Computing networks can include multiple network devices such as routers, switches, hubs, servers, desktop PCs, laptops, workstations, and peripheral devices, e.g., printers, facsimile devices, and scanners, networked together across a local area network (LAN) and/or wide area network (WAN).
One advantage realized by networks is the ability to share network resources among dispersed clients. For example, networks can include checking functionalities (CF) such as an intrusion system (IS), e.g., intrusion prevention system (IPS) and/or intrusion detection system (IDS) that serve to detect unwanted intrusions/activities to the computer network, as well as remediation servers that store operating system patches, virus definitions, etc. Unwanted network intrusions/activities may take the form of attacks through computer viruses and/or hackers, misconfigured devices among others, trying to access the network. To this end, an IS can identify different types of suspicious network traffic and network device usage that can not be detected by a conventional firewall. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, denial of service attacks, port scans, unauthorized logins and access to sensitive files, viruses, Trojan horses, and worms, among others.
Previous approaches may have focused on a single CF, which may be local to a particular switch. Limited information may have been available regarding remote CFs and/or multiple CFs. For instance, in some networking applications, if a particular CF is too busy to process additional traffic, e.g., packets, and/or if a network path to a particular CF is congested, then the additional traffic may be dropped, e.g., by a destination switch associated with the particular CF. To a client, such network behavior may appear as though the additional traffic was dropped due network security violations or violations of other packet checking rules.