Method and apparatus for monitoring computer network security enforcement
First Claim
1. A method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network, the method comprising:
- detecting whether the network component has one of violated, modified or circumvented the security enforcement provision of the computer network; and
if the detection is positive, acting on the network component in a manner in which the computer network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are disclosed for monitoring activity of a user on a network component, such as an end user computer, in a virtual private network for adherence to a security enforcement provision or policy utilized in the virtual private network. A method of determining whether a security provision in a computer network has been violated is described. It is determined whether the network component has violated, modified or circumvented a security enforcement provision of the computer network. If the detection is affirmative, the network component, such as an end user system, is modified in a manner in which the computer network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision. If instructed to do so, a third party operating the virtual private network is notified of the violation and access to the network by the network component is restricted or terminated. A security enforcement distributed system consists of an agent module on the end user computer and a collector module for receiving data from the agent on a security server computer coupled to a data repository. Also on the security serer are a policy inspector for checking compliance with a security provision and a notifier and access control module for informing the network operator of a violation and restricting access by the end user system to the security server.
-
Citations
17 Claims
-
1. A method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network, the method comprising:
-
detecting whether the network component has one of violated, modified or circumvented the security enforcement provision of the computer network; and
if the detection is positive, acting on the network component in a manner in which the computer network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision.
-
-
2. A method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network, the method comprising:
-
detecting whether the network component has one of violated, modified or circumvented the security enforcement provision of the computer network;
detecting whether an enforcement provision monitoring module has been one of violated, modified or circumvented; and
if either detection is positive, acting on the network component in a manner in which the computer network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
9. A method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network, the method comprising:
-
detecting whether the network component has one of violated, modified or circumvented the security enforcement provision of the computer network by comparing a profile record of the network component to a rule set defining a security policy;
detecting whether an enforcement provision monitoring module on the network component has been one of violated, modified or circumvented;
if either detection is positive, acting on the network component in a manner in which the network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision; and
notifying an operator of the computer network of the positive detection. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network, the method comprising:
-
gathering network component data related to the network component and storing the data in a profile record;
detecting whether the network component has one of violated, modified or circumvented the security enforcement provision of the network by comparing the profile record to a rule set defining a security policy;
detecting whether an enforcement provision monitoring module has been one of violated, modified or circumvented;
if either detection is positive, acting on the component in a manner in which the network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision; and
notifying an operator of the network of the positive detection.
-
-
15. A system for monitoring abidance by a network security provision present in a network, the system comprising:
-
an agent module residing on an end user system;
a security server containing a plurality of components for collecting and inspecting data;
a security database containing end user system data and security rule data, wherein the security server and the security database are in communication; and
a notification module on the security server capable of notifying a third party of a security violation.
-
-
16. A system for monitoring abidance by a network security provision present in a network, the system comprising:
-
an agent module residing on an end user system;
a security server containing a plurality of components for collecting and inspecting data;
a security database containing end user system data and security rule data, wherein the security server and the security database are in communication; and
a virtual private network through which data is transmitted between the end user system and the security server.
-
-
17. A system for monitoring security activity in a computer network comprising:
-
an agent module having a data collection component and a server session control component;
a collector module having a session control listener and a preprocessor;
a policy inspector having a host information validation module and a new user set up module;
a notifier module having an exception log processor; and
an access control module for processing access control requests.
-
Specification