ON DEVICE POLICY ENFORCEMENT TO SECURE OPEN PLATFORM VIA NETWORK AND OPEN NETWORK
First Claim
1. A method of using policy enforcement for securing open devices and networks, the method comprising:
- accessing, by a policy enforcer, a plurality of policies configured to enforce network integrity;
monitoring one or more of;
the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals running on a device;
based on at least one of the plurality of policies, comparing one or more of;
the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals running on the device against one or more of;
the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals allowed by the at least one of the plurality of policies;
based on the comparison, determining that the device is running at least one of the one or more of;
the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals disallowed by the at least one policy; and
in response, prohibiting access of the device to the network.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide methods and systems for using policy enforcement for securing open devices and networks. The method includes accessing, by a policy enforcer, a plurality of policies configured to enforce network integrity and monitoring programs and/or services running on a device. The method further includes based on at least one of the plurality of policies, comparing the programs and/or services running on the device against the programs and/or services allowed by the at least one of the plurality of policies, and based on the comparison, determining that the device is running at least one program and/or service disallowed by the at least one policy. Further, the method includes in response, prohibiting access of the device to the network.
92 Citations
23 Claims
-
1. A method of using policy enforcement for securing open devices and networks, the method comprising:
-
accessing, by a policy enforcer, a plurality of policies configured to enforce network integrity; monitoring one or more of;
the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals running on a device;based on at least one of the plurality of policies, comparing one or more of;
the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals running on the device against one or more of;
the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals allowed by the at least one of the plurality of policies;based on the comparison, determining that the device is running at least one of the one or more of;
the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals disallowed by the at least one policy; andin response, prohibiting access of the device to the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of enforcing policies for a device for accessing a network, the method comprising:
-
detecting and reporting software running on the device and files stored on the device; checking, with a policy enforcer, the software running on the device against software allowed by the policy enforcer; determining that disallowed software is running on the device; and in response to the device running disallowed software, denying the device access to the network. - View Dependent Claims (14, 15, 16)
-
-
17. A system for policy enforcement for securing open devices and networks, the system comprising:
-
a customer device configured to execute programs and access files; a policy enforcer in connection with the customer device, the policy enforcer including a policy database configured to access a plurality of policies configured to enforce network integrity, monitor the programs running on the customer device, based on at least one of the plurality of policies, compare the programs running on the customer device against the programs and/or services allowed by the at least one of the plurality of policies, based on the comparison, determine that the customer device is running at least one program disallowed by the at least one policy, and in response, prohibit access of the device to the network; and a network provider in connection with the policy enforcer, the network provider configured to receive the denial of access to the network request from the policy enforcer, and implement denial of access to the network to the customer device. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A machine-readable medium including sets of instructions stored thereon for using policy enforcement for securing open devices and networks which, when executed by a machine, causes the machine to:
-
access, by a policy enforcer, a plurality of policies configured to enforce network integrity; monitor programs and/or services running on a device; based on at least one of the plurality of policies, compare the programs and/or services running on the device against the programs and/or services allowed by the at least one of the plurality of policies; based on the comparison, determine that the device is running at least one program and/or service disallowed by the at least one policy; and in response, prohibit access of the device to the network.
-
Specification