SYSTEM, METHOD, AND COMPUTER PROGRAM FOR PREVENTING INFECTIONS FROM SPREADING IN A NETWORK ENVIRONMENT USING DYNAMIC APPLICATION OF A FIREWALL POLICY
9 Assignments
0 Petitions
Accused Products
Abstract
A method for containing a threat in network environment using dynamic firewall policies is provided. In one example embodiment, the method can include detecting a threat originating from a first node having a source address in a network, applying a local firewall policy to block connections with the source address, and broadcasting an alert to a second node in the network. In more particular embodiments, an alert may be sent to a network administrator identifying the source address and providing remedial information. In yet other particular embodiments, the method may also include applying a remote firewall policy to the first node blocking outgoing connections from the first node.
-
Citations
40 Claims
-
1-20. -20. (canceled)
-
21. One or more non-transitory computer readable media that include code for execution that, when executed by one or more processors, is operable to:
-
detect, at a first node, a threat sent from a source node in a network, the network including at least a plurality of nodes having respective security modules; create, at the first node, a first firewall policy configured to block incoming network requests associated with a source address of the source node; broadcast an alert from the first node to the respective security modules of the plurality of nodes in the network, wherein the broadcast alert comprises the first firewall policy to be applied by the plurality of nodes; and communicate a second firewall policy to the source node if the source node includes a firewall module, the second firewall policy to be applied by the source node to block outgoing network requests from the source node to any one or more of the plurality of nodes in the network. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A first node, comprising:
-
one or more processors; an antivirus module configured to execute on the one or more processors to detect a threat sent from a source node in a network, the network including at least a plurality of nodes having respective security modules; a local firewall module configured to execute on the one or more processors to apply a first firewall policy to block incoming network requests associated with a source address of the source node; and a rumoring module configured to execute on the one or more processors to; broadcast an alert to the respective security modules of the plurality of nodes in the network, wherein the broadcast alert comprises the first firewall policy to be applied by the plurality of nodes; and communicate a second firewall policy to the source node if the source node includes a firewall module, the second firewall policy to be applied by the source node to block outgoing network requests from the source node to any one or more of the plurality of nodes in the network. - View Dependent Claims (31, 32, 33)
-
-
34. A method, comprising:
-
detecting, at a first node, a threat sent from a source node in a network, the network including at least a plurality of nodes having respective security modules; creating, at the first node, a first firewall policy configured to block incoming network requests associated with a source address of the source node; broadcasting an alert from the first node to the respective security modules of the plurality of nodes in the network, wherein the broadcast alert comprises the first firewall policy to be applied by the plurality of nodes; and communicating a second firewall policy to the source node if the source node includes a firewall module, the second firewall policy to be applied by the source node to block outgoing network requests from the source node to any one or more of the plurality of nodes in the network. - View Dependent Claims (35, 36, 37)
-
-
38. One or more non-transitory computer readable media that include code for execution that, when executed by one or more processors, is operable to:
-
broadcast an alert from a first node in a network to respective security modules of a plurality of nodes in the network when a threat, sent from a source node in the network, is detected by the first node, wherein the broadcast alert comprises a local firewall policy to be applied by the plurality of nodes to block incoming network requests associated with a source address of the source node; determine whether the source node includes a firewall module; and if the source node includes the firewall module, communicate a second firewall policy to the source node, the second firewall policy to be applied by the source node to block outgoing network requests from the source node to any one or more of the plurality of nodes in the network. - View Dependent Claims (39, 40)
-
Specification