Efficient and secure user credential store for credentials enforcement using a firewall
First Claim
1. A system for a credentials store for credentials enforcement using a firewall, comprising:
- a processor of a network device configured to;
receive a bloom filter from an agent executed on an authentication server, wherein the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server, wherein one or more of the plurality of user credentials includes a username and a password;
store the bloom filter in a cache on the network device;
monitor network traffic at the network device to perform credentials enforcement using the bloom filter, wherein to monitor the network traffic comprises to monitor network communications between a client and an external site;
determine if the client sends a request that includes user credentials for authentication at the external site using the bloom filter; and
perform an action based on a security policy if a match is determined with one or more of the plurality of user credentials, wherein to perform the action comprises to perform the action in response to a determination that the client sent the request that includes the user credentials for authentication at the external site that match the one or more of the plurality of user credentials stored at the network device, wherein the action includes blocking the user from accessing the external site until a different user credential is created; and
a memory coupled to the processor and configured to provide the processor with instructions.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.
-
Citations
19 Claims
-
1. A system for a credentials store for credentials enforcement using a firewall, comprising:
-
a processor of a network device configured to; receive a bloom filter from an agent executed on an authentication server, wherein the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server, wherein one or more of the plurality of user credentials includes a username and a password; store the bloom filter in a cache on the network device; monitor network traffic at the network device to perform credentials enforcement using the bloom filter, wherein to monitor the network traffic comprises to monitor network communications between a client and an external site; determine if the client sends a request that includes user credentials for authentication at the external site using the bloom filter; and perform an action based on a security policy if a match is determined with one or more of the plurality of user credentials, wherein to perform the action comprises to perform the action in response to a determination that the client sent the request that includes the user credentials for authentication at the external site that match the one or more of the plurality of user credentials stored at the network device, wherein the action includes blocking the user from accessing the external site until a different user credential is created; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for a credentials store for credentials enforcement using a firewall, comprising:
-
receiving a bloom filter from an agent executed on an authentication server, wherein the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server, wherein one or more of the plurality of user credentials includes a username and a password; storing the bloom filter in a cache on a network device; monitoring network traffic at the network device to perform credentials enforcement using the bloom filter, wherein the network traffic comprises monitoring network communications between a client and an external site; determining if the client sends a request that includes user credentials for authentication at the external site using the bloom filter; and performing an action based on a security policy if a match is determined with one or more of the plurality of user credentials, wherein the performing of the action comprises performing the action in response to a determination that the client sent the request that includes the user credentials for authentication at the external site that match the one or more of the plurality of user credentials stored at the network device, wherein the action includes blocking the user from accessing the external site until a different user credential is created. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A computer program product for a credentials store for credentials enforcement using a firewall, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
receiving a bloom filter from an agent executed on an authentication server, wherein the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server, wherein one or more of the plurality of user credentials includes a username and a password; storing the bloom filter in a cache on a network device; monitoring network traffic at the network device to perform credentials enforcement using the bloom filter, wherein the network traffic comprises monitoring network communications between a client and an external site; determining if the client sends a request that includes user credentials for authentication at the external site using the bloom filter, and performing an action based on a security policy if a match is determined with one or more of the plurality of user credentials, wherein the performing of the action comprises performing the action in response to a determination that the client sent the request that includes the user credentials for authentication at the external site that match the one or more of the plurality of user credentials stored at the network device, wherein the action includes blocking the user from accessing the external site until a different user credential is created.
-
Specification