-
公开(公告)号:DE10052311B4
公开(公告)日:2006-10-26
申请号:DE10052311
申请日:2000-10-21
Applicant: IBM
Inventor: GENTY DENISE MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , SHIEH JOHNNY MENG-HAN , UNNIKRISHNAN RAMACHANDRAN
Abstract: Disclosed is a system and method for enhancing the security and reliability of virtual private network (VPN) connections by manually exchanging secondary configuration information. If a compromise is detected on a main VPN tunnel, a new VPN tunnel can be created by the system administrators using the secondary configuration, stymieing attempted security violations and providing nearly continuous service to the users. A compromise may be indicative of a security breach or other problem with the VPN. The main VPN tunnel may be abandoned or fed with false data to confuse would-be intruders if the compromise is a security compromise.
-
Patent Agency Ranking
公开(公告)号:CA2312460C
公开(公告)日:2006-11-28
申请号:CA2312460
申请日:2000-06-20
Applicant: IBM
Inventor: UNNIKRISHNAN RAMACHANDRAN , GENTY DENISE MARIE , SHIEH JOHNNY MENG-HAN , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK
Abstract: A method and system for an algorithm-based network snoop avoider is provided . A first data processing system and a second data processing system communicate on a physical network by transmitting data packets on the network using a virtual private network (VPN). Data packets are transmitted through a first VPN tunnel between the first data processing system with a first network address terminating a first end of the VPN tunnel and the second dat a processing system with a second network address terminating a second end of the first VPN tunnel. The VPN is automatically reconfigured to use alternate addresses on the network for the tunnel endpoints by automatically determining, in accordance with a predetermined algorithm, a third network address and a fourth network address and by automatically assigning the thir d network address to the first data processing system and the fourth network address to the secon d data processing system. Data packets may then be transmitted through a second VPN tunnel in which a first end of the second VPN tunnel is terminated by the first data processing system using the third network address and a second end of the second VPN tunnel is terminated by t he second data processing system using the fourth network address. The data packets may be transmitted using InternetProtocol (IP), and a portion of the network may include the Internet .
-
公开(公告)号:DE10052312B4
公开(公告)日:2006-10-26
申请号:DE10052312
申请日:2000-10-21
Applicant: IBM
Inventor: GENTY DENISE MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , SHIEH JOHNNY MENG-HAN , UNNIKRISHNAN RAMACHANDRAN
Abstract: Disclosed is a system and method for enhancing the security of virtual private network (VPN) connections by automatic pre-negotiation of a secondary configuration. If snooping or other security breaches are detected, the VPN tunnel is modified automatically to the secondary pre-arranged configuration, stymieing attempted security violations.
-
公开(公告)号:DE10052312A1
公开(公告)日:2001-11-08
申请号:DE10052312
申请日:2000-10-21
Applicant: IBM
Inventor: GENTY DENISE MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , SHIEH JOHNNY MENG-HAN , UNNIKRISHNAN RAMACHANDRAN
Abstract: Virtual private network system which can be changed as required. Such a requirement would be if unauthorized access or other security violations are detected. The network is then automatically changed to a second configuration to frustrate such attempted security violations. The invention uses tunnel network configurations and has the ability to change configurations. An Independent claim is made for a method for using tunnel network configurations with virtual private networks to increase security.
-
公开(公告)号:DE10052311A1
公开(公告)日:2001-05-23
申请号:DE10052311
申请日:2000-10-21
Applicant: IBM
Inventor: GENTY DENISE MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , SHIEH JOHNNY MENG-HAN , UNNIKRISHNAN RAMACHANDRAN
Abstract: Two batches of tunnel configuration data and back-up configuration data are assigned to respective tunnel nodes with administrators. The administrators output commands to respective nodes, for communicating through a tunnel network connected between the tunnel nodes. Independent claims are also included for the following: (a) Communication method in virtual private network system; (b) Recording medium with computer program for implementing private network.
-
公开(公告)号:CA2312460A1
公开(公告)日:2001-02-26
申请号:CA2312460
申请日:2000-06-20
Applicant: IBM
Inventor: GENTY DENISE MARIE , SHIEH JOHNNY MENG-HAN , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , UNNIKRISHNAN RAMACHANDRAN
Abstract: A method and system for an algorithm-based network snoop avoider is provided . A first data processing system and a second data processing system communicate on a physical network by transmitting data packets on the network using a virtual private network (VPN). Data packets are transmitted through a first VPN tunnel between the first data processing system with a first network address terminating a first end of the VPN tunnel and the second dat a processing system with a second network address terminating a second end of the first VPN tunnel. The VPN is automatically reconfigured to use alternate addresses on the network for the tunnel endpoints by automatically determining, in accordance with a predetermined algorithm, a third network address and a fourth network address and by automatically assigning the thir d network address to the first data processing system and the fourth network address to the secon d data processing system. Data packets may then be transmitted through a second VPN tunnel in which a first end of the second VPN tunnel is terminated by the first data processing system using the third network address and a second end of the second VPN tunnel is terminated by t he second data processing system using the fourth network address. The data packets may be transmitted using Internet Protocol (IP), and a portion of the network may include the Interne t.
-
-
-
-
-
Search Results
6
records
(took 0.032 seconds)
