专利汇可以提供Methods For Firewall Protection Of Mass-Storage Devices专利检索,专利查询,专利分析的服务。并且The present invention discloses methods for protecting a host system from information-security risks posed by a URD, the method including the steps of: operationally connecting the URD to the host system; communicating, between the URD and the host system, via a network protocol, through a firewall residing in the host system; and configuring said firewall to provide security measures related to the URD. Preferably, the firewall is a software firewall or a hardware firewall. A method for protecting a host system from information-security risks posed by a URD, the method including the steps of: operationally connecting the URD to the host system; communicating, between the URD and the host system, via a network protocol, through a firewall residing in the host system; and configuring said firewall to restrict access of at least one application to the URD. Preferably, the firewall is a software firewall or a hardware firewall.,下面是Methods For Firewall Protection Of Mass-Storage Devices专利的具体信息内容。
What is claimed is:
This patent application claims priority under 35 U.S.C. §119(e) to U.S. Provisional Application No. 60/910,708, filed Apr. 9, 2007, which is hereby incorporated by reference in its entirety.
This patent application is related to U.S. patent application Ser. No. ______ of the same inventors, which is entitled “SYSTEMS FOR FIREWALL PROTECTION OF MASS-STORAGE DEVICES” and filed on the same day as the present application. This patent application, also claiming priority to U.S. Provisional Application No. 60/910,708, is incorporated in its entirety as if fully set forth herein.
The present invention relates to methods for protecting a host system from information-security risks posed by mass-storage devices by routing communication through a network protocol, and by applying a firewall.
USB flash drives (UFDs) are well-known devices for providing portable data storage. UFDs are typically configured to be interchangeably connected to multiple computers. Because of this feature, UFDs pose an inherent information-security risk to a host computer. Such a risk necessitates implementation of security measures.
The prior art offers a variety of security measures for protecting host computers from risks associated with portable data-storage devices. Examples of such security measures include anti-virus programs and the mTrust solution (available from SanDisk IL Ltd., Kefar Saba, Israel).
The prior-art solutions suffer from inherent limitations that reduce their value. The prior art is typically configured to handle only one type of security risk. Anti-virus tools are typically limited to deal only with viruses, while mTrust-type solutions are limited to address risks associated primarily with access control.
It would be desirable to have an information-security system for protecting a host system from a broad array of information-security risks posed by a UFD security, while complying with the information-security policy of the host-system user.
It is the purpose of the present invention to provide methods for protecting a host system from information-security risks posed by mass-storage devices by routing communication through a network protocol, and by applying a firewall.
For the purpose of clarity, several terms which follow are specifically defined for use herein. The term “network protocol” is used herein to refer to a communication protocol from the network layer of an OSI (Open Systems Interconnection) network architecture, and more specifically herein, the internet protocol (IP). The terms “USB removable drive” and “URD” are used herein to refer to a removable drive that has a non-volatile storage memory and a controller. A UFD is a special type of URD in which flash memory is utilized.
The term “traffic” is used herein to refer to activity over a communication system during a given period of time. The terms “demilitarized zone” and “DMZ” are used herein to refer to a part of a network that is neither part of the internal network, nor directly part of the internet. The term “firewall” is used herein to refer to a gateway that limits access between networks in accordance with local access-security policies.
The present invention teaches systems, and methods for implementing such systems, that reside in a URD, and emulate a network drive for a host system. The network-drive emulation is performed by changing firmware residing in the URD controller, and by enabling the URD as a network device on the Microsoft™ Windows™ operating system (OS). The URD is identified as a network device, and can be accessed by various file-access protocols (e.g. HTTP, FTP, and SMB). The network device is designated by a drive letter or as a file server (as is well-known in the art of computer engineering, and integrated in the Windows OS).
Network drives are common devices for protecting using ordinary firewall systems (e.g. McAfee Personal Firewall, available from McAfee Corporation, Sunnyvale, Calif.). Once the host system, equipped with a firewall, detects a storage device as a network storage device, the host system applies all the pertinent rules of the associated firewall, thereby protecting the host system from attacks such as unauthorized access.
Therefore, according to the present invention, there is provided for the first time a method for protecting a host system from information-security risks posed by a URD, the method including the steps of: (a) operationally connecting the URD to the host system; (b) communicating, between the URD and the host system, via a network protocol, through a firewall residing in the host system; and (c) configuring said firewall to provide security measures related to the URD.
Preferably, the firewall is a software firewall or a hardware firewall.
According to the present invention, there is provided for the first time a method for protecting a host system from information-security risks posed by a URD, the method including the steps of: (a) operationally connecting the URD to the host system; (b) communicating, between the URD and the host system, via a network protocol, through a firewall residing in the host system; and (c) configuring said firewall to restrict access of at least one application to the URD.
Preferably, the firewall is a software firewall or a hardware firewall.
These and further embodiments will be apparent from the detailed description and examples that follow.
The present invention is herein described, by way of example only, with reference to the accompanying drawings, wherein:
The present invention relates to methods for protecting a host system from information-security risks posed by mass-storage devices by routing communication through a network protocol, and by applying a firewall. The principles and operation for protecting a host system from information-security risks posed by mass-storage devices, according to the present invention, may be better understood with reference to the accompanying description and the drawings.
Referring now to the drawings,
Host system 20 is equipped with a firewall 36. Firewall 36 can be a software firewall (e.g. MacAfee Personal Firewall), or a hardware firewall (e.g. Cisco PIX Firewall 515E available from Cisco, San Jose, Calif.). The area beyond firewall 36, typically called a DMZ 38, serves to connect host system 20 with the external world. Traffic from the peripherals (i.e. USB mouse 24, USB keyboard 26, and URD 28) flows into a CPU 40. Connection of host system 20 with the external world is typically performed via a network card 42, operationally connected to network connection 34, and ultimately to network 32. The functionality of firewall 36 in protecting host system 20 from unauthorized access is well-known in the art, and is not described herein.
An essential feature of the present invention is the connection of a local peripheral 30, typically a URD or other mass-storage device, to DMZ 38 of host system 20. Such a configuration requires that peripheral 30 be recognized by host system 20 as a network device, and not as a mass-storage device (such as URD 28). In such a configuration, systems of the present invention require URD 30 to meet the requirements of the security features of firewall 36, which are strong and well-maintained.
To summarize, there are two differences between a URD (e.g. URD 28) connected directly to host system 20, and a URD (e.g. 30) connected to DMZ 38:
While the invention has been described with respect to a limited number of embodiments, it will be appreciated that many variations, modifications, and other applications of the invention may be made.
标题 | 发布/更新时间 | 阅读量 |
---|---|---|
桌面云外设接入系统 | 2020-08-11 | 2 |
一种基于双梯形波的碰撞波形概念设计方法 | 2020-08-17 | 0 |
一种智慧城市云安全架构的方法 | 2020-12-02 | 1 |
一种近距离无线通信网络热点的租赁方法和系统 | 2020-08-18 | 2 |
一种防火墙的端口管理策略自动下发方法及装置 | 2020-06-03 | 2 |
一种基于P2P僵尸网络评估模型的防御和反击系统 | 2021-01-23 | 0 |
一种防火墙装置 | 2021-06-25 | 2 |
Network security system | 2022-05-15 | 0 |
System, method and computer program product for a firewall summary interface | 2022-10-20 | 0 |
基于单卡双待的综合业务MSP副号码接受短信装置 | 2021-09-03 | 1 |
高效检索全球专利专利汇是专利免费检索,专利查询,专利分析-国家发明专利查询检索分析平台,是提供专利分析,专利查询,专利检索等数据服务功能的知识产权数据服务商。
我们的产品包含105个国家的1.26亿组数据,免费查、免费专利分析。
专利汇分析报告产品可以对行业情报数据进行梳理分析,涉及维度包括行业专利基本状况分析、地域分析、技术分析、发明人分析、申请人分析、专利权人分析、失效分析、核心专利分析、法律分析、研发重点分析、企业专利处境分析、技术处境分析、专利寿命分析、企业定位分析、引证分析等超过60个分析角度,系统通过AI智能系统对图表进行解读,只需1分钟,一键生成行业专利分析报告。