Method and apparatus for enhancing security on an enterprise network
First Claim
1. A communication network comprising:
- a network management station, a central security server, and a plurality of hosts, each of said hosts implementing a security agent, wherein the network management station is configured to interface a network manager to enable the network manager to specify policy to be used in connection with defining aspects of communications between the hosts on the communication network, the central security server is configured to receive the policy from the network management station and store the policy, and the security agents in the hosts are configured to retrieve at least a portion of the policy from the central security server and implement the retrieved portion of the policy in connection with traffic to be transmitted on the network.
2 Assignments
0 Petitions
Accused Products
Abstract
Increased security may be provided on an enterprise network by causing a central security server to administer security policy on the network. Agents in hosts on the network authenticate with the central security server to obtain policy information for that particular host user. The policy information may specify whether any special routing, processing, or other features, should occur in connection with particular classes of traffic or in connection with communications with particular other hosts or classes of hosts. In operation, the agents implement the policy by interfacing with the networking layer to cause the traffic to be routed via any other host/server on the network so that appropriate services may occur with respect to that traffic. Additionally, tunnels may be established so that traffic in-between hosts or between a host and server to be encrypted, compressed, or otherwise treated as specified in the policy.
-
Citations
17 Claims
-
1. A communication network comprising:
a network management station, a central security server, and a plurality of hosts, each of said hosts implementing a security agent, wherein the network management station is configured to interface a network manager to enable the network manager to specify policy to be used in connection with defining aspects of communications between the hosts on the communication network, the central security server is configured to receive the policy from the network management station and store the policy, and the security agents in the hosts are configured to retrieve at least a portion of the policy from the central security server and implement the retrieved portion of the policy in connection with traffic to be transmitted on the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method of enhancing security by a host on a network, the method comprising the steps of:
-
establishing a connection by a host to a network;
transmitting first authentication information associated with an user to the network to obtain access to the network;
transmitting second authentication information associated with the user to a central security server to obtain a set of security policies applicable to the user for use in connection with communications by the user on the network; and
using the security policies by the host to format data to be transmitted to other hosts on the network. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method of enhancing security by a central security server on a network, the method comprising the steps of:
-
receiving, from a host, a request for policies applicable to a user associated with the host;
retrieving a set of policies applicable to the user;
transmitting the set of policies to the host;
wherein the set of policies enable attributes associated with communications to be specified between the host and other hosts on the network on a host-by-host basis. - View Dependent Claims (15, 16, 17)
-
Specification