ACCESS CONTROL DEVICE, AND ACCESS CONTROL METHOD
First Claim
1. An access control apparatus comprising:
- a storage section that stores a host list indicating hosts, out of hosts in a first network, access to which is restricted or access to which is not restricted from a terminal in a second network;
a reception section that receives a packet whose destination is set to a host in the first network from a terminal in the second network;
a control section that controls, when the destination host of the received packet is registered in the host list, whether to transmit the packet to the host or discard the packet; and
an updating section that acquires, when the destination host of the received packet is not registered in the host list, information as to whether or not access from the terminal to the host is permitted from outside and updates the host list.
1 Assignment
0 Petitions
Accused Products
Abstract
An access control unit and an access control method are provided for controlling an access to a secure host efficiently by reducing the consumption of resources such as a memory. In this access control device, an access control unit (302) performs an access control in accordance with whether the target IP address and the sender IP address of a packet are the IP address of a secure terminal or host or the IP address of a general terminal or host, while referring to a host list stored in a host information storage unit (304). The host information storage unit (304) stores the domain name and the IP address of a general host in an external network (200), as the host list. A host list updating unit (305) inquires the host list of the host information storage unit (304) whether the unregistered host is the secure host or the general host, and updates the host list in accordance with the result of the inquiry.
-
Citations
6 Claims
-
1. An access control apparatus comprising:
-
a storage section that stores a host list indicating hosts, out of hosts in a first network, access to which is restricted or access to which is not restricted from a terminal in a second network; a reception section that receives a packet whose destination is set to a host in the first network from a terminal in the second network; a control section that controls, when the destination host of the received packet is registered in the host list, whether to transmit the packet to the host or discard the packet; and an updating section that acquires, when the destination host of the received packet is not registered in the host list, information as to whether or not access from the terminal to the host is permitted from outside and updates the host list. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An access control method for an access control apparatus that stores a host list indicating hosts, out of hosts in a first network, access to which is restricted or access to which is not restricted from a terminal in a second network, the access control method comprising the steps of:
-
receiving a packet whose destination is set to a host in the first network from a terminal in the second network; controlling, when the destination host of the received packet is registered in the host list, whether to transmit the packet to the host or discard the packet; and acquiring, when the destination host of the received packet is not registered in the host list, information as to whether or not access from the terminal to the host is permitted from outside and updating the host list.
-
Specification
-
- Resources
-
Application NumberUS11/721,784Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current709/225CPC Class CodesH04L 61/4511 using domain name system [DNS]H04L 63/101 Access control lists [ACL]
