System and methods for providing network quarantine
First Claim
1. A network quarantine client for interacting with a server enforcing a quarantine policy, comprising:
- at least one enforcement client for communicating with the server through a network protocol; and
a coordinating client for acquiring at least one statements of health from at least one policy client, wherein the coordinating client exposes an interface through which the at least one policy client communicates with the coordinating client, and wherein the coordinating client assembles the at least one statements of heath into statement of health list and provides the at least one enforcement client with the statement of health list.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for ensuring that machines having invalid or corrupt states are restricted from accessing network resources are provided. A quarantine coordination client (QCC) located on a client machine acquires statements of health from a plurality of quarantine policy clients. The QCC packages the statements and provides the package to a quarantine enforcement client (QEC). The QEC sends the package to a quarantine enforcement server (QES) with a request for network access. The QES passes the package to a quarantine coordination server (QCS) that disassembles the package and passes the individual statements of health to corresponding quarantine policy servers (QPS). The QPSs validate the statements of health and inform the QCS of the result. If the client provided valid statements of health, the QES grants the client access to the network.
167 Citations
20 Claims
-
1. A network quarantine client for interacting with a server enforcing a quarantine policy, comprising:
-
at least one enforcement client for communicating with the server through a network protocol; and
a coordinating client for acquiring at least one statements of health from at least one policy client, wherein the coordinating client exposes an interface through which the at least one policy client communicates with the coordinating client, and wherein the coordinating client assembles the at least one statements of heath into statement of health list and provides the at least one enforcement client with the statement of health list. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for a client to comply with a network quarantine policy, comprising:
-
acquiring a policy from one or more policy servers;
executing a system diagnostic to determine if the client is in compliance with an acquired policy;
if the client fails to comply with an acquired policy, correcting a security state of the client;
generating a list of statements of health, each statement of health indicating the client is in compliance with a corresponding policy; and
transmitting the list of statements of health to a quarantine server for validation. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A network quarantine server for enforcing a network quarantine policy, comprising:
-
at least one enforcement server for communicating with at least one client through a network protocol; and
a coordinating server for receiving a list of statements of health, including at least one statement of health, from the enforcement server and querying at least one policy server to verify the at least one statement of health. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for network quarantine management, comprising:
-
receiving from a remotely located Dynamic Host Control Protocol (DHCP) server a bill of health acquired from a client requesting a network resource, the bill of health reflecting the system state of the client;
validating the bill of health;
if the statement of health is valid, instructing the DHCP server to grant the request; and
if the statement of health is invalid, instructing the DHCP server not grant the request and to place the client in quarantine. - View Dependent Claims (20)
-
Specification