Robert B. Hoy - Sewell NJ, US Mark Fenkner - Marlton NJ, US Sean W. Farren - Newburyport MA, US
Assignee:
L-3 COMMUNICATIONS CORPORATION - New York NY
International Classification:
H04L 29/06
US Classification:
726 15
Abstract:
A host computer supports a virtual guest system running thereon. The host system has a firewall that prevents it from communicating directly with the Internet, except with predetermined trusted sites. The virtual guest runs on a hypervisor, and the virtual guest comprises primarily a browser program that is allowed to contact the Internet freely via an Internet access connection that is completely separate from the host computer connection, such as a dedicated network termination point with its specific Internet IP address, or by tunneling through the host machine architecture to reach the Internet without exposing the host system. The virtual guest system is separated and completely isolated by an internal firewall from the host, and the guest cannot access any of the resources of the host computer, except that the guest can initiate cut, copy and paste operations that reach the host, and the guest can also request print of documents. The host can transfer files to and from a virtual data storage area accessible by the guest by manual operator action. No other transfer of data except these user initiated actions is permitted.
Sandbox Based Internet Isolation In A Trusted Network
- New York NY, US Mark Fenkner - Marlton NJ, US Charles King - Plano TX, US Ismael Lopez - Bronx NY, US Peter Martz - Blenheim NJ, US
Assignee:
L3 Technologies, Inc. - New York NY
International Classification:
G06F 21/53 H04L 9/32 H04L 29/06 H04L 29/12
Abstract:
Methods and systems are disclosed for sandbox based internet isolation system in a trusted network. A networked computer system may include a trusted local area network (LAN) and at least one host computer system connected to the trusted LAN. The host computer system may include a host-based firewall, an operating system, a first memory space, and a second memory space. The host-based firewall may be configured to prevent unauthorized communication between the host computer system and one or more other devices on the trusted LAN. The second memory space may be configured to enable storage and/or operation of one or more applications and/or processes associated with a sandboxed computing environment. The host computer system may include a sandbox firewall that enforces a separation of the first and second memory spaces.
Sandbox Based Internet Isolation In An Untrusted Network
- New York NY, US Mark Fenkner - Marlton NJ, US Charles King - Plano TX, US Ismael Lopez - Bronx NY, US Peter Martz - Blenheim NJ, US
Assignee:
L3 Technologies, Inc. - New York NY
International Classification:
H04L 29/06 G06F 21/53 G06F 21/56
Abstract:
Methods and systems are disclosed for a sandbox based internet isolation in an untrusted network. A host computer system may include a host-based firewall, an operating system, a first memory space, and a second memory space. The host-based firewall may be configured to prevent unauthorized communication between the trusted host computer system and one or more other devices on an untrusted LAN and/or the Internet. The second memory space may be configured to enable storage and/or operation of one or more applications and/or processes associated with a sandboxed computing environment. The host computer system may include a sandbox firewall that enforces separation of the first and second memory spaces.
Internet Isolation For Avoiding Internet Security Threats
- New York NY, US Mark Fenkner - Marlton NJ, US Sean W. Farren - Newburyport MA, US
Assignee:
L3 Technologies, Inc. - New York NY
International Classification:
H04L 29/06 G06F 9/455 G06F 21/53
Abstract:
A host computer supports a virtual guest system running thereon. The host system has a firewall that prevents it from communicating directly with the Internet, except with predetermined trusted sites. The virtual guest runs on a hypervisor, and the virtual guest comprises primarily a browser program that is allowed to contact the Internet freely via an Internet access connection that is completely separate from the host computer connection, such as a dedicated network termination point with its specific Internet IP address, or by tunneling through the host machine architecture to reach the Internet without exposing the host system. The virtual guest system is separated and completely isolated by an internal firewall from the host, and the guest cannot access any of the resources of the host computer, except that the guest can initiate cut, copy and paste operations that reach the host, and the guest can also request print of documents. The host can transfer files to and from a virtual data storage area accessible by the guest by manual operator action. No other transfer of data except these user initiated actions is permitted.
Dec 2011 to 2000 Manager - Enterprise Network Security & Incident ResponseL-3 Communications Camden, NJ Aug 2008 to Dec 2011 Principal Network Security ArchitectComcast Cable Mount Laurel, NJ Jun 2006 to Aug 2008 Senior Data Center EngineerComcast Cable Mount Laurel, NJ Dec 2004 to Jun 2006 Senior IP Security EngineerNextiraOne LLC Mount Laurel, NJ Sep 2002 to Dec 2004 Lead Senior Analyst - Information SecurityNextiraOne LLC Marlton, NJ Mar 2001 to Sep 2002 IT Analyst Consultant - Network & Systems ArchitectureNextiraOne LLC Marlton, NJ Jun 2000 to Mar 2001 Network Analyst III - Wide Area NetworkingNextiraOne LLC Marlton, NJ Sep 1997 to Jun 2000 Senior Systems Analyst - Computing StandardsCatalink Direct Bristol, PA Oct 1995 to Sep 1997 IT ConsultantThe Computer Workshop Cherry Hill, NJ Feb 1995 to Oct 1995 Field Service Technician
Education:
Thomas Edison State College Trenton, NJ 2006 to 2008 BA in Computer ScienceBurlington County College Mount Laurel, NJ 2001 to 2004 Computer ScienceRutgers University Camden, NJ 1990 to 1992 Computer Science