[go: up one dir, main page]

WO2002011399A1 - Device for protecting computer systems against intrusions and abuses derived from open communication networks - Google Patents

Device for protecting computer systems against intrusions and abuses derived from open communication networks Download PDF

Info

Publication number
WO2002011399A1
WO2002011399A1 PCT/FR2001/002466 FR0102466W WO0211399A1 WO 2002011399 A1 WO2002011399 A1 WO 2002011399A1 FR 0102466 W FR0102466 W FR 0102466W WO 0211399 A1 WO0211399 A1 WO 0211399A1
Authority
WO
WIPO (PCT)
Prior art keywords
external communication
communication network
external
internet
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/FR2001/002466
Other languages
French (fr)
Inventor
Philippe Petit
Alexandre Augustin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to AU8598001A priority Critical patent/AU8598001A/en
Publication of WO2002011399A1 publication Critical patent/WO2002011399A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones

Definitions

  • the present invention relates to a device for protecting computer systems against intrusions or malicious acts originating from a communication network open to the outside such as that commonly called "internet”.
  • the protection traditionally used consists of software usually called "fire wall”. This type of protection is not foolproof because it does not solve the problem of the physical presence of the external communication network on the data server or servers.
  • the device according to the invention overcomes this drawback. It indeed comprises a box comprising:
  • connection to the external communication network is made via an "ethernet" interface through a local network with a specialized server or via a modem, ISDN, ADSL or other type of communicator by way of nonlimiting example.
  • a switching and rapid adaptation system makes it possible to "switch" a console or a workstation on the local and / or external network of the company, organization or structure on the external "internet” communication network or other through the operating system defined above.
  • the principle consists in making connections to the external communication network (internet or other without limitation) only on a related system constituted by the operating system defined above.
  • the network of the company, the organization or the structure is then completely physically independent of the external communication network (internet or other) or of any connection to any external communication system (internet or other.
  • no signal and / or no external data can be brought into contact with the address and data buses of the internal systems (local or remote) of the company, organization or structure.
  • the central unit connected to the network of the company, organization or structure is connected to this device and the keyboard, mouse and display interface are managed and switched by the switching system described above. above forming part of this device.
  • connection with the external communication network is carried out by the device, either by modem or by another independent local network passing through an independent specialized server which has no physical connection with the network of the company, organization or structure.
  • the system is composed:
  • - a mass storage unit sufficient to receive the operating system, the configuration operator interface program, the navigation program on the external communication network ("internet” or other), the communication and messaging program, the interface management program, user data, - A socket for connecting a floppy disk drive and a CD-ROM to the device for adjustment and configuration,
  • console switching system human-machine dialogue peripherals: monitor, keyboard and mouse
  • operating system an integrated console switching system
  • connection to the external network is carried out in the embodiment by navigation and messaging software supported by a processor card, one port of which is connected to a network, ISDN, ADSL or modem interface. , and can also be carried out, in variants, by any system ensuring the same function within the device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention concerns a device for securely browsing or using message services on external communication networks, such as Internet. It consists of a box containing a system for dialogue on said external networks and a communication system with work console completely isolating the internal network of the enterprise, the organisation or the structure from said insecure external structures. The device is particularly designed for structures wishing to provide fail-safe protection for their computer system and their private networks against intrusions and abuses possibly caused by external communication networks.

Description

Dispositif de protection des systèmes informatiques contre les intrusions ou malveillances issues des réseaux de communication ouvert sur l'extérieur. Device for protecting computer systems against intrusions or malicious acts from communication networks open to the outside.

La présente invention concerne un dispositif pour protéger les systèmes informatiques contre les intrusions ou malveillances issues d'un réseau de communication ouvert sur l'extérieur tel que celui nommé communément "internet".The present invention relates to a device for protecting computer systems against intrusions or malicious acts originating from a communication network open to the outside such as that commonly called "internet".

La protection traditionnellement utilisée est constituée d'un logiciel habituellement appelé "fire wall". Ce type de protection n'est pas infaillible car il ne résout pas le problème de la présence physique du réseau de communication externe sur le ou les serveur (s) de données ou de messagerie .The protection traditionally used consists of software usually called "fire wall". This type of protection is not foolproof because it does not solve the problem of the physical presence of the external communication network on the data server or servers.

Le dispositif selon l'invention permet de remédier à cet inconvénient. Il comporte en effet un boîtier comprenant :The device according to the invention overcomes this drawback. It indeed comprises a box comprising:

- un système d'exploitation sur technologie carte électronique à processeur avec utilitaire de configuration et de connexion au réseau extérieur de communication.- an operating system on processor electronic card technology with configuration utility and connection to the external communication network.

- la connexion au réseau extérieur de communication est réalisée par l'intermédiaire d'une interface "ethernet" au travers d'un réseau local avec un serveur spécialisé ou par l'intermédiaire d'un communicateur de type modem, RNIS, ADSL ou autre à titre d'exemple non limitatif.- the connection to the external communication network is made via an "ethernet" interface through a local network with a specialized server or via a modem, ISDN, ADSL or other type of communicator by way of nonlimiting example.

- un système de commutation et adaptation rapide permet de "basculer" une console ou un poste de travail du réseau local et/ou externe de l'entreprise, de l'organisme ou de la structure sur le réseau extérieur de communication dit "internet" ou autre par l'intermédiaire du système d'exploitation défini ci-dessus.- a switching and rapid adaptation system makes it possible to "switch" a console or a workstation on the local and / or external network of the company, organization or structure on the external "internet" communication network or other through the operating system defined above.

Le principe consiste à ne réaliser les connexions au réseau de communication externe (internet ou autre à titre non limitatif) uniquement sur un système connexe constitué par le système d'exploitation défini ci-dessus. Le réseau de l'entreprise, de l'organisme ou de la structure est alors complètement indépendant physiquement du réseau de communication externe (internet ou autre) ou de toute connexion vers un quelconque système de communication externe (internet ou autre. Ainsi, aucun signal et/ou aucune donnée extérieurs ne peuvent être mis en contact avec les bus adresses et données des systèmes internes (locaux ou distants) de l'entreprise, de l'organisme ou de la structure.The principle consists in making connections to the external communication network (internet or other without limitation) only on a related system constituted by the operating system defined above. The network of the company, the organization or the structure is then completely physically independent of the external communication network (internet or other) or of any connection to any external communication system (internet or other. Thus, no signal and / or no external data can be brought into contact with the address and data buses of the internal systems (local or remote) of the company, organization or structure.

L'unité centrale raccordée au réseau de l'entreprise, de l'organisme ou de la structure est raccordée au présent dispositif et le clavier, la souris et l'interface d'affichage sont gérés et commutés par le système de commutation décrit ci- dessus faisant partie du présent dispositif.The central unit connected to the network of the company, organization or structure is connected to this device and the keyboard, mouse and display interface are managed and switched by the switching system described above. above forming part of this device.

Aucune connexion physique entre le réseau de communication externe ("internet" ou autre) et l'unité centrale du poste de travail n'est possible. La liaison avec le réseau externe de communication ("internet" ou autre) est réalisée par le dispositif, soit par modem soit par un autre réseau local indépendant passant par un serveur spécialisé indépendant qui n'a pas de liaison physique avec le réseau de l'entreprise, de l'organisme ou de la structure.No physical connection between the external communication network ("internet" or other) and the central unit of the workstation is possible. The connection with the external communication network ("internet" or other) is carried out by the device, either by modem or by another independent local network passing through an independent specialized server which has no physical connection with the network of the company, organization or structure.

Dans la forme de réalisation, le système est composé :In the embodiment, the system is composed:

- d'une carte électronique à et avec processeur (dite "carte mère") , - d'une mémoire Ram de travail,- an electronic card with and with processor (called "motherboard"), - a working Ram memory,

- d'une interface vidéo indépendante ou intégrée à la carte électronique sus-citée,- an independent video interface or integrated into the aforementioned electronic card,

- d'une interface de communication interne de type ethernet ou autre pour connexion éventuelle à un serveur spécialisé, - d'une interface de communication externe de type modem et/ou RNIS et/ou ADSL et/ou autre pour connexion éventuelle directe,- an internal communication interface of ethernet type or other for possible connection to a specialized server, - an external communication interface of modem and / or ISDN and / or ADSL and / or other type for possible direct connection,

- d'une unité de stockage de masse suffisante pour recevoir le système d'exploitation, le programme interface opérateur de paramétrage, le programme de navigation sur le réseau de communication externe ("internet" ou autre) , le programme de communication et messagerie, le programme de gestion des interfaces, les données de l'utilisateur, - Une prise permettant de raccorder un lecteur de disquette et un cédérom sur le dispositif pour réglage et paramétrage,- a mass storage unit sufficient to receive the operating system, the configuration operator interface program, the navigation program on the external communication network ("internet" or other), the communication and messaging program, the interface management program, user data, - A socket for connecting a floppy disk drive and a CD-ROM to the device for adjustment and configuration,

- un système intégré de commutation de console (périphériques de dialogue homme-machine : le moniteur, le clavier et la souris) , - un système d'exploitation,- an integrated console switching system (human-machine dialogue peripherals: monitor, keyboard and mouse), - an operating system,

- un programme de navigation et de messagerie,- a navigation and messaging program,

- un programme interface de configuration et de paramétrage des différents paramètres nécessaires aux modes de communication.- an interface program for configuring and configuring the various parameters necessary for the communication modes.

- une interface parallèle pour impression de documents issus du réseau externe de communication ("internet" ou autre),- a parallel interface for printing documents from the external communication network ("internet" or other),

- les prises pour raccorder l'unité centrale du poste de travail, le moniteur, le clavier et la souris.- the sockets for connecting the central unit of the workstation, the monitor, the keyboard and the mouse.

- A titre d'exemple non limitatif, la connexion au réseau extérieur est réalisée dans la forme de réalisation par un logiciel de navigation et de messagerie supportés par une carte à processeur dont un port est relié à une interface réseau, RNIS, ADSL ou modem, et peut aussi être réalisée, dans des variantes, par tout système assurant la même fonction au sein du dispositif. - By way of nonlimiting example, the connection to the external network is carried out in the embodiment by navigation and messaging software supported by a processor card, one port of which is connected to a network, ISDN, ADSL or modem interface. , and can also be carried out, in variants, by any system ensuring the same function within the device.

Claims

REVENDICATIONS 1) Dispositif pour protéger les systèmes informatiques contre les intrusions ou malveillances issues d'un réseau de communication ouvert sur l'extérieur tel que celui nommé communément "internet", étant composé : 5 - d'une carte électronique à processeur (dite "carte mère") , d'une mémoire Ram de travail, d'une interface vidéo indépendante ou intégrée à la carte électronique suscitée, d'une interface de communication interne de type Ethernet 0 pour connexion éventuelle à un serveur spécialisé, d'une interface de communication externe de type modem et/ou1) Device for protecting computer systems against intrusion or malicious acts originating from a communication network open to the outside such as that commonly known as "internet", being composed of: 5 - an electronic card with processor (called "card") mother "), a working Ram memory, an independent video interface or integrated into the above-mentioned electronic card, an internal communication interface of Ethernet 0 type for possible connection to a specialized server, a modem and / or external communication RNIS et/ou ADSL pour connexion éventuelle directe, d'une unité de stockage de masse suffisante pour recevoir le système d'exploitation, le programme interface opérateur de ]_5 paramétrage, le programme de navigation sur le réseau de communication externe tel que "internet", le programme de communication et messagerie, le programme de gestion des interfaces, les données de l'utilisateur, d'une prise permettant de raccorder un lecteur de disquette 20 et un cédérom sur le dispositif pour réglage et paramétrage, d'un système intégré de commutation de console périphérique de dialogue homme-machine : tel que le moniteur, le clavier et la souris, d'un système d'exploitation, 25 - d'un programme de navigation et de messagerie, d'un programme interface de configuration et de paramétrage des différents paramètres nécessaires aux modes de communication. d'une interface parallèle pour impression de documents issus 30 du réseau externe de communication, des prises pour raccorder l'unité centrale du poste de travail, le moniteur, le clavier et la souris, fonctionnant par commutation physique de tout périphérique de dialogue opérateur avec le poste de travail, sur le système deISDN and / or ADSL for possible direct connection, a sufficient mass storage device to receive the operating system, the operator interface program] _5 setup, the navigation program on the external communication network such as "internet ", the communication and messaging program, the interface management program, the user data, a socket for connecting a floppy drive 20 and a CD-ROM on the device for adjustment and configuration, of a system integrated console switching device for human-machine dialogue: such as monitor, keyboard and mouse, an operating system, a navigation and messaging program, a configuration interface program and setting the various parameters necessary for the communication modes. a parallel interface for printing documents from the external communication network, sockets for connecting the central unit of the workstation, the monitor, the keyboard and the mouse, operating by physical switching of any operator dialogue device with the workstation, on the 35 communication externe du dispositif indépendant des réseaux de l'entreprise desservant les serveurs de données et d'applications ; l'utilisateur disposant alors d'une console de travail tel que écran, clavier et souris, pouvant être connectée à son poste de travail qui est sur le réseau de l'entreprise ou connectée sur le dispositif qui permet l'accès à "internet" et au système de messagerie tel que serveur entreprise "web" et messagerie ou connexion directe au fournisseur d'accès.35 external communication of the device independent of the company networks serving the data servers and applications; the user then having a work console such as screen, keyboard and mouse, which can be connected to his workstation which is on the corporate network or connected to the device which allows access to "internet" and to the messaging system such as corporate web server and messaging or direct connection to the access provider. 2) Dispositif selon la revendication 1 caractérisé en ce qu'il comporte un système d'exploitation sur technologie carte électronique à processeur avec utilitaire de configuration et de connexion au réseau extérieur de communication.2) Device according to claim 1 characterized in that it comprises an operating system on electronic card processor technology with configuration utility and connection to the external communication network. 3) Dispositif selon la revendication 1 caractérisé en ce qu'il comporte un système de commutation et adaptation rapide permettant de "basculer" une console ou un poste de travail du réseau local et/ou externe de l'entreprise, de l'organisme ou de la structure sur un réseau extérieur de communication tel que "internet".3) Device according to claim 1 characterized in that it comprises a switching and rapid adaptation system for "switching" a console or a workstation of the local and / or external network of the company, organization or of the structure on an external communication network such as "internet". 4) Dispositif selon la revendication 1 caractérisé en ce que ledit dispositif de commutation ne réalise les connexions au réseau de communication externe qu'uniquement par l'intermédiaire dudit système ; et conséquemment, le réseau de l'entreprise, de l'organisme ou de la structure est complètement indépendant physiquement du réseau de communication externe, et ainsi, aucun signal ou donnée extérieurs ne peuvent être mis en contact avec les bus adresses et données des systèmes internes locaux ou distants de l'entreprise, de l'organisme ou de la structure. 4) Device according to claim 1 characterized in that said switching device makes connections to the external communication network only through said system; and consequently, the network of the company, of the organization or of the structure is completely physically independent of the external communication network, and thus, no external signal or data can be put in contact with the address and data buses of the systems. internal or local internal of the company, organization or structure.
PCT/FR2001/002466 2000-07-27 2001-07-27 Device for protecting computer systems against intrusions and abuses derived from open communication networks Ceased WO2002011399A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU8598001A AU8598001A (en) 2000-07-27 2001-07-27 Device for protecting computer systems against intrusions and abuses derived from open communication networks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0009874A FR2812490B1 (en) 2000-07-27 2000-07-27 DEVICE FOR PROTECTING COMPUTER SYSTEMS AGAINST INTRUSIONS OR MALICIOUSNESS COMING FROM COMMUNICATION NETWORKS OPEN TO THE OUTSIDE
FR00/09874 2000-07-27

Publications (1)

Publication Number Publication Date
WO2002011399A1 true WO2002011399A1 (en) 2002-02-07

Family

ID=8852990

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2001/002466 Ceased WO2002011399A1 (en) 2000-07-27 2001-07-27 Device for protecting computer systems against intrusions and abuses derived from open communication networks

Country Status (3)

Country Link
AU (1) AU8598001A (en)
FR (1) FR2812490B1 (en)
WO (1) WO2002011399A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7080094B2 (en) 2002-10-29 2006-07-18 Lockheed Martin Corporation Hardware accelerated validating parser
US7146643B2 (en) 2002-10-29 2006-12-05 Lockheed Martin Corporation Intrusion detection accelerator
US7213265B2 (en) 2000-11-15 2007-05-01 Lockheed Martin Corporation Real time active network compartmentalization
US7225467B2 (en) 2000-11-15 2007-05-29 Lockheed Martin Corporation Active intrusion resistant environment of layered object and compartment keys (airelock)
US7469418B1 (en) 2002-10-01 2008-12-23 Mirage Networks, Inc. Deterring network incursion
US7506360B1 (en) 2002-10-01 2009-03-17 Mirage Networks, Inc. Tracking communication for determining device states
US8819285B1 (en) 2002-10-01 2014-08-26 Trustwave Holdings, Inc. System and method for managing network communications

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ELEKTRONIKNET: "Ein-Chip-Firewall: Der Sheriff kommt ins Haus", ELEKTRONIKNET TOP NEWS, 31 March 1999 (1999-03-31), Internet, XP002164257 *
NEWMAN D: "SECURITY", DATA COMMUNICATIONS, MCGRAW HILL. NEW YORK, US, vol. 28, no. 1, January 1999 (1999-01-01), pages 44 - 45, XP000790858, ISSN: 0363-6399 *
STELZER G: "DER SHERIFF PASST AUF FIREWALL-ON-A-CHIP SORGT FUER DATENSICHERHEIT", ELEKTRONIK, FRANZIS VERLAG GMBH. MUNCHEN, DE, vol. 48, no. 18, 7 September 1999 (1999-09-07), pages 80,82, XP000924136, ISSN: 0013-5658 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7213265B2 (en) 2000-11-15 2007-05-01 Lockheed Martin Corporation Real time active network compartmentalization
US7225467B2 (en) 2000-11-15 2007-05-29 Lockheed Martin Corporation Active intrusion resistant environment of layered object and compartment keys (airelock)
US7469418B1 (en) 2002-10-01 2008-12-23 Mirage Networks, Inc. Deterring network incursion
US7506360B1 (en) 2002-10-01 2009-03-17 Mirage Networks, Inc. Tracking communication for determining device states
US8260961B1 (en) 2002-10-01 2012-09-04 Trustwave Holdings, Inc. Logical / physical address state lifecycle management
US8819285B1 (en) 2002-10-01 2014-08-26 Trustwave Holdings, Inc. System and method for managing network communications
US9667589B2 (en) 2002-10-01 2017-05-30 Trustwave Holdings, Inc. Logical / physical address state lifecycle management
US7080094B2 (en) 2002-10-29 2006-07-18 Lockheed Martin Corporation Hardware accelerated validating parser
US7146643B2 (en) 2002-10-29 2006-12-05 Lockheed Martin Corporation Intrusion detection accelerator

Also Published As

Publication number Publication date
FR2812490A1 (en) 2002-02-01
AU8598001A (en) 2002-02-13
FR2812490B1 (en) 2003-01-17

Similar Documents

Publication Publication Date Title
US6941470B1 (en) Protected execution environments within a computer system
US5838916A (en) Systems and methods for executing application programs from a memory device linked to a server
US6691176B1 (en) Method for managing client services across browser pages
KR100307016B1 (en) Information handling system for allowing a generic web browser to access servers of a plurality of different protocol types
US6954778B2 (en) System and method for accessing directory service via an HTTP URL
US8412854B2 (en) Secure communication port redirector
US8146164B2 (en) Method and apparatus for thwarting spyware
WO2001052079A3 (en) Methods and apparatus for accessing shared data
US7873994B1 (en) Management of session timeouts in an SSL VPN gateway
WO1997039399A2 (en) Apparatus and method for electronic mail virus detection and elimination
WO1997012321A1 (en) Virus detection and removal apparatus for computer networks
US9026627B2 (en) Method and system for switching between remote console sessions
JP2006127498A (en) Stamping of antivirus manifest on document
WO2002011399A1 (en) Device for protecting computer systems against intrusions and abuses derived from open communication networks
US7246360B2 (en) Plug-in API for protocol and payload transformation
EP0853413A2 (en) Special purpose network server
US9077764B2 (en) Communications handles and proxy agents
WO1999048007A1 (en) A method and system for operating distributed hardware devices remotely on a network across different platforms
US7406457B2 (en) Dynamic sample data switch
US20060074979A1 (en) Static sample data switch
US20240031216A1 (en) Secure management of access to host device remote management functionality
US6754729B1 (en) Internally connected network interface cards for clustered processing
US20050234923A1 (en) Method and apparatus for translating a web services address
US20080046567A1 (en) Automatic detection and integration of network workloads
CN119071028A (en) Gateway-based Web application proxy method and device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP