DNS based enforcement for confinement and detection of network malicious activities
Originating portfolio: ALU
Estimated expiration: 2029-Sep-10
Potentially relevant companies (5): Blackberry Limited, Dell Inc., F5 Networks, Inc., F-Secure Corporation, Juniper Networks Inc.
Products & technologies (1): Network:Firewall
Malicious network activities do not make use of the Domain Name System (DNS) protocol to reach remote targets outside a local network. This DNS-based enforcement system for confinement and detection of network malicious activities requires that every connection toward a resource located outside the local network is blocked by default by the local enforcement box, e.g. a firewall or a proxy. Outbound connections are allowed to leave the local network only when authorized directly by an entity called the DNS Gatekeeper.
1. A system for detection and confinement of network malicious activities originating from a local host on a local network to a remote host outside of said local network, comprising:
a local domain name system (DNS) server connected to said local network, configured to:
receive from said local host a request for an outbound connection to said remote host,
complete a DNS lookup to obtain an IP address of said remote host, and
generate a conformity indication when said request for said outbound connection refers to a legitimate connection;
a DNS policy repository configured to enable select requests from the local host to access specified remote resources without the DNS lookup;
a DNS gatekeeper to generate a connection authorization indication based on said conformity indication; and
a local enforcement unit connected between said local network and the remote host configured to block-establishment of said outbound connection by default, until it receives said connection authorization indication.
Interested in licensing a slice of this patent? Contact us to take the next step, or read about our method to understand the logistics.