The invention relates generally to securing networked electronic systems including computers (servers, desktops, laptops, tablet computers, e-readers, or other computer embodiments), mainframe computers, network storage devices, routers, smart phones, cellular phones, phone systems with IP addresses, game devices, servers, telecommunications hubs/devices, Bluetooth devices and other electronic devices that use an operating system that are networked, frequently or infrequently and may be subject to software updates and upgrades. The system to be protected is one that is connected, frequently or infrequently, to a network during its operation. The protection is designed to prevent the installation of malicious software (e.g., viruses, worms, and Trojans) onto the system while it is connected to one or more cloud networks including an intranet, the Internet, a broadband wireless network, a secure network, a VOIP network, a local network, a Bluetooth or other network connection. The term “system”, as used in this disclosure, refers to either a computer (servers, desktop, laptop, tablet computers, e-readers, or other computer embodiments), a mainframe computer, a router, a telecommunications hub/device, a server, a network storage device, a smart phone, a cellular phone, a game device, a Bluetooth device, or any other electronic device that uses an operating system that connects to a network including an intranet, the Internet, a broadband wireless network, a secure network, a VOIP network, a local network, a Bluetooth or any other network embodiment.
Hackers must gain access to the administrator permissions files of a computerized device in order to install viruses, Trojans, worms or other malicious software. They do this using a huge number of means to gain access. Closing the many access vulnerabilities to a system from remote hackers is the basis of the many Internet security services that install and frequently update antivirus software on systems. Unfortunately, no antivirus software to date has been one hundred percent successful at preventing systems from being hacked. Hackers are constantly finding new ways to hack a system. In each case they eventually gain control of the administrator permissions files of a system and successfully install their malicious software.
The invention provides enhanced security by removing the read, write and execute administrator permission files of a system's operating system (OS) and placing them in a separate, protected server in the cloud (intranet, internet or secured private network). When this is done the secure cloud server must record the system's unique ID(s). These ID(s) can be the system's IP address, MAC number, or any other unique hardware ID and a combination of one or more software ID(s) like the unique license of the system's operating system (OS). It can include one or more application licenses of previously installed software. It is important that one of the system's IDs be a unique hardware ID and any other ID(s) that may be additionally used be legal licensed software (i.e., software licensed specifically for the system to be protected) that has been previously installed. Optionally, these files can also be encrypted and stored on a server whose encryption keys are known only to the organization responsible for storing the files on a secure cloud server. After relocation of the authorized administrator's permissions files has been completed, a strong password is requested from the authorized administrator. Additional information including information designed to recover lost or forgotten passwords may also be collected depending on the type of system being secured. This information is retained in the cloud server and should be backed up on one or more off site secure servers to meet disaster recovery requirements. Once the removal process has been completed the network path to the secure cloud server storing the protected system's data is encrypted and recorded on the protected system. This path change replaces the former local path in the individual computer or system to those administrator permissions files. The result of these changes to the OS on a protected system makes hacking that system from a network virtually impossible. This means it is now impossible to install viruses, Trojans, worms or other malicious software on a protected system. It also means that antivirus software is no longer required.
Computers, servers, tablet computers, e-readers, cellular telephones, smart phones, phone systems with an IP address, telecommunications hubs/devices, network storage devices, mainframe computers, networked game devices and other electronic devices that are networked, even for brief periods of time, are currently subject to be hacked while connected to a Cloud network environment (e.g., to enable software updates and upgrades). A hacker can gain access to the read, write and execute administrator permissions files and becomes the new administrator of the hacked system by employing a variety of methods. Once control of the system's OS has been accomplished, the hacker can install a virus, Trojan (malware that masquerades as a legitimate file or helpful program with the purpose of granting a hacker unauthorized access to a computer), worm (a standalone malware computer program that replicates itself in order to spread to other computers) or other malicious software that can perform unauthorized activities including copying, changing and/or transmitting data files, installing key logging/monitoring software, deleting files and launching denial of service (DOS) attacks on other systems.
When new software, software updates, or changes to critical protected files is required, the authorized administrator must first gain access to the system to be updated. The authorized administrator enters the correct password to establish the network connection from the system to be updated to the secure server in the cloud that contains that system's critical administrator permissions files and systems ID(s). After the correct password has been entered and system ID(s) have been determined from the system connected to the server, the cloud server examines the system to be updated and compares the system's ID and/or other unique system identifiers with the data previously stored in the server. If there is an incorrect match, no software installs or updates can take place. When the password and system ID(s) match, normal installation of software can proceed. The new software to be installed can now be downloaded from a known, trusted and authenticated source or it can be installed from a local source like a USB drive or other data storage media. To further enhance security it is recommended that all network traffic between remote servers used to store administrator permissions files and the system to be protected be encrypted. Keys to encrypt decrypt and transmit critical system and administrator data stored on the secure cloud servers should be changed frequently by the cloud secure server administrator to provide additional protection.