Enforcement of compliance with network security policies
First Claim
1. A computer-implemented method for enforcing a set of security policies associated with a protected network, the method comprising the steps of:
- receiving a request for a network address from a client;
determining whether the client is in compliance with the set of security policies; and
responsive to the client'"'"'s being in compliance with the set of security policies, assigning the client a logical address on the protected network.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparati, and computer program products enforce computer network security policies by assigning network membership to a client (105) based on the client'"'"'s compliance with the security policies. When a client (105) requests (305) a network address, the DHCP proxy (110) intercepts the request and assigns (350) that client (105) a logical address on the protected network (140) if the client (105) is in compliance with the security policies. If the client (105) is not in compliance with the security policies, in various embodiments, the DHCP proxy (110) assigns (350) the client (105) an address on a restricted network (145) or no network address at all.
244 Citations
38 Claims
-
1. A computer-implemented method for enforcing a set of security policies associated with a protected network, the method comprising the steps of:
-
receiving a request for a network address from a client;
determining whether the client is in compliance with the set of security policies; and
responsive to the client'"'"'s being in compliance with the set of security policies, assigning the client a logical address on the protected network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for enforcing a set of security policies associated with a protected network, the method comprising the steps of:
-
receiving compliance data indicating whether a client is in compliance with the set of security policies;
storing the compliance data for later access;
responsive to a DHCP request for an IP address from the client, retrieving the compliance data related to the client; and
responsive to the retrieved compliance data'"'"'s indicating that the client is in compliance with the set of security policies, assigning the client a logical address on the protected network. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product comprising a computer-readable medium containing computer program code for enforcing a set of security policies associated with a protected network, the computer program code comprising instructions for performing the steps of:
-
receiving a request for a network address from a client;
determining whether the client is in compliance with the set of security policies; and
responsive to the client'"'"'s being in compliance with the set of security policies, assigning the client a logical address on the protected network. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A computer program product comprising a computer-readable medium containing computer program code for enforcing a set of security policies associated with a protected network, the computer program code comprising instructions for performing the steps of:
-
receiving compliance data indicating whether a client is in compliance with the set of security policies;
storing the compliance data for later access;
responsive to a DHCP request for an IP address from the client, retrieving the compliance data related to the client; and
responsive to the retrieved compliance data'"'"'s indicating that the client is in compliance with the set of security policies, assigning the client a logical address on the protected network. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A DHCP proxy device for enforcing a set of security policies associated with a protected network, the proxy device comprising:
-
a DHCP request interface module configured to receive a DHCP request for an IP address from a client; and
a client compliance module coupled to the DHCP request interface module, the client compliance module configured to retrieve, responsive to the DHCP request, compliance data, the compliance data indicating whether the client is in compliance with the set of security policies;
wherein, responsive to the retrieved compliance data'"'"'s indicating that the client is in compliance with the set of security policies, the DHCP request interface module assigns the client a logical address on the protected network. - View Dependent Claims (30, 31, 32, 33, 34)
-
-
35. A system comprising:
-
a protected network having associated therewith a set of security policies;
a compliance registration manager for storing compliance data associated with a plurality of clients, the compliance data for each client indicating whether the client is in compliance with the set of security policies; and
a DHCP proxy coupled to the compliance registration manager for retrieving compliance data therefrom, the DHCP proxy further coupled to the protected network, the DHCP proxy configured to intercept a DHCP request for an IP address from a particular client, and further configured to assign that client a logical address on the protected network upon the condition that the client is in compliance with the security policies. - View Dependent Claims (36, 37, 38)
-
Specification