发明名称 |
Destination address control to limit unauthorized communications |
摘要 |
Systems and methods for protecting a network including preventing data traffic from exiting the network unless a domain name request has been performed by a device attempting to transmit the data traffic. In an embodiment, a device within the protected network attempting to send data outside the protected network requests an address for a destination outside the protected network from a domain name server (DNS). In response, the DNS provides an address of the destination to the device and a gateway. In response to receiving the address, the gateway temporarily allows access to the address. In an embodiment, a DNS is coupled to a protected network and the gateway, the DNS provides an external address to a device in response to a request; and a mapping to the gateway; the gateway, coupled to a protected network and an external network, allows traffic according to the mapping. |
申请公布号 |
US9237027(B2) |
申请公布日期 |
2016.01.12 |
申请号 |
US201313828546 |
申请日期 |
2013.03.14 |
申请人 |
Raytheon BBN Technologies Corp. |
发明人 |
Ellard Daniel Joseph;Jackson Alden Warren;Jones Christine Elaine;Karlin Josh Forrest;Manfredi Victoria Ursula;Mankins David Patrick;Strayer William Timothy |
分类号 |
G06F15/16;G06F15/173;H04L12/24 |
主分类号 |
G06F15/16 |
代理机构 |
Schwegman Lundberg & Woessner, P.A. |
代理人 |
Schwegman Lundberg & Woessner, P.A. |
主权项 |
1. A method for protecting a network, the method comprising:
blocking devices within the network, at a gateway, from accessing an external network; receiving, at a name server, a request from a device in the network for an address of a domain in the external network; creating an exception at the gateway, the exception allowing the device to access the address of the domain in the external network; and providing the client device with the address of the domain in response to the request. |
地址 |
Cambridge MA US |