Method and apparatus for enhancing security on an enterprise network

US 20070150947A1
Filed: 12/22/2005
Published: 06/28/2007
Est. Priority Date: 12/22/2005
Status: Abandoned Application

First Claim

Patent Images

1. A communication network comprising:

a network management station, a central security server, and a plurality of hosts, each of said hosts implementing a security agent, wherein the network management station is configured to interface a network manager to enable the network manager to specify policy to be used in connection with defining aspects of communications between the hosts on the communication network, the central security server is configured to receive the policy from the network management station and store the policy, and the security agents in the hosts are configured to retrieve at least a portion of the policy from the central security server and implement the retrieved portion of the policy in connection with traffic to be transmitted on the network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Increased security may be provided on an enterprise network by causing a central security server to administer security policy on the network. Agents in hosts on the network authenticate with the central security server to obtain policy information for that particular host user. The policy information may specify whether any special routing, processing, or other features, should occur in connection with particular classes of traffic or in connection with communications with particular other hosts or classes of hosts. In operation, the agents implement the policy by interfacing with the networking layer to cause the traffic to be routed via any other host/server on the network so that appropriate services may occur with respect to that traffic. Additionally, tunnels may be established so that traffic in-between hosts or between a host and server to be encrypted, compressed, or otherwise treated as specified in the policy.

Citations

17 Claims

1. A communication network comprising:
- a network management station, a central security server, and a plurality of hosts, each of said hosts implementing a security agent, wherein the network management station is configured to interface a network manager to enable the network manager to specify policy to be used in connection with defining aspects of communications between the hosts on the communication network, the central security server is configured to receive the policy from the network management station and store the policy, and the security agents in the hosts are configured to retrieve at least a portion of the policy from the central security server and implement the retrieved portion of the policy in connection with traffic to be transmitted on the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The communication network of claim 1, wherein the policy specified by the network manager comprises a plurality of policies, at least a first group of said policies being specific to particular users of the communication network.
  - 3. The communication network of claim 2, wherein the hosts are configured such that when one of said users logs into a host, the host is configured to retrieve a subset of the policies specific to that particular user.
  - 4. The communication network of claim 2, wherein the policies specify routing for particular types of traffic associated with particular users of the network.
  - 5. The communication network of claim 1, wherein the agents are configured to enable Virtual Private Network (VPN) tunnels to be established between hosts on the network.
  - 6. The communication network of claim 5, wherein the communication network is an Ethernet network.
  - 7. The communication network of claim 5, wherein the communication network is an enterprise network, the communication network further comprising an Internet gateway configured to connect the enterprise network with the Internet.
  - 8. The communication network of claim 7, wherein the VPN tunnels are established between hosts on the enterprise network.

9. A method of enhancing security by a host on a network, the method comprising the steps of:
- establishing a connection by a host to a network;
  
  transmitting first authentication information associated with an user to the network to obtain access to the network;
  
  transmitting second authentication information associated with the user to a central security server to obtain a set of security policies applicable to the user for use in connection with communications by the user on the network; and
  
  using the security policies by the host to format data to be transmitted to other hosts on the network.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein the network is an enterprise network, and wherein the step of using the security policies comprises participating in a Virtual Private Network (VPN) tunnel between the host and another host on the network.
  - 11. The method of claim 9, wherein the step of using the security policies comprises encrypting the data.
  - 12. The method of claim 9, wherein the security policies comprise routing information.
  - 13. The method of claim 9, wherein the security policies are application specific to enable the host to use different security policies depending on the application that generated the data to be transmitted on the network.

14. A method of enhancing security by a central security server on a network, the method comprising the steps of:
- receiving, from a host, a request for policies applicable to a user associated with the host;
  
  retrieving a set of policies applicable to the user;
  
  transmitting the set of policies to the host;
  
  wherein the set of policies enable attributes associated with communications to be specified between the host and other hosts on the network on a host-by-host basis.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein the policies enable a Virtual Private Network (VPN) tunnel to be established between the host and at least one of the other hosts on the network.
  - 16. The method of claim 14, wherein the policies enable routing information to be specified for communications between the host and at least one of the other hosts on the network.
  - 17. The method of claim 14, wherein the network is an enterprise network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Vivek, Vibhu, Vijayakumar, Rajesh, Kunjukunju, Biju, Hanberger, Niklas

Application Number

US11/315,823
Publication Number

US 20070150947A1
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

Method and apparatus for enhancing security on an enterprise network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for enhancing security on an enterprise network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links