Method and system for monitoring and controlling network access
First Claim
1. A method of providing access control to resources of a network comprising steps of:
- monitoring network traffic, including receiving data packets transmitted to and from nodes of said network such that receptions of said data packets are non-intrusive with respect to traffic flow of said network;
with respect to individual node-to-node transmissions within said network, assembling pluralities of said received data packets specific to said individual node-to-node transmissions, thereby forming an assembled multi-packet communication for each of said node-to-node transmission based upon said assembled multi-packet communications, identifying source nodes and destination nodes and contextual information for said individual node-to-node transmissions; and
applying access rules to said assembled multi-packet communications in determinations of whether said individual node-to-node transmissions are restricted transmissions, including basing said determinations on said identifying said source and destination nodes and said contextual information.
10 Assignments
0 Petitions
Reexamination
Accused Products
Abstract
A method and system for monitoring and controlling network access includes non-intrusively monitoring network traffic and assembling data packets that are specific to individual node-to-node transmissions in order to manage network access both inside and outside of a network. A rules base is generated to apply at either or both of the connection time and the time subsequent to connection. With regard to a particular node-to-node transmission, the data packets are assembled to identify the source and destination nodes, as well as contextual information (i.e., ISO Layer 7 information). The access rules are applied in a sequential order to determine whether the transmission is a restricted transmission. The rules are maintained in a single rules base for the entire network and are distributed to each monitoring node. Any of the protocols in the suite of TCP/IP protocols can be managed. The result of an analysis against the rules base causes a connection attempt to be completed or denied, a previously established connection to be broken, logging to occur, or a combination of these and other actions. Data collected during connection attempts or during a connection'"'"'s lifetime may be passed to a third-party hardware or software component in order for independent validation to take place. Traffic monitoring and access management can be executed at a node other than a choke point of the network.
-
Citations
18 Claims
-
1. A method of providing access control to resources of a network comprising steps of:
-
monitoring network traffic, including receiving data packets transmitted to and from nodes of said network such that receptions of said data packets are non-intrusive with respect to traffic flow of said network;
with respect to individual node-to-node transmissions within said network, assembling pluralities of said received data packets specific to said individual node-to-node transmissions, thereby forming an assembled multi-packet communication for each of said node-to-node transmission based upon said assembled multi-packet communications, identifying source nodes and destination nodes and contextual information for said individual node-to-node transmissions; and
applying access rules to said assembled multi-packet communications in determinations of whether said individual node-to-node transmissions are restricted transmissions, including basing said determinations on said identifying said source and destination nodes and said contextual information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of providing access control to resources that are internal to and external of a network of nodes, including computing devices of users of said network, said method comprising steps of:
-
generating a rules base related to restricting access to said resources by said nodes of said network, including forming a first set of rules specific to access to external resources and a second set of rules specific to access to internal resources;
monitoring transmissions that include one of said computing devices;
acquiring information regarding each said transmission, including determining information relating to at least Layers 2, 3 and 7 of the ISO model; and
applying said rules base to said acquired information to detect transmissions in which access to said resources is restricted by said rules base, including initiating a predetermined action in response to detecting that a specific transmission relates to an access that is restricted. - View Dependent Claims (12, 13, 14)
-
-
15. A system for providing access control to resources of a network comprising:
-
a plurality of nodes, including computing devices;
means for non-intrusively intercepting data packets to and from said nodes such that said intercepting is substantially transparent to packet flow within said network;
means for identifying said data packets of discrete transmissions and assembling said data packets;
means for determining sources and destinations of said discrete transmissions and determining user-generated contextual information contained therein;
a rules base store having a plurality of rules relating to controlling access to said resources of said network; and
means for controlling said access based upon matching said rules to said sources, destinations and user-generated contextual information from said means for determining. - View Dependent Claims (16, 17, 18)
-
Specification