System and method for network virus protection
First Claim
Patent Images
1. A system, comprising:
- a local area network (LAN) having at least one host device, the at least one host device having software to perform anti-virus scanning;
a communication module to communicate anti-virus protect ion information for the at least one host device to an access module, the anti-virus protection information including status of anti-virus protection of the at least one host device; and
the access module coupled to the LAN to maintain a policy regarding anti-virus protection for the LAN and manage anti-virus protection scanning performed by the at least one host device, the access module to exchange anti-virus protection information with the at least one host device using the communication module of the at least one host device, and, if the status of the anti-virus protection of the at least one host device is not compliant with the policy, to deny the at least one host device access to the Internet and to bring the anti-virus protection of the at least one host device into compliance with the policy.
23 Assignments
0 Petitions
Accused Products
Abstract
A system and method for virus protection of computers on a local area network (LAN) is disclosed. The LAN'"'"'s anti-virus policy is programmed into the firewall, or other Internet access module, which applies that policy to the client computers on the LAN. This policy might include the frequency with which the anti-virus software is updated and the number of versions that the software is permitted to be out of date. Any client computer not meeting the policy is not permitted to access the Internet. The firewall can also update out of date client computers to make them compliant with the policy.
144 Citations
48 Claims
-
1. A system, comprising:
-
a local area network (LAN) having at least one host device, the at least one host device having software to perform anti-virus scanning; a communication module to communicate anti-virus protect ion information for the at least one host device to an access module, the anti-virus protection information including status of anti-virus protection of the at least one host device; and the access module coupled to the LAN to maintain a policy regarding anti-virus protection for the LAN and manage anti-virus protection scanning performed by the at least one host device, the access module to exchange anti-virus protection information with the at least one host device using the communication module of the at least one host device, and, if the status of the anti-virus protection of the at least one host device is not compliant with the policy, to deny the at least one host device access to the Internet and to bring the anti-virus protection of the at least one host device into compliance with the policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
connecting a local area network to an Internet via an Internet access module; connecting a host device to the Internet via the local area network; and using the Internet access module to enforce a policy for anti-virus protection on the host device based on the status of anti-virus protection on the host device, wherein the using includes, denying the host device access to the Internet if the status of the anti-virus protection on the host device is not compliant with the policy, wherein the denying includes, applying a range of compliance for the anti-virus protection policy set by a system administrator, removing the range of compliance and requiring the most current anti-virus protection upon notice of a virus alert. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A system, comprising:
-
a local area network (LAN) having at least one host device, the at least one host device having software to perform anti-virus scanning; a communication module to communicate anti-virus protection information for the at least one host device to an access module, the anti-virus protection information including status of anti-virus protection of the host device; and the access module coupled to the LAN to maintain a policy regarding anti-virus protection for the LAN and manage anti-virus protection scanning performed by the at least one host device, the access module to exchange anti-virus protection information with the at least one host device using the communication module of the at least host device and to deny the at least one host device access to the Internet if the at least one host device docs not have anti-virus protection compliant with the policy, wherein compliance with the policy is either a range of compliance or the most up to date anti-virus protection depending on whether there is currently a virus alert. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. An apparatus comprising:
an Internet access module to be coupled to connect the Internet and a local area network (LAN) including host devices, the Internet access module to receive from the host devices their anti-virus protection status and to deny Internet access to those of the host devices whose anti-virus protection status is not compliant with a corresponding anti-virus protection policy and make available software components necessary to bring those host devices whose anti-virus protection status is not compliant into compliance with the corresponding anti-virus protection policy. - View Dependent Claims (33, 34, 35, 36, 37, 38)
-
39. A method comprising:
enforcing anti-virus protection in a module providing Internet access to a plurality of host devices belonging to a local area network by performing the following for each of the plurality of host devices repeatedly, receiving status of the anti-virus protection on the host device, determining compliance with an anti-virus protection policy based on the anti-virus protection status, denying Internet access to the host device if its anti-virus protection status is determined not compliant, and providing software components to bring the host devices into compliance with the anti-virus protection policy if its anti-virus protection status is determined not compliant. - View Dependent Claims (40, 41, 42, 43)
-
44. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising:
enforcing anti-virus protection in a module providing Internet access to a plurality of host devices belonging to a local area network by performing the following for each of the plurality of host devices repeatedly, receiving status of the anti-virus protection on the host device, determining compliance with an anti-virus protection policy based on the anti-virus protection status, denying Internet access to the host device if its anti-virus protection status is determined not compliant, and providing software components to brings the host devices into compliance with the anti-virus protection policy if its anti-virus protection status is determined not compliant. - View Dependent Claims (45, 46, 47, 48)
Specification