MULTIPLE SECURITY LAYERS FOR TIME-BASED NETWORK ADMISSION CONTROL
First Claim
1. A security apparatus for a computer-based network, the apparatus comprising:
- an alerting system determining a current state of the computer-based network including any of an introduction, re-introduction, removal, or off-line condition of a network asset of the computer-based network;
a blocking system, in communication with the alerting system, preventing the network asset from gaining access to the computer-based network; and
a time engine providing time information to at least one of the alerting and blocking systems.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention include a computer method of controlling access to a computer-based network comprising: (i) receiving an indication of an attempt to gain access to a computer-based network; (ii) applying a respective network access control policy to determine whether to allow the attempt to gain access to the computer-based network at each of multiple security layers; and (iii) allowing or blocking the attempt to gain access through the security layer to the computer-based network based on the application of the respective network access control policy at each security layer. Other embodiments include a computer method of controlling access to a computer-based network comprising: (a) scanning a host computer for viruses; (b) temporarily disabling a firewall of the host computer during an audit; and (c) shutting down high risk services running on the host computer.
83 Citations
22 Claims
-
1. A security apparatus for a computer-based network, the apparatus comprising:
-
an alerting system determining a current state of the computer-based network including any of an introduction, re-introduction, removal, or off-line condition of a network asset of the computer-based network; a blocking system, in communication with the alerting system, preventing the network asset from gaining access to the computer-based network; and a time engine providing time information to at least one of the alerting and blocking systems. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer method of controlling access to a computer-based network, the method comprising:
-
receiving an indication of an attempt to gain access to a computer-based network; at each of multiple security layers, applying a respective network access control policy to determine whether to allow the attempt to gain access to the computer-based network; and based on the application of the respective network access control policy at each security layer, allowing or blocking the attempt to gain access through the security layer to the computer-based network. - View Dependent Claims (21, 22)
-
Specification