Network protection software and method
First Claim
3-1. The method of claim 1, wherein the step of verifying that the machine meets certain criteria includes verifying that the machine is using a valid operating system at the appropriate patch levels.
0 Assignments
0 Petitions
Accused Products
Abstract
A software-based system allows immediate isolation of all IP traffic until a newly added machine has been qualified. In the preferred embodiment, this verification is carried out using a variety of mechanisms, optionally including a local agent, vulnerability scanning, and system fingerprinting. Any newly attached machine requesting an IP address is quarantined into a restricted address space until an authorization server validates that it is running a valid operating system at the appropriate patch levels, is not actively scanning or transmitting malicious data, has the proper virus software and engine, and is not vulnerable on known Trojan ports.
11 Citations
11 Claims
-
3-1. The method of claim 1, wherein the step of verifying that the machine meets certain criteria includes verifying that the machine is using a valid operating system at the appropriate patch levels.
-
6. A system for protecting a network against a newly added machine, comprising:
-
a Dynamic Host Configuration Protocol (DHCP) administrator operative to perform the following functions;
assign a temporary IP address to a machine added to a network;
verify that the machine meets certain criteria; and
, if it does, assign the machine a non-temporary IP address. - View Dependent Claims (7, 8, 9, 10, 11)
-
Specification