Method and system for enforcing a communication security policy
First Claim
1. A method for enforcing a security policy for selectively preventing the downloading and execution of undesired Executable Objects in an individual workstation, comprising the steps of:
- (1) providing a security agent suitable to be installed in an individual workstation, said security agent being provided with means for introducing at least one marker in one or more data packet transmitted by a workstation to a server through a gateway, said at least one marker indicating that a security agent is installed in the transmitting workstation;
(2) providing means in or coupled to the gateway for analyzing the first one or more data packet(s) received from a transmitting workstation initiating communication to a remote server, to determine whether said first one or more data packet(s) comprise at least one marker indicating that a suitable security agent is installed in the transmitting workstation;
(3) If at least one market indicating that a suitable security agent is installed in the transmitting workstation is detected in said first one or more data packet(s), deleting said marker(s) from said first one or more data packet(s), and allowing said data packet(s) to be transmitted to their destination; and
(4) If no marker indicating that a suitable security agent is installed in the transmitting workstation is detected in said first one or more data packet(s), preventing any data packet(s) received from the server to which the workstation is connected from being transmitted to the workstation.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for enforcing a security policy for selectively preventing the downloading and execution of undesired Executable Objects in an individual workstation, comprising the steps of, (1) providing a security agent suitable to be installed in an individual workstation, said security agent being provided with means for introducing at least one marker in one or more data packet transmitted by a workstation to a server through a gateway, said at least one marker indicating that a security agent is installed in the transmitting workstation; (2) providing means in or coupled to the gateway for analyzing the first one or more data packet(s) received from a transmitting workstation initiating communication to a remote server, to determine whether said first ore or more data packet(s) comprise at least one marker indicating that a suitable security agent is installed in the transmitting workstation; (3) If at least one marker indicating that a suitable security agent is installed in the transmitting workstation is detected in said first one or more data packet(s), deleting said marker(s) from said first one or more data packet(s), and allowing said data packet(s) to be transmitted to their destination; and (4) If no marker indicating that a suitable security agent is installed in the transmitting workstation is detected in said first one or more data packet(s), preventing any data packet(s) received from the server to which the workstation is connected from being transmitted to the workstation.
-
Citations
22 Claims
-
1. A method for enforcing a security policy for selectively preventing the downloading and execution of undesired Executable Objects in an individual workstation, comprising the steps of:
-
(1) providing a security agent suitable to be installed in an individual workstation, said security agent being provided with means for introducing at least one marker in one or more data packet transmitted by a workstation to a server through a gateway, said at least one marker indicating that a security agent is installed in the transmitting workstation; (2) providing means in or coupled to the gateway for analyzing the first one or more data packet(s) received from a transmitting workstation initiating communication to a remote server, to determine whether said first one or more data packet(s) comprise at least one marker indicating that a suitable security agent is installed in the transmitting workstation; (3) If at least one market indicating that a suitable security agent is installed in the transmitting workstation is detected in said first one or more data packet(s), deleting said marker(s) from said first one or more data packet(s), and allowing said data packet(s) to be transmitted to their destination; and (4) If no marker indicating that a suitable security agent is installed in the transmitting workstation is detected in said first one or more data packet(s), preventing any data packet(s) received from the server to which the workstation is connected from being transmitted to the workstation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method according to clam 2, further comprising comparing the identity of the workstation and/or of the user with the security level to be allocated to it/him, and selecting the suitable security agent and security policy data to be installed in the workstation.
-
11. A system for enforcing a security policy for selectively preventing the downloading and execution of undesired Executable Objects in an individual workstation, comprising:
-
A. A security agent suitable to be installed in an individual workstation, said security agent being provided with means for introducing at least one marker in one or more data packet transmitted by a workstation to a server through a gateway, said at least one marker indicating that a security agent is installed in the transmitting workstation; B. Gateway means for controlling the communication traffic of a plurality of workstations with the Internet or an intranet; C. Detection means provided in, or coupled to said gateway for analyzing the first one or more data packet(s) received from a transmitting workstation initiating communication to a remote server, to determine whether said first one or more data packet(s) comprise at least one marker indicating that a suitable security agent is installed in the transmitting workstation; D. Means for deleting said marker(s) from said first one or more data packet(s), and for allowing said data packet(s) to be transmitted to their destination, if at least one marker indicating that a suitable security agent is installed in the transmitting workstation is detected by said detection means in said first one or more data packet(s); and E. Means for preventing any data packet(s) received from the server to which the workstation is connected from being transmitted to the workstation if no marker indicating that a suitable security agent is installed in the transmitting workstation is detected by said detection means in said first one or more data packet(s). - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification