Method and apparatus for providing network access control using a domain name system
First Claim
Patent Images
1. A method to manage access to external hosts by a gateway within a first network comprising:
- receiving from a source within the first network, a request for an address which corresponds to a host having a host name;
checking whether the source is allowed to access the host corresponding to the host name; and
if the source is not allowed to access the host corresponding to the host name, then the gateway concealing such lack of privilege from the source by providing an indication to the source that the address which corresponds to the host name cannot be located.
19 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing network access control by manipulating a domain name system includes receiving, from a source, a request for an address which corresponds to a host name. A check is made as to whether a requestor corresponding to the request is allowed to access a host system corresponding to the host name. If the requestor is not allowed to access the host system corresponding to the host name, then an indication is provided to the source of the request that the address which corresponds to the host name cannot be located.
311 Citations
25 Claims
-
1. A method to manage access to external hosts by a gateway within a first network comprising:
-
receiving from a source within the first network, a request for an address which corresponds to a host having a host name;
checking whether the source is allowed to access the host corresponding to the host name; and
if the source is not allowed to access the host corresponding to the host name, then the gateway concealing such lack of privilege from the source by providing an indication to the source that the address which corresponds to the host name cannot be located. - View Dependent Claims (2, 3, 4, 5, 6)
if the source is allowed to access the host corresponding to the host name, then providing the address to the source.
-
-
3. The method of claim 1, wherein the receiving comprises receiving a request for an internet protocol (IP) address outside the first network which corresponds to the host name.
-
4. The method of claim 1, wherein the receiving comprises receiving a request for the address which corresponds to a host name embedded in a uniform resource locator (URL).
-
5. The method of claim 1, wherein the source comprises a user of the source and the checking comprises uniquely identifying the user of the source.
-
6. The method of claim 1, wherein the checking comprises uniquely identifying the source from a plurality of potential sources.
-
7. An apparatus within a first network to manage access to external hosts comprising:
-
a control logic to receive, from a source within the first network, a request for a host address outside the first network which corresponds to a host having a host name;
an access management logic, coupled to the control logic, to check whether the source is allowed to access the host corresponding to the host name; and
wherein the control logic is to provide an indication to the source that the address which corresponds to the host name cannot be located if the source is not entitled to access the host corresponding to the host name. - View Dependent Claims (8, 9, 10, 11, 12, 13)
an access management database which stores a plurality of source indicators and corresponding access information.
-
-
13. The apparatus of claim 12, wherein the access information comprises a plurality of host names which are inaccessible by the source.
-
14. A machine-readable medium having stored thereon a plurality of instructions for managing access to external hosts by a gateway within a first network, which when executed by a processor, causes the processor to perform operations comprising:
-
receiving from a source within the first network a request for a host address outside the first network which corresponds to a host having a host name;
checking whether the source is allowed to access the host corresponding to the host name; and
if the source is not allowed to access the host corresponding to the host name, then concealing such lack of privilege from the source by providing an indication to the source that the address which corresponds to the host name cannot be located. - View Dependent Claims (15, 16, 17)
-
-
18. An apparatus within a first network to manage access to external hosts comprising:
-
means for receiving from a source within the first network a request for an address outside the first network which corresponds to a host having a host name;
means for checking, coupled to the means for receiving, whether the source is allowed to access the host corresponding to the host name; and
means for providing, coupled to the means for checking, an indication to the source of the request that the address which corresponds to the host name cannot be located if the source is not allowed to access the host corresponding to the host name. - View Dependent Claims (19, 20, 21)
means for providing the address to the source if the source is allowed to access the host corresponding to the host name.
-
-
20. The apparatus of claim 18, wherein the source comprises a user of the source, and the means for checking comprises means for uniquely identifying the user of the source.
-
21. The apparatus of claim 18, wherein the means for checking comprises means for uniquely identifying the source from a plurality of potential sources.
-
22. A method to manage access to external hosts by a gateway within a first network comprising:
-
receiving from a source within the first network, a request for a host address which corresponds to a host having a host name;
checking whether the source is allowed to access a host corresponding to the host address; and
if the source is not allowed to access the host corresponding to the host address, then the gateway concealing such lack of privilege from the source by providing an indication to the source that the host address corresponding to the host name cannot be located. - View Dependent Claims (23)
if the source is entitled to access the host corresponding to the host address, then providing the address to the source.
-
-
24. A machine-readable medium having stored thereon a plurality of instructions for managing access to external hosts by a gateway within a first network, which when executed by a processor, causes the processor to perform operations comprising:
-
receiving from a source within the first network, a request for a host address outside the first network which corresponds to a host having a host name;
checking whether the source is allowed to access the host corresponding to the host address; and
if the source is not allowed to access the host corresponding to the host address, then concealing such lack of privilege from the source by providing an indication to the source that the host address corresponding to the host name cannot be located.
-
-
25. An apparatus within a first network to manage access to external hosts comprising:
-
means for receiving from a source within the first network a request for a host address outside the first network which corresponds to a host having a host name;
means for checking, coupled to the means for receiving, whether the source is allowed to access the host corresponding to the host address; and
means for providing, coupled to the means for checking, an indication to the source of the request that the host address which corresponds to the host name cannot be located if the source is not allowed to access the host corresponding to the host address.
-
Specification