Graceful termination of security-violation client connections in a network protection system (NPS)

Graceful termination of security-violation client connections in a network protection system (NPS)

A network protection system (NPS) is augmented to provide additional functionality-preferably within the SSL/TLS connection at the OSI presentation layer-to enable efficient management and handling of security-violating client connections. When the NPS determines to suspend a suspect application cli...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Diamant, Galia, Jerrell, Richard Ory, Rodniansky, Leonid, Ginzburg, Viktor
Format: Patent
Sprache:eng
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A network protection system (NPS) is augmented to provide additional functionality-preferably within the SSL/TLS connection at the OSI presentation layer-to enable efficient management and handling of security-violating client connections. When the NPS determines to suspend a suspect application client connection, the NPS modifies the request (the TLS encrypted packet) at a random offset to include a random byte value. When the modified request is then received at the server, a TLS decryption error occurs. In response, the server drops the request gracefully and, in particular, a termination response is returned from the server to the NPS, which then passes the termination response back to the requesting client.