Thin client end system for virtual private network
First Claim
1. A method for reducing the vulnerability of an enterprise network to a malicious code attack from a virtual private network (VPN) capable end system, comprising:
- denying network access to a VPN capable end system before a user on the end system becomes authenticated;
permitting network access by the end system solely on at least one VPN connection to an enterprise network once the user on the end system becomes authenticated; and
permitting write access to the end system solely to at least one temporary memory while the VPN connection is active.
0 Assignments
0 Petitions
Accused Products
Abstract
A thin client VPN capable end system reduces the vulnerability of corporate networks to malicious code introduced by remote workers. The end system is denied network connectivity except for conducting VPN sessions. The end system is made virtually impervious to permanent infection by directing all data writes during VPN sessions to a temporary memory that is purged at the end of the session. Thus, the end system cannot acquire malicious code in personal sessions and the corporate network administrator can eradicate any malicious code acquired by the end system in a VPN session by shutting down the VPN and cleaning up the corporate network.
57 Citations
28 Claims
-
1. A method for reducing the vulnerability of an enterprise network to a malicious code attack from a virtual private network (VPN) capable end system, comprising:
-
denying network access to a VPN capable end system before a user on the end system becomes authenticated;
permitting network access by the end system solely on at least one VPN connection to an enterprise network once the user on the end system becomes authenticated; and
permitting write access to the end system solely to at least one temporary memory while the VPN connection is active. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A virtual private network (VPN) capable end system, comprising:
-
at least one permanent memory;
at least one temporary memory;
at least one processor coupled to the permanent memory and the temporary memory; and
operating software stored on the permanent memory, the operating software having instructions executable by the processor to deny network access to the end system before a user on the end system becomes authenticated and, once the user on the end system becomes authenticated, to permit network access by the end system solely on at least one VPN connection to an enterprise network and permit write access solely to the temporary memory while the VPN connection is active. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
- 22. Operating software for a virtual private network (VPN) capable end system comprising instructions executable by at least one processor on the end system to deny network access to the end system before a user on the end system becomes authenticated and, once the user on the end system becomes authenticated, to permit network access by the end system solely on at least one VPN connection to an enterprise network and permit write access solely to at least one temporary memory on the end system while the VPN connection is active.
Specification