Method and System for Self-Scaling Generic Policy Tracking
First Claim
1. A method for self-scaling generic policy tracking, comprising:
- at a policy key on a client,scanning the client for at least one configuration;
assessing a policy compliance based on the configuration; and
reporting at least one policy state to a policy server, andat the policy server,receiving the at least one policy state from the policy key; and
configuring network access to the client based on the at least one policy state, wherein the configuring a network access includes opening or closing network access to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
A system (100) and method (600) is provided for self-scaling generic policy tracking. The system can include a policy key (210) on a client (132) for scanning the client for at least one configuration, assessing a policy compliance based on the configuration, and reporting at least one policy state to a policy server. The system can also include a policy server (110) for receiving the at least one policy state from the policy key, and configuring network access to the client based on the at least one policy state. The policy key can report at least one policy state (232) on a periodic communication cycle that can be scaled according to system load for increasing system capacity.
290 Citations
53 Claims
-
1. A method for self-scaling generic policy tracking, comprising:
-
at a policy key on a client, scanning the client for at least one configuration; assessing a policy compliance based on the configuration; and reporting at least one policy state to a policy server, and at the policy server, receiving the at least one policy state from the policy key; and configuring network access to the client based on the at least one policy state, wherein the configuring a network access includes opening or closing network access to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 36)
-
-
29. A system for self-scaling generic policy tracking, comprising:
-
a policy key on a client, for scanning the client for at least one configuration; assessing a policy compliance based on the configuration; and reporting at least one policy state to a policy server, the policy server, for receiving the at least one policy state from the policy key; and configuring network access to the client based on the at least one policy state, wherein the configuring a network access includes opening or closing network access to the client. - View Dependent Claims (30, 31, 32, 33, 34, 35, 37, 38)
-
-
39. A method for network administration control, comprising:
-
preventing at least one client from communicating to nodes on a subnet of the at least one client by poisoning an Address Resolution Protocol (ARP) table to route back all communication attempts to the at least one client; preventing the at least one client from communicating to nodes outside the subnet by removing a default gateway and at least one route from a route table for providing no paths out of the at least one client to an outside network; allowing communication to a remediation service by providing a route in the route table that corresponds to a predetermined remediation server; and redirecting Domain Name Server (DNS) requests to remediation services by changing a DNS of the at least one client to a remediation server. - View Dependent Claims (40, 41, 42, 43, 44, 50)
-
-
45. A system for network administration control, comprising:
-
a policy key on at least one client, for scanning the at least one client for at least one configuration; assessing at least one policy compliance based on the configuration; and reporting a policy profile that identifies a policy state of the at least one policy compliance to a policy server, and a policy server, for receiving the policy profile from the policy key regarding the policy state of the at least one policy compliance of the at least one client; evaluating at least one policy applying to the at least one client; determining whether network access should be granted to the at least one client based on the policy state in view of the at least one policy; and configuring network access to at least one endpoint solution of the at least one client if at least one policy state is not compliant. - View Dependent Claims (46, 47, 48, 49, 51, 52, 53)
-
Specification