Agentless Security of Virtual Machines Using a Network Interface Controller

摘要

An agentless intrusion detection and prevention digital processing system and environment, or virtual firewall is disclosed. The agentless, virtual firewall monitors and controls digital data communications between a digital communications network and one or more virtual digital processing machines. The virtual digital processing machines, or virtual machines (VMs), are operative on a host digital processor under the supervision of a hypervisor software module. The agentless, virtual firewall is implemented as part of a virtual switch filtering extension to an extensible virtual switch running in a kernel mode as part of the hypervisor software module.

主权项

1. A method of providing agentless intrusion detection and prevention in a digital processing environment, comprising:
providing one or more virtual digital processing machines operative on a host digital processor; providing a communications connection between said one or more virtual digital processing machines and a digital communications network; and providing an agentless, virtual firewall comprising instructions for performing functions comprising:
monitoring digital data communication between at least one of said virtual digital processing machines and said digital communications network using a virtual switch filtering extension of an extensible virtual switch of a hypervisor software module operative in a kernel mode on said host digital processor, said digital data communication comprising receipt of one or more digital data packages intended for said virtual digital processing machine, and said monitoring comprising comparing a portion of one of said received digital data packages with one or more predefined rules stored in a rules database, and if said digital data package is not in compliance with said predefined rules, preventing said digital data package from being delivered to said virtual digital processing machine.