Patent
Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities
| العنوان: | Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities |
|---|---|
| Patent Number: | 6,226,372 |
| تاريخ النشر: | May 01, 2001 |
| Appl. No: | 09/457,494 |
| Application Filed: | December 08, 1999 |
| مستخلص: | A system and method for implementing a fully integrated and cooperative telecommunications firewall/scanner that can be deployed either as a standalone device, or over a large-scale distributed client-server architecture is described. In addition to providing enhanced telecommunications firewall and scanner security capabilities, the integrated telecommunications firewall/scanner provides the capability to ensure implementation of a corporate-dictated security structure, and event visibility and report consolidation requirements, across a globally-distributed enterprise, using policy-based enforcement of a Security Policy. In the most basic configuration, the integrated firewall/scanner performs continuous security access monitoring and control functions, keyword and content monitoring and control functions, and remote access authentication, initiating coordinated vulnerability assessments, as well as automatic synchronous adjustments to the Security Policy in response to the vulnerability assessment results. Additionally, firewall and scanner actions, assessment results, and responses can be consolidated in detailed or summary reports for use by security administrators for trend analysis and security posture decision-making. The same Security Policy is used by both the firewall and the scanner components of the integrated firewall/scanner during both their cooperative and independent operations. |
| Inventors: | Beebe, Todd (Katy, TX); Collier, Mark D. (Helotes, TX); Conyers, Doug (San Antonio, TX); Hamlett, Chris (Bulverde, TX); Faustino, Stephen (San Antonio, TX) |
| Assignees: | Securelogix Corporation (San Antonio, TX) |
| Claim: | What is claimed is |
| Claim: | 1. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise's end-user stations and their respective circuits into a public switched telephone network ("PSTN") via a plurality of extensions, the system comprising |
| Claim: | means for defining a security policy including a security rule base, a results response policy and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken bases on results of a vulnerability assessment ("VA"). |
| Claim: | 2. The system of claim 1 wherein the means for updating the security policy comprises means for updating the security policy by moving the extension from a first one of the groups of extensions to a second one of the groups of extension. |
| Claim: | 3. The system of claim 1 wherein the groups of extensions include an voice-only group comprising extensions designated exclusively for voice calls, a secure modem group comprising extensions having connected thereto modems that have been deemed authorized and secure, an insecure modem group comprising extensions having connected thereto modems that have been deemed insecure, and an unauthorized modem group comprising extensions having connected thereto modems that have not been deemed insecure, but that are not authorized. |
| Claim: | 4. The system of claim 1 wherein the means for performing a VA on the extension comprises means for attempting to penetrate a modem connected to the extension. |
| Claim: | 5. The system of claim 4 wherein the VA results indicate whether or not the penetration attempt was successful. |
| Claim: | 6. The system of claim 1 further comprising means responsive to the VA request for building a profile, the profile defining the type of VA to be performed. |
| Claim: | 7. The system of claim 1 wherein the VA results indicate that the penetration attempt was successful and the updating the security policy comprises moving the extension from a first group to an insecure modem group. |
| Claim: | 8. The system of claim 1 wherein the results response rules specify actions selected from the group consisting of update the security policy, log the VA results, and notify a designated person of the VA results. |
| Claim: | 9. The system of claim 1 wherein the at least one call attribute is the call-type and wherein the security rules specify the actions of permitting or denying a call. |
| Claim: | 10. The system of claim 1 wherein the at least one call attribute is selected from the group consisting of call-type, call date, call time, call duration, station extension, inbound number, and outbound number dialed. |
| Claim: | 11. The system of claim 1 wherein security rules specify actions selected from the group consisting of permit or deny the call, redirect the call, log the call, and notify a designated person. |
| Claim: | 12. The method of claim 1 comprising designating each of the security rules of the second tier security policy as being either required or optional, wherein all of the rules designated as being required in the first tier security policy and a portion of the subset of the rules of the first tier security policy are designated in the second tier security policy as being required and the remainder of the subset of the rules of the first tier security policy are designated in the second tier security policy as being optional. |
| Claim: | 13. The method of claim 12 further comprising |
| Claim: | defining in connection with a third FMS connected to the second tier FMS a third tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension connected to the third tier FMS via a line sensor; and |
| Claim: | performing actions on a selected call on the extension connected to the third tier FMS based upon at least one attribute thereof, in accordance with the security rules of the third tier security policy; |
| Claim: | wherein the third tier security policy includes all of the rules of the second tier security policy designated as being required and a subset of the rules of the second tier security policy designated as being optional. |
| Claim: | 14. The method of claim 13 further comprising designating each of the security rules of the third tier security policy as being either required or optional and wherein all of the rules designated as being required in the second tier security policy and a portion of the subset of the rules of the second tier security policy are designated in the third tier security policy as being required and the remainder of the subset of the rules of the second tier security policy are designated in the third tier security policy as being optional. |
| Claim: | 15. The method of claim 13 wherein the first, second, and third FMSes are located in locations remote from one another and are connected to one another via TCP/IP connections. |
| Claim: | 16. A method of implementing an integrated telephony firewall and scanner system for controlling and logging access between an enterprise's end-user stations and their respective circuits into a public switched telephone network ("PSTN") via a plurality of extensions, the method comprising |
| Claim: | defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment ("VA") performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common; |
| Claim: | detecting a call on an extension to determine attributes associated with the call wherein the detecting the call is accomplished between the extension and the PSTN; |
| Claim: | performing actions based upon the call attributes in accordance with the security rules defined for the extension; |
| Claim: | requesting a VA on the extension; |
| Claim: | performing a VA on the extension and generating VA results responsive to the VA request; and |
| Claim: | updating the security policy based on the VA results in accordance with the results response policy. |
| Claim: | 17. The method of claim 16 wherein the updating the security policy comprises updating the security policy by moving the extension from a first one of the groups of extensions to a second one of the groups of extension. |
| Claim: | 18. The method of claim 16 wherein the groups of extensions include an voice-only group comprising extensions designated exclusively for voice calls, a secure modem group comprising extensions having connected thereto modems that have been deemed authorized and secure, an insecure modem group comprising extensions having connected thereto modems that have been deemed insecure, and an unauthorized modem group comprising extensions having connected thereto modems that have not been deemed insecure, but that are not authorized. |
| Claim: | 19. The method of claim 16 wherein the performing a VA on the extension comprises attempting to penetrate a modem connected to the extension. |
| Claim: | 20. The method of claim 19 wherein the VA results indicate whether or not the penetration attempt was successful. |
| Claim: | 21. The method of claim 16 further comprising building a profile responsive to the VA request, the profile defining the type of VA to be performed. |
| Claim: | 22. The method of claim 16 wherein the VA results indicate that the penetration attempt was successful and the updating the security policy comprises moving the extension from a first group to an insecure modem group. |
| Claim: | 23. The method of claim 16 wherein the results response rules specify actions selected from the group consisting of update the security policy, log the VA results, and notify a designated person of the VA results. |
| Claim: | 24. The method of claim 16 wherein the at least one call attribute is the call-type and wherein the security rules specify the actions of permitting or denying a call. |
| Claim: | 25. The method of claim 16 wherein the at least one call attribute is selected from the group consisting of call-type, call date, call time, call duration, station extension, inbound number, and outbound number dialed. |
| Claim: | 26. The method of claim 16 wherein security rules specify actions selected from the group consisting of permit or deny the call, redirect the call, log the call, and notify a designated person. |
| Claim: | 27. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise's end-user stations and their respective circuits into a public switched telephone network ("PSTN") via a plurality of extensions, the system comprising |
| Claim: | a firewall/scanner client for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taked based on results of a vulnerability assessment ("VA") performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common; |
| Claim: | a line sensor connected to said firewall/scanner client via a firewall management server for detecting a call on an extension to determine attributes associated with the call, performing actions based upon the call attributes in accordance with the security rules defined for the extension, and notifying the firewall management server that the actions have been performed, responsive to which notification the firewall management server requests a VA on the extension and wherein the line sensor is located between the extension and the PSTN; |
| Claim: | a scanner management server for receiving the VA request and, responsive to the VA request, building a profile and pushing the profile to a dialer for performing a VA on the extension and generating VA results to the firewall management server; |
| Claim: | wherein the firewall management server updates the security policy based on the VA results in accordance with the results response policy. |
| Claim: | 28. The system of claim 27 wherein the firewall management server updates the security policy by moving the extension from a first one of the groups of extensions to a second one of the groups of extension. |
| Claim: | 29. The system of claim 27 wherein the groups of extensions include an voice-only group comprising extensions designated exclusively for voice calls, a secure modem group comprising extensions having connected thereto modems that have been deemed authorized and secure, an insecure modem group comprising extensions having connected thereto modems that have been deemed insecure, and an unauthorized modem group comprising extensions having connected thereto modems that have not been deemed insecure, but that are not authorized. |
| Claim: | 30. The system of claim 27 wherein the dialer performs a VA on the extension by attempting to detect, identify, and penetrate a modem connected to the extension. |
| Claim: | 31. The system of claim 30 wherein the VA results indicate whether or not the penetration attempt was successful. |
| Claim: | 32. The system of claim 27 wherein the VA results indicate that the penetration attempt was successful and the updating the security policy comprises moving the extension from a first group to an insecure modem group. |
| Claim: | 33. The system of claim 27 wherein the results response rules specify actions selected from the group consisting of update the security policy, log the VA results, and notify a designated person of the VA results. |
| Claim: | 34. The system of claim 27 wherein the at least one call attribute is the call-type and wherein the security rules specify the actions of permitting or denying a call. |
| Claim: | 35. The system of claim 27 wherein the at least one call attribute is selected from the group consisting of call-type, call date, call time, call duration, station extension, inbound number, and outbound number dialed. |
| Claim: | 36. The system of claim 27 wherein security rules specify actions selected from the group consisting of permit or deny the call, redirect the call, log the call, and notify a designated person. |
| Claim: | 37. An integrated telephony firewall and scanner system for controlling and tracking access between an enterprise's end-user stations and their respective circuits into a public switched telephone network ("PSTN") via a plurality of extensions, the system comprising |
| Claim: | means for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment ("VA") performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common; |
| Claim: | means for detecting a call on an extension to determine attributes associated with the call; |
| Claim: | means for performing actions based upon the call attributes in accordance with the security rules defined for the extension; |
| Claim: | means for requesting a VA on the extension; |
| Claim: | means responsive to the VA request for performing a VA on the extension and generating VA results; and |
| Claim: | means for performing actions based upon the VA results in accordance with the results response rules defined for the extension. |
| Claim: | 38. The system of claim 37 wherein the means for performing actions based on the VA results includes means for notifying a designated person of the VA results. |
| Claim: | 39. The system of claim 37 wherein the means for performing actions based on the VA results includes means for logging an event in connection with the call. |
| Claim: | 40. A method of implementing an integrated telephony firewall and scanner system for controlling and logging access between an enterprise's end-user stations and their respective circuits into a public switched telephone network ("PSTN") via a plurality of extensions, the method comprising |
| Claim: | detecting a call on an extension to determine attributes associated with the call; |
| Claim: | performing actions based upon the VA results in accordance with the results response rules defined for the extension. |
| Claim: | 41. The method of claim 40 wherein the performing actions based on the VA results includes notifying a designated person of the VA results. |
| Claim: | 42. The method of claim 40 wherein the performing actions based on the VA results includes logging an event. |
| Claim: | 43. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise's end-user stations and their respective circuits into a public switched telephone network ("PSTN") via a plurality of extensions, the system comprising |
| Claim: | a firewall/scanner client for defining a security policy comprising a security rule base, a results response policy, and groups of extensions, wherein the security rule base includes security rules specifying actions to be taken based upon at least one attribute of a call on an extension, the results response policy includes results response rules specifying actions to be taken based on results of a vulnerability assessment ("VA") performed on an extension, and the groups of extensions each include a set of extensions having at least one feature in common; |
| Claim: | a line sensor connected to said firewall/scanner client via a firewall management server for detecting a call on an extension to determine attributes associated with the call, performing actions based upon the call attributes in accordance with the security rules defined for the extension, and notifying the firewall management server that the actions have been performed, responsive to which notification the firewall management server requests a VA on the extension; |
| Claim: | wherein the firewall management server initiates actions based upon the VA results in accordance with the results response rules defined for the extension. |
| Claim: | 44. The system of claim 43 wherein the actions initiated by the firewall management server include notifying a designated person of the VA results. |
| Claim: | 45. The system of claim 43 wherein the actions initiated by the firewall management server include logging an event in connection with the call. |
| Claim: | 46. An integrated telephony firewall and scanner system for controlling and tracking access between an enterprise's end-user stations and their respective circuits into a public switched telephone network ("PSTN") via a plurality of extensions, the system comprising |
| Claim: | means for performing a VA on the extension and generating VA results; and |
| Claim: | 47. The system of claim 46 wherein the means for performing actions based on the VA results includes means for notifying a designated person of the VA results. |
| Claim: | 48. The system of claim 46 wherein the means for performing actions based on the VA results includes means for logging an event in connection with the call. |
| Claim: | 49. The system of claim 46 wherein the means for performing actions based on the VA results includes means for updating the security policy as specified by the results response rules defined for the extension. |
| Claim: | 50. A method of implementing an integrated telephony firewall and scanner system for controlling and logging access between an enterprise's end-user stations and their respective Circuits into a public switched telephone network ("PSTN") via a plurality of extensions, the method comprising |
| Claim: | performing a VA on the extension and generating VA results responsive to the VA request; |
| Claim: | 51. The method of claim 50 wherein the performing actions based on the VA results includes notifying a designated person of the VA results. |
| Claim: | 52. The method of claim 50 wherein the performing actions based on the VA results includes logging an event in connection with the call. |
| Claim: | 53. The method of claim 50 wherein the performing actions based on the VA results includes updating the security policy as specified by the results response rules defined for the extension. |
| Claim: | 54. An integrated telephony firewall and scanner system for controlling and logging access between an enterprise's end-user stations and their respective circuits into a public switched telephone network ("PSTN") via a plurality of extensions, the system comprising |
| Claim: | a line sensor connected to said firewall/scanner client via a firewall management server for detecting a call on an extension to determine attributes associated with the call; |
| Claim: | a scanner management server for pushing a profile including the extension to a dialer for performing a VA on the extension and generating VA results to the firewall management server; |
| Claim: | 55. The system of claim 54 wherein the initiating actions based on the VA results includes notifying a designated person of the VA results. |
| Claim: | 56. The system of claim 54 wherein the initiating actions based on the VA results includes logging an event in connection with the call. |
| Claim: | 57. The system of claim 54 wherein the initiating actions based on the VA results includes updating the security policy as specified by the results response rules defined for the extension. |
| Claim: | 58. The system of claim 54 wherein the scanner management server builds the profile including the extension in response to a VA request from the firewall management server. |
| Claim: | 59. The system of claim 54 wherein the profile is a routinely scheduled profile stored in the scanner management server. |
| Claim: | 60. The system of claim 54 wherein the line sensor includes a plurality of line sensors. |
| Claim: | 61. The system of claim 54 wherein the dialer includes a plurality of dialers. |
| Claim: | 62. The system of claim 54 wherein the line sensor and the dialer are disposed in a location remote from said firewall/scanner client. |
| Claim: | 63. The system of claim 54 wherein the line sensor and the dialer are connected to the firewall management server and the scanner management server via TCP/IP connections. |
| Claim: | 64. A multi-tier telephony security system for controlling and logging access between an enterprise's end-user stations at a plurality of customer sites and their respective circuits into a public switched telephone network (PSTN) via a plurality of extensions, the system comprising |
| Claim: | a first tier firewall management server ("FMS"), the first tier FMS including a database containing a first tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension; |
| Claim: | a line sensor within a customer site connected to the first tier FMS for performing actions on a selected call based upon at least one attribute thereof, in accordance with the security rules of the first tier security policy; |
| Claim: | a second tier FMS connected to the first tier FMS, the second tier FMS including a database containing a second tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension; |
| Claim: | a line sensor within the customer sites connected to the second tier FMS for performing actions on a selected call based upon at least one attribute thereof, in accordance with the security rules of the second tier security policy; |
| Claim: | wherein each of the security rules of the first tier security policy are designated as being either required or optional; and |
| Claim: | wherein the second tier security policy includes all of the rules of the first tier security policy designated as being required and a subset of the rules of the first tier security policy designated as being optional. |
| Claim: | 65. The system of claim 64 wherein each of the security rules of the second tier security policy are designated as being either required or optional and wherein all of the rules designated as being required in the first tier security policy and a portion of the subset of the rules of the first tier security policy are designated in the second tier security policy as being required and the remainder of the subset of the rules of the first tier security policy are designated in the second tier security policy as being optional. |
| Claim: | 66. The system of claim 65 further comprising |
| Claim: | a third tier FMS connected to the second tier FMS, the third tier FMS including a database containing a third tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension; and |
| Claim: | a line sensor within customer sites connected to the third tier FMS for performing actions on a selected call based upon at least one attribute thereof, in accordance with the security rules of the third tier security policy; |
| Claim: | 67. The system of claim 66 wherein each of the security rules of the third tier security policy are designated as being either required or optional and wherein all of the rules designated as being required in the second tier security policy and a portion of the subset of the rules of the second tier security policy are designated in the third tier security policy as being required and the remainder of the subset of the rules of the second tier security policy are designated in the third tier security policy as being optional. |
| Claim: | 68. The system of claim 66 wherein the first, second, and third FMSes are located in locations remote from one another and are connected to one another via TCP/IP connections. |
| Claim: | 69. The system of claim 64 wherein the first and second PMSes are located in locations remote from one another and are connected to one another via at least one TCP/IP connection. |
| Claim: | 70. A method of implementing multi-tier telephony security system for controlling and logging access between an enterprise's end-user stations at a plurality of customer sites and their respective circuits into a public switched telephone network (PSTN) via a plurality of extensions, the method comprising |
| Claim: | defining in connection with a first tier firewall management server ("FMS") a first tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension connected to said first tier FMS via a line sensor; |
| Claim: | performing actions on a selected call on the extension connected to the first tier FMS based upon at least one attribute thereof, in accordance with the security rules of the first tier security policy; |
| Claim: | defining in connection with a second tier FMS connected to the first tier FMS a second tier security policy comprising security rules specifying actions to be taken based upon at least one attribute of a call on an extension connected to said second tier FMS via a line sensor; |
| Claim: | performing actions on a selected call on the extension connected to the second tier FMS based upon at least one attribute thereof, in accordance with the security rules of the second tier security policy; and |
| Claim: | designating each of the security rules of the first tier security policy as being either required or optional; |
| Claim: | 71. The method of claim 70 wherein the first and second FMSes are located in locations remote from one another and are connected to one another via at least one TCP/IP connection. |
| Current U.S. Class: | 379/189; 379/145; 379/196; 713/201; 707/9; 709/225 |
| Current International Class: | H04M 300 |
| Patent References Cited: | 4332982 June 1982 Thomas 4639557 January 1987 Butler et al. 4653085 March 1987 Chan et al. 4783796 November 1988 Ladd 4876717 October 1989 Baron et al. 4905281 February 1990 Surjaatmadja et al. 4965459 October 1990 Murray 5018190 May 1991 Walker et al. 5276529 January 1994 Williams 5276687 January 1994 Miyamoto 5276731 January 1994 Arbel et al. 5311593 May 1994 Carmi 5345595 September 1994 Johnson et al. 5351287 September 1994 Bhattacharyya et al. 5436957 July 1995 McConnell 5495521 February 1996 Rangachar 5510777 April 1996 Pilc et al. 5535265 July 1996 Suwandhaputra 5557742 September 1996 Smaha et al. 5606604 February 1997 Rosenblatt et al. 5623601 April 1997 Vu 5627886 May 1997 Bowman 5684957 November 1997 Kondo et al. 5706338 January 1998 Relyea et al. 5745555 April 1998 Mark 5805686 September 1998 Moller et al. 5805803 September 1998 Birrelle et al. 5812763 September 1998 Teng 5826014 October 1998 Coley et al. 5838682 November 1998 Dekelbaum et al. 5854889 December 1998 Liese et al. 5864666 January 1999 Shrader 5892903 April 1999 Klaus 5898830 April 1999 Wesinger, Jr. et al. 5907602 May 1999 Pell et al. 5918019 June 1999 Valencia 5923849 July 1999 Venkatraman 5931946 August 1999 Terada et al. 5944823 August 1999 Jade et al. 5949864 September 1999 Cox 5960177 September 1999 Tanno 6061798 May 2000 Coley et al. 6098172 August 2000 Coss et al. 6154775 November 2000 Coss et al. |
| Other References: | http://www.tlogic.com/penetration.html. http://www/m-tech.ab.ca/security/penetration. http://www.m-tech.ab.ca/products/secmod/. www.sandstorm.net/phonesweep; Sandstorm Enterprises, Inc. "Introducing PhoneSweep". www.bruck-inc.com/html/security/pentesting.htm; "Penetration Test". |
| Primary Examiner: | Tsang, Fan |
| Assistant Examiner: | Bui, Bing |
| Attorney, Agent or Firm: | Haynes and Boone LLP |
| رقم الانضمام: | edspgr.06226372 |
| قاعدة البيانات: | USPTO Patent Grants |
| الوصف غير متاح. |