Method and apparatus for network security based on device security status
First Claim
1. A method for controlling access of a device to a network, comprising:
- evaluating a security update status of said device; and
selecting one or more of a plurality of policies to apply to said device based on said security update status.
24 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are provided for network security based on a security status of a device. A security update status of a device is evaluated; and one or more of a plurality of security policies are selected to apply to the device based on the security update status. The available security philosophies may include, for example, a “protect the good” philosophy, an “encourage the busy” philosophy and a “shut off the non-compliant” philosophy. The security update status can evaluate, for example, a version level of one or more security features installed on the device or can be based on a flag indicating whether the device satisfies predefined criteria for maintaining one or more computer security protection features up-to-date.
-
Citations
44 Claims
-
1. A method for controlling access of a device to a network, comprising:
-
evaluating a security update status of said device; and
selecting one or more of a plurality of policies to apply to said device based on said security update status. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for controlling access of a device to a network, comprising:
-
ensuring that said device communicates only with one or more specified servers; and
allowing said device to communicate with other devices over said network once said authentication server determines that a security update status of said device satisfies a security policy. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
-
31. A method for controlling access of a device to a network, comprising:
-
evaluating a security update status of said device; and
preventing said device from accessing one or more network services if said device does not satisfy predefined criteria for maintaining one or more computer security protection features up-to-date. - View Dependent Claims (32, 33, 34)
-
-
35. A method for controlling access of a device to a network, comprising:
-
evaluating a security update status of said device; and
preventing said device from accessing said network if said security update status does not satisfy predefined security criteria. - View Dependent Claims (36, 37)
-
-
38. A communication method, comprising:
-
controlling access to one or more network services based on a list of authorized users of said one or more network services; and
broadcasting a message based on said list of authorized users. - View Dependent Claims (39, 40)
-
-
41. An apparatus for controlling access of a device to a network, comprising:
-
a memory; and
at least one processor, coupled to the memory, operative to;
evaluate a security update status of said device; and
select one or more of a plurality of policies to apply to said device based on said security update status.
-
-
42. An apparatus for controlling access of a device to a network, comprising:
-
a memory; and
at least one processor, coupled to the memory, operative to;
ensure that said device communicates only with one or more specified servers; and
allow said device to communicate with other devices over said network once said authentication server determines that a security update status of said device satisfies a security policy.
-
-
43. An apparatus for controlling access of a device to a network, comprising:
-
a memory; and
at least one processor, coupled to the memory, operative to;
evaluate a security update status of said device; and
prevent said device from accessing one or more network services if said device does not satisfy predefined criteria for maintaining one or more computer security protection features up-to-date.
-
-
44. An apparatus for controlling access of a device to a network, comprising:
-
a memory; and
at least one processor, coupled to the memory, operative to;
evaluate a security update status of said device; and
prevent said device from accessing said network if said security update status does not satisfy predefined security criteria.
-
Specification