US 9712556 B2 - Preventing Browser-originating Attacks - The Lens

Preventing Browser-originating Attacks

Published: Jul 18, 2017
Earliest Priority: Nov 19 2014
Family: 5
Cited Works: 1
Cited by: 0
Cites: 6
Additional Info: Full text

Abstract

A method and device for preventing a browser-originating attack in a local area network. A security device in the local area network intercepts a message from a first device in the local area network towards a second device in the local area network. The message requests connection between the first device and the second device. The security device prompts a user of the first device to approve the connection. In the event that the user approves the connection the first device is allowed to connect to the second device, and in the event that the user does not approve the connection the connection attempt is terminated.

Claims

A method of preventing a browser-originating attack in a local area network, the method comprising, at a security device in the local area network: (a) intercepting a message from a first device in the local area network towards a second device in the local area network, the message requesting connection between the first device and the second device; (b) prompting a user of the first device to approve the connection; (c) in the event that the user approves the connection, allowing the first device to connect to the second device; and (d) in the event that the user does not approve the connection, terminating the connection attempt;
wherein step (b) is performed after a determination has been made that the message requesting connection between the first device and the second device does originate from a known browser.
The method according to claim 1, further comprising, in the event that the first device is connected to the second device, terminating the connection after a predetermined time period has elapsed.
The method according to claim 1, further comprising determining that the user has approved the connection by receiving an input from the user at the security device.
The method according to claim 1, further comprising determining that the user has approved the connection by sending a query for user approval to the first device; and receiving from the first device a message confirming that the user approves the connection.
The method according to claim 4, wherein the query for user approval comprises any of: a request for a password known to the user and the security device; and a request to complete a non-automated task.
The method according to claim 1, further comprising determining that the user has approved the connection by sending a query for user approval to a third device; and receiving from the third device a message confirming that the user approves the connection.
The method according to claim 1, wherein the first device and the second device are located in separate subnetworks and the security device is located at a common gateway for both subnetworks.
The method according to claim 1, wherein the first device and the second device are located in separate Virtual Local Area Networks.
The method according to claim 1, wherein the first device and the second device are located in separate wireless networks and the security device serves both wireless networks.
The method according to claim 1, wherein the security device is located at a router serving the local area network.
The method according to claim 1, wherein step (b) is performed after having performed a step of checking addresses of at least one website used at the first device within a predetermined time period against a whitelist of trusted websites and determining that the address of the at least one website at the first device is not provisioned in the whitelist of trusted websites.
The method according to claim 1, wherein step (b) is performed after determining that an address bar of a browser at the first device does not contain a trusted address.
The method according to claim 1, wherein step (b) is performed after having determined that a browser at the first device has accessed a website within a prior predetermined time period.
A security device for use in a local area network, the security device comprising: a receiver configured to intercept a message from a first device in the local area network towards a second device in the local area network, the message requesting connection between the first device and the second device; a processor configured to determine whether a user of the first device approves the connection; the processor further configured to, in the event that the user approves the connection, allow the first device to connect to the second device; and the processor further configured to, in the event that the user does not approve the connection, terminate the connection attempt;
wherein determining whether a user of the first device approves the connection is performed after a determination has been made that the message requesting connection between the first device and the second device does originate from a known browser.
The security device according to claim 14, wherein the processor is further configured to, in the event that the first device is connected to the second device, terminate the connection after a predetermined time period has elapsed.
The security device according to claim 14, further comprising an input usable by the user to confirm that the user has approved the connection.
The security device according to claim 14, further comprising a transmitter configured to send a query for user approval to the first device; and the receiver is further configured to receive from the first device a message confirming that the user approves the connection.
The security device according to claim 17, wherein the transmitter is configured to send a query for user approval comprising any of: a request for a password known to the user and the security device; and a request to complete a non-automated task.
The security device according to claim 14, further comprising a transmitter configured to determine that the user has approved the connection by sending a query for user approval to a third device; and the receiver is further configured to receive from the third device a message confirming that the user approves the connection.
The security device according to claim 14, wherein the first device and the second device are located In separate subnetworks and the security device is located at a common gateway for both subnetworks.
The security device according to claim 14, wherein the first device and the second device are located in separate Virtual Local Area Networks.
The security device according to claim 14, wherein the first device and the second device are located in separate wireless networks and the security device serves both wireless networks.
The security device according to claim 14, wherein the security device is located at a router serving the local area network.
A non-transitory computer program, comprising instructions which, when executed on a processor, cause the processor to carry out a method of preventing a browser-originating attack in a local area network, the method comprising, at a security device in the local area network:
(a) intercepting a message from a first device in the local area network towards a second device in the local area network, the message requesting connection between the first device and the second device;

(b) prompting a user of the first device to approve the connection;

(c) in the event that the user approves the connection, allowing the first device to connect to the second device; and

(d) in the event that the. user does not approve the connection, terminating the connection attempt;

wherein step (b) is performed after a determination has been made that the message requesting connection between the first device and the second device does originate from a known browser.
A carrier containing the computer program of the claim 24, wherein the carrier is a non-transitory computer readable storage medium.