NETWORK ACCESS CONTROL SYSTEM AND METHOD FOR DEVICES CONNECTING TO NETWORK USING REMOTE ACCESS CONTROL METHODS
First Claim
1. A system for out-of-band control of network access supporting multiple connections comprising:
- a network;
at least one remote access device (RAD) communicatively coupled to said network; and
a Network Access Control Server (NACS) controlling said network access, wherein said network access control comprises;
identity management of said connections;
endpoint compliance of said connections; and
usage policy enforcement of said connections.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method for network access control (NAC) of remotely connected devices is disclosed. In embodiments, agents support role mapping and policy-based scanning. Embodiments automatically perform authentication, assessment, authorization, provisioning, and remediation. Capabilities include user authentication, role-based authorization, endpoint compliance, alarms and alerts, audit logs, location-based rules, and policy enforcement. Processes collect information about the user as well as the host being used from sources including, but not limited to, LDAP, the remote access device, and the agent. Once this data has been obtained, embodiments construct a comprehensive model of the host. This model is subsequently used to govern the actual host'"'"'s network access when it connects to the network. Passive monitoring includes vulnerability scanning to control access rights throughout the duration of the connection.
-
Citations
22 Claims
-
1. A system for out-of-band control of network access supporting multiple connections comprising:
-
a network; at least one remote access device (RAD) communicatively coupled to said network; and a Network Access Control Server (NACS) controlling said network access, wherein said network access control comprises; identity management of said connections; endpoint compliance of said connections; and usage policy enforcement of said connections. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for secure network access of a user device to a network comprising the steps of:
-
receiving a connect attempt to said network from said user device; authenticating connecting user to a network access control server (NACS) by a remote access device (RAD); capturing RAD identification, location by said NACS; restricting access to said network by said user device with a network access filter (NAF) configured on said RAD; directing said client device to an agent by said RAD; running said agent on said user device; identifying client to said NACS by said agent; modifying said NAF based on compliance; monitoring post-connection of successful connections. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for secure network access of a user device to a network comprising the steps of:
-
attempting to connect to said network from said user device; authenticating connecting user to a network access control server (NACS) by a remote access device (RAD), wherein said authentication process is out of band, and not involved in ongoing network traffic flow, whereby data throughput and remote access scalability are unimpeded; capturing RAD identification, location by said NACS, wherein role-mapping based on user identity and RAD provides identity-based network assignment; restricting access to said network by said user device with a network access filter (NAF) configured on said RAD, wherein network access restrictions by filter are abstracted whereby a plurality of RAD filtering mechanisms are supported; directing said client device to an agent by said RAD, wherein said agent is determined by said NACS; running said agent on said user device, wherein said agent is selected from persistent and dissolvable agents; identifying client to said NACS by said agent; modifying said NAF based on compliance; and monitoring post-connection of successful connections.
-
Specification