VERFAHREN ZUR STEIGERUNG DES DURCHSATZES VON DATEN IN EINER NETZÜBERGANGSEINRICHTUNG, UND ROUTER

VERFAHREN ZUR STEIGERUNG DES DURCHSATZES VON DATEN IN EINER NETZÜBERGANGSEINRICHTUNG, UND ROUTER

In one aspect, the present invention is directed to a method for speeding up the transfer of data objects through a network gateway in which the incoming data objects are passed through a malicious content detection facility for checking the existence of malicious content within a data object, e.g....

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: GRUPER, SHIMON, ELAZAM, OFER
Format: Patent
Sprache:ger
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In one aspect, the present invention is directed to a method for speeding up the transfer of data objects through a network gateway in which the incoming data objects are passed through a malicious content detection facility for checking the existence of malicious content within a data object, e.g. a Web file, a multimedia file, an e-mail message, and a communication packet; the method characterized according to the steps of: pre-determining one or more criteria for classifying a data object as trusted or distrusted according to the possibility of existence of malicious content within the data objects; classifying an incoming data object to the gateway as trusted or distrusted according to one or more of the criteria; and routing a trusted data object directly toward the object's destination, thereby bypassing the malicious content detection facility. According to a preferred embodiment of the invention, the criterion is prior information that the type of the data object comprises non-executable code. In another aspect, the present invention is directed to a router apparatus comprising programmable means for detecting malicious content within data objects that pass through the apparatus, characterized in having: storage means for storing data of at least one criteria for classifying a data object as trusted or distrusted; programmable means for classifying a data object as trusted or distrusted according to at least one of the criteria stored within the storage means; programmable means for routing a distrusted data object to the programmable means for detecting malicious content within data objects; and programmable means for routing a trusted data object to the object's original destination.There is provided in accordance with another aspect of the present invention a security routing methodology and apparatus which includes sensing information contained in an object, analyzing the information to determine a security classification thereof and routing the object to at least one node selected from at least one destination node and at least one intermediate node which is selected at least partially in accordance with the security classification.