SECURITY POLICY ENFORCEMENT
First Claim
1. A method of operating a network message interceptor for enforcing a security policy for communication over a network between first and second network endpoints, the interceptor being in communication with the network and external to the first and second network endpoints, the network including transport layer security, and the security policy identifying at least one valid security standards for communication over the network, the method comprising:
- intercepting, by one or more processors, a handshake message transmitted over the network between the first and second network endpoints;
extracting, by one or more processors, from the handshake message an identification of a security standard selected for the communication between the first and second network endpoints;
determining, by one or more processors, a validity status of the identified security standard based on the security policy; and
preventing, by one or more processors, communication between the first and second network endpoints based on a negatively determined validity status of the identified security standard.
5 Assignments
0 Petitions
Accused Products
Abstract
A method of operating a network message interceptor for enforcing a security policy for communication over a network between first and second network endpoints, the interceptor being in communication with the network and external to the first and second endpoints, the network including transport layer security, and the security policy identifying at least one valid security standards for communication over the network, the method comprising the steps of: intercepting a handshake message transmitted over the network between the first and second endpoints; extracting from the handshake message an identification of a security standard selected for the communication between the first and second endpoints; determining a validity status of the identified security standard based on the security policy; and preventing communication between the first and second endpoints based on a negatively determined validity status of the identified security standard.
-
Citations
20 Claims
-
1. A method of operating a network message interceptor for enforcing a security policy for communication over a network between first and second network endpoints, the interceptor being in communication with the network and external to the first and second network endpoints, the network including transport layer security, and the security policy identifying at least one valid security standards for communication over the network, the method comprising:
-
intercepting, by one or more processors, a handshake message transmitted over the network between the first and second network endpoints; extracting, by one or more processors, from the handshake message an identification of a security standard selected for the communication between the first and second network endpoints; determining, by one or more processors, a validity status of the identified security standard based on the security policy; and preventing, by one or more processors, communication between the first and second network endpoints based on a negatively determined validity status of the identified security standard. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A network message interceptor for enforcing a security policy for communication over a network between first and second network endpoints, the network message interceptor being in communication with the network and external to the first and second network endpoints, the network including transport layer security, and the security policy identifying at least one valid security standards for communication over the network, the network message interceptor comprising:
-
intercepting means for intercepting a handshake message transmitted over the network between the first and second network endpoints; extracting means for extracting from the handshake message an identification of a security standard selected for the communication between the first and second network endpoints; determining means for determining a validity status of the identified security standard based on the security policy; and preventing means for preventing communication between the first and second network endpoints based on a negatively determined validity status of the identified security standard. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for operating a network message interceptor for enforcing a security policy for communication over a network between first and second network endpoints, the interceptor being in communication with the network and external to the first and second network endpoints, the network including transport layer security, and the security policy identifying at least one valid security standards for communication over the network, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code readable and executable by a processor to perform a method comprising:
-
intercepting a handshake message transmitted over the network between the first and second network endpoints; extracting from the handshake message an identification of a security standard selected for the communication between the first and second network endpoints; determining a validity status of the identified security standard based on the security policy; and preventing communication between the first and second network endpoints based on a negatively determined validity status of the identified security standard. - View Dependent Claims (18, 19, 20)
-
Specification