of Port Knocking and Single Packet Authorization, Sep. 9, 2006, MSc Thesis, Royal Holloway, University of London, pp. 1-76.
MadHat Unspecific Simple Nomad, SPA: Single Packet Authorization, Black Hat Briefings, pp. 1-10, Las Vegas, Jul. 23-28, 2005.
Michael Rash, Advances in Single Packet Authorization, Jan. 14, 2006, Enterasys Networks, Inc., pp. 1-31.
Sotiris Ioannidis, Angelos D. Keromytis, Steve M. Bellovin and Jonathan M. Smith, Implementing a Distributed Firewall, 2000, pp. 1-10.
3Com Corporation, 3Com Embedded Firewall Solution Data Sheet, 2002, pp. 1-5.
Innominate Security Technologies AG, Innominate mGuard smart, The all-in-one security for protecting business critical communication.
Innominate Security Technologies AG, EAGLE mGuard, The integrated solution for industrial Ethernet networks.
PCT International Search Report from International Application PCT/CA2006/001639, pp. 1-4, Jan. 31, 2007.
Written Opinion of the International Searching Authority From International Application No. PCT/CA2006/001639, pp. 1-5, Jan. 31, 2007.
E.J. Byres and A. Creery; “Industrial Cybersecurity for Power System and SCADA Netoworks”, Proceedings of the IEEE Petroleum and Chemical Industries Conference, Institute of Electrical and Electronics Engineers, Denver, Sep. 2005 pp. 1-7.
BCIT Group for Advanced Information Technology, “Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks—Policy and Best Practice ID. 00157”, National Infrastructure Coordination Centre, UK, Feb. 15, 2005 pp. 1-36.
E.J. Byres and M. Franz, “Finding the Security Holes Before the Hackers Do”, ISA Technical Conference, Instrumentation Systems and Automation Society, Chicago, Oct. 2005 pp. 1-9.
Byres Eric
Karsch John
Lee Khai
Lissimore Darren
Bryes Security
Revak Christopher
Straub Michael P.
Straub & Pokotylo
LandOfFree
Network security appliance does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network security appliance, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network security appliance will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4287265