System and method for the protection of computers and computer networks against cyber threats

摘要

Systems and methods for protecting against cyber threats are disclosed. The system includes an external network accessing layer (ENAL) and a core computing asset overlaid by the ENAL. The ENAL comprises at least one external network access cell (ENAC), wherein the at least one ENAC contains at least one communications port, one or more processors, working and storage memories and is configured to be connectable to an external network and to inspect data received from the external network. The core computing asset is overlaid by the ENAL and comprises at least one core computer configured to not be connected to the external network but to be capable of being connected to the ENAL. The core computing asset contains data and software that are to be protected from cyber threat.

主权项

1. A system for protection against cyber threats, the system comprising:
an external network accessing layer (ENAL) comprising an array of two or more external network access cells (ENACs) thereby creating a pool of available ENACs, wherein each ENAC comprises an array of ghost addresses, at least one communications port, one or more processors, and one or more working and storage memories, the ENAL is configured to:
receive a data transfer request from a core computing asset connected to the ENAL;select at least one ENAC from the pool of available ENACs in response to the data transfer request to service the data transfer request;sever the connection between the core computing asset and the ENAL in response to the selection and received data transfer request;establish a connection between the selected ENAC and an external network via the at least one communications port of the selected ENAC;service the data transfer request via the established connection;sever the established connection between the selected ENAC and the external network;receive and inspect data received from the external network in the selected ENAC memory and processor; cleanse the received data when infected; reject the data when infected but cannot be adequately cleansed,certify the data received from the external network as clean when it is inspected as clean, or cleansed when it is cleansed;re-establish connection from the ENAC to the ENAL, wherein the ENAL further comprises a protected clean data storage area and protected processor operable for preparation of data to be transferred to the core computing asset;re-establish the connection between the ENAL and the core computing asset;send the cleaned data to the core computing asset via the re-established connection in response to the inspection indicating the received data as being certified as preliminarily clean;empty the selected and used ENAC and re-inspect, cleanse, and certify the ENAC as clean;place the selected, used, and cleansed ENAC back into the pool of available ENACs in response to the selected ENAC being certified as clean; wherein the ENAL further comprises a protected area containing at least protected storage that is connectable to the at least one ENAC, the core computing asset and data that a user of the computing asset wishes to protect; the protected data storage area is configured to receive the data received from the ENACs after the data passed inspection at the at least one ENAC, or was cleansed in at least one ENAC processor and storage, and when the ENAC's communications with the external network is severed; wherein the selected at least one ENAC is designated exclusively for a special purpose connection to receive data requested from the external network based on the data transfer request from the core computing asset.