| 发明名称 | Industrial network security | ||
| 摘要 | A private overlay network is introduced into an existing core network infrastructure to control information flow between private secure environments. Such a scheme can be used to connect a factory automation network linking operations devices to a corporate network linking various business units, with enhanced network security. Such a connection can be facilitated by introducing into the existing infrastructure a set of industrial security appliances (ISAs) that work together to create an encrypted tunnel between the two networks. The set of ISAs can be scalable to overlay differently sized core networks, to create the private overlay network. Connections to the private overlay network can be managed by the ISAs in a distributed fashion, implementing a peer-to-peer dynamic mesh policy. The industrial security system disclosed may be particularly advantageous in environments such as public utility systems, medical facilities, and energy delivery systems. | ||
| 申请公布号 | US9344403(B2) | 申请公布日期 | 2016.05.17 |
| 申请号 | US201414204907 | 申请日期 | 2014.03.11 |
| 申请人 | Tempered Networks, Inc. | 发明人 | Mattes David;Fuchs Ludwin;Artzt Eric |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Lowe Graham Jones PLLC | 代理人 | Branch John W.;Lowe Graham Jones PLLC |
| 主权项 | 1. A network security system that provides secure communication paths for one or more operations devices linked to a business network, the system comprising: a management platform selectively communicatively coupled to the business network; one or more processor-based security appliances selectively coupled between the one or more operations devices and the business network; a virtual private overlay network, selectively communicatively coupling the one or more operations devices to one another and to the one or more processor-based security appliances, wherein each dynamic host configuration protocol (DHCP) request by the one or more operations devices to a DHCP server are replied to by the one or more processor-based security appliances that provide a corresponding DHCP response instead of the DHCP server; a policy that configures the virtual private overlay network as a mesh network, wherein segments of the virtual private overlay network are dynamically disabled or enabled by the management platform in response to one or more selections in the policy made by a user; and a non-transitory processor-readable storage medium containing instructions that cause the one or more processor-based security appliances to configure itself so as to monitor and control data traffic and connectivity relationships between the one or more operations devices and the business network. | ||
| 地址 | Seattle WA US | ||