CONTROLLING NETWORK ACCESS
First Claim
1. A method for controlling access to a computer network based on a client'"'"'s compliance with network health policy standards, the method comprising:
- sending a request for access to the network from the client to a server, the request including a statement of health of the client;
receiving a first response from the server, the first response including filtering instructions;
converting the filtering instructions into firewall rules on the client; and
filtering communications from the client to the network based on the firewall rules using a firewall on the client.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for controlling network access determine that a client computer on the network is in compliance with administrator-defined network health policy standards before the client computer is granted access to the network. A packet exchange mechanism is defined wherein filtering instructions from a server are converted into firewall rules on the client computer to restrict client access to remediation servers on the network. The client computer obtains update patches from the remediation servers to become compliant with network health policy standards.
-
Citations
20 Claims
-
1. A method for controlling access to a computer network based on a client'"'"'s compliance with network health policy standards, the method comprising:
-
sending a request for access to the network from the client to a server, the request including a statement of health of the client; receiving a first response from the server, the first response including filtering instructions; converting the filtering instructions into firewall rules on the client; and filtering communications from the client to the network based on the firewall rules using a firewall on the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for a first server to determine whether a client should be granted access to a computer network, the method comprising:
-
receiving a request from the client for access to the network, the request including a statement of health of the client; sending the request to a second server; receiving a first response from the second server, the first response indicating whether the client'"'"'s state of health is compliant with state of health policies of the network, the first response further including information about specific deficiencies in the client'"'"'s state of health and remediation instructions for the client in order to remedy the client'"'"'s health; and sending a second response to the client, the second response including the remediation instructions and filtering instructions, the filtering instructions enabling a firewall on the client to restrict the client'"'"'s access to the network. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A client programmed to request access to a computer network, the client comprising:
-
a system health agent programmed to monitor and report on the client'"'"'s health state; a network access protection agent programmed to collect, store and process statement of health information from the system health agent; an enforcement agent programmed to obtain the client'"'"'s statement of health from the network access protection agent, to send said statement of health to a server, and to convert filtering instructions received from the server into firewall rules to limit the client'"'"'s access to the network; and a firewall programmed to filter client communication to the network based on firewall rules. - View Dependent Claims (18, 19, 20)
-
Specification