WO2001006726A3 - Secure network switch - Google Patents

Secure network switch Download PDF

Info

Publication number
WO2001006726A3
WO2001006726A3 PCT/US2000/018988 US0018988W WO0106726A3 WO 2001006726 A3 WO2001006726 A3 WO 2001006726A3 US 0018988 W US0018988 W US 0018988W WO 0106726 A3 WO0106726 A3 WO 0106726A3
Authority
WO
WIPO (PCT)
Prior art keywords
port
network
filters
packet
access rules
Prior art date
Application number
PCT/US2000/018988
Other languages
French (fr)
Other versions
WO2001006726A2 (en
Inventor
John Johnson
Ken Okin
William Raduchel
Original Assignee
Sun Microsystems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Microsystems Inc filed Critical Sun Microsystems Inc
Priority to KR1020027000163A priority Critical patent/KR20020027471A/en
Priority to AU60904/00A priority patent/AU6090400A/en
Priority to JP2001511049A priority patent/JP2003505934A/en
Priority to EP00947264A priority patent/EP1219075A2/en
Publication of WO2001006726A2 publication Critical patent/WO2001006726A2/en
Publication of WO2001006726A3 publication Critical patent/WO2001006726A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/351Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric

Abstract

A secure network having means for controlling the flow of packets within the network. In one embodiment, the network includes a plurality of network devices coupled together at a LAN switch. Each network device is physically connected to a port of the LAN. Each port has a packet filter which receives at least a portion of a packet arriving at the port and determines whether the packet is authorized to pass through the port and be routed to a destination address. The filters may use pattern matching or other techniques for determining whether packets satisfy applicable access rules. The access rules are determined by a system administrator and downloaded to the LAN switch for implementation by the filters. Each filter may implement a different set of access rules and the filters may be used by the administrator to set access levels for selected network devices or to isolate particular devices.
PCT/US2000/018988 1999-07-15 2000-07-12 Secure network switch WO2001006726A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
KR1020027000163A KR20020027471A (en) 1999-07-15 2000-07-12 Secure network switch
AU60904/00A AU6090400A (en) 1999-07-15 2000-07-12 Secure network switch
JP2001511049A JP2003505934A (en) 1999-07-15 2000-07-12 Secure network switch
EP00947264A EP1219075A2 (en) 1999-07-15 2000-07-12 Secure network switch

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US35429499A 1999-07-15 1999-07-15
US09/354,294 1999-07-15

Publications (2)

Publication Number Publication Date
WO2001006726A2 WO2001006726A2 (en) 2001-01-25
WO2001006726A3 true WO2001006726A3 (en) 2002-04-25

Family

ID=23392666

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/018988 WO2001006726A2 (en) 1999-07-15 2000-07-12 Secure network switch

Country Status (5)

Country Link
EP (1) EP1219075A2 (en)
JP (1) JP2003505934A (en)
KR (1) KR20020027471A (en)
AU (1) AU6090400A (en)
WO (1) WO2001006726A2 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AUPR435501A0 (en) * 2001-04-11 2001-05-17 Firebridge Systems Pty Ltd Network security system
GB0113902D0 (en) * 2001-06-07 2001-08-01 Nokia Corp Security in area networks
JP2003087297A (en) * 2001-09-13 2003-03-20 Toshiba Corp Device and method for transferring packet
AU2003227123B2 (en) * 2002-05-01 2007-01-25 Firebridge Systems Pty Ltd Firewall with stateful inspection
AUPS214802A0 (en) 2002-05-01 2002-06-06 Firebridge Systems Pty Ltd Firewall with stateful inspection
TWI244297B (en) * 2002-06-12 2005-11-21 Thomson Licensing Sa Apparatus and method adapted to communicate via a network
US7346057B2 (en) * 2002-07-31 2008-03-18 Cisco Technology, Inc. Method and apparatus for inter-layer binding inspection to prevent spoofing
JP3840211B2 (en) * 2003-08-20 2006-11-01 株式会社東芝 COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL SYSTEM, COMMUNICATION CONTROL METHOD, AND COMMUNICATION CONTROL PROGRAM
US7613195B2 (en) * 2003-10-27 2009-11-03 Telefonaktiebolaget L M Ericsson (Publ) Method and system for managing computer networks
US20070237088A1 (en) * 2006-04-05 2007-10-11 Honeywell International. Inc Apparatus and method for providing network security
JP6246036B2 (en) * 2014-03-19 2017-12-13 三菱電機株式会社 Relay device
KR101922642B1 (en) 2018-06-29 2019-02-20 주식회사 트루네트웍스 Network Dual Switching Device
KR102234418B1 (en) * 2019-11-08 2021-03-31 한화시스템 주식회사 Network apparatus

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4899333A (en) * 1988-03-31 1990-02-06 American Telephone And Telegraph Company At&T Bell Laboratories Architecture of the control of a high performance packet switching distribution network
US5559883A (en) * 1993-08-19 1996-09-24 Chipcom Corporation Method and apparatus for secure data packet bus communication
US5568613A (en) * 1992-09-03 1996-10-22 Ungermann-Bass, Inc. Dataframe bridge filter with communication node recordkeeping
US5790554A (en) * 1995-10-04 1998-08-04 Bay Networks, Inc. Method and apparatus for processing data packets in a network
US5835726A (en) * 1993-12-15 1998-11-10 Check Point Software Technologies Ltd. System for securing the flow of and selectively modifying packets in a computer network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4899333A (en) * 1988-03-31 1990-02-06 American Telephone And Telegraph Company At&T Bell Laboratories Architecture of the control of a high performance packet switching distribution network
US5568613A (en) * 1992-09-03 1996-10-22 Ungermann-Bass, Inc. Dataframe bridge filter with communication node recordkeeping
US5559883A (en) * 1993-08-19 1996-09-24 Chipcom Corporation Method and apparatus for secure data packet bus communication
US5835726A (en) * 1993-12-15 1998-11-10 Check Point Software Technologies Ltd. System for securing the flow of and selectively modifying packets in a computer network
US5790554A (en) * 1995-10-04 1998-08-04 Bay Networks, Inc. Method and apparatus for processing data packets in a network

Also Published As

Publication number Publication date
KR20020027471A (en) 2002-04-13
AU6090400A (en) 2001-02-05
EP1219075A2 (en) 2002-07-03
WO2001006726A2 (en) 2001-01-25
JP2003505934A (en) 2003-02-12

Similar Documents

Publication Publication Date Title
WO2001006726A3 (en) Secure network switch
US8181240B2 (en) Method and apparatus for preventing DOS attacks on trunk interfaces
WO2005017661A3 (en) Methods and apparatus for trunking in fibre channel arbitrated loop systems
WO2003039072A3 (en) Ethernet switch and system
WO2002003653A3 (en) Packet data communications
WO2001063838A3 (en) System and method for flow mirroring in a network switch
DE60212626D1 (en) FINAL NODE DISTRIBUTION BY LOCAL IDENTIFIERS
DE69923034D1 (en) Mobile communication system for providing an IP packet communication service and device for routing IP packets
WO2001090843A3 (en) A network device for supporting multiple upper layer network protocols over a single network connection
WO2002057935A8 (en) Method and device for monitoring data traffic and preventing unauthorized access to a network
AU2002314845A1 (en) System and method for topology constrained routing policy provisioning
EP1206077A3 (en) Linked network switch configuration
WO2001024480A3 (en) Digital subscriber line/home phoneline network router
WO2000011888A3 (en) Telecommunication network with variable address learning, switching and routing
EP0841832A3 (en) Promiscuous network monitoring utilizing multicasting within a switch
WO2005008406A3 (en) Methods and apparatus for device zoning in fibre channel arbitrated loop systems
AU9506698A (en) Network interconnect device and protocol for communicating data among packet forwarding devices
GB2358761B (en) Multi-port network communication device with selective mac address filtering
EP0910195A3 (en) A network communication device including bonded ports for increased bandwidth
EP1335534A3 (en) Data handling device
CA2318413A1 (en) Virtual local area network with multicast protection
WO2005018175A3 (en) Method and apparatus for adaptive flow-based routing in multi-stage data networks
EP0891061A3 (en) Method and system for link level server/switch trunking
EP0993152A3 (en) Switching device with multistage queuing scheme
WO2002084916A3 (en) Network security system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 1020027000163

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 2000947264

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020027000163

Country of ref document: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 2000947264

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2000947264

Country of ref document: EP