Enforcement of compliance with network security policies
First Claim
1. A computer-implemented method for enforcing a set of security policies associated with a protected network, the method comprising the steps of:
- receiving a request for a network address from a client;
determining whether the client is in compliance with the set of security policies, wherein the set of security policies includes at least one rule that evaluates a client'"'"'s compliance based on a configuration of the client; and
responsive to the client'"'"'s being in compliance with the set of security policies, assigning the client a logical address on the protected network.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparati, and computer program products enforce computer network security policies by assigning network membership to a client (105) based on the client'"'"'s compliance with the security policies. When a client (105) requests (305) a network address, the DHCP proxy (110) intercepts the request and assigns (350) that client (105) a logical address on the protected network (140) if the client (105) is in compliance with the security policies. If the client (105) is not in compliance with the security policies, in various embodiments, the DHCP proxy (110) assigns (350) the client (105) an address on a restricted network (145) or no network address at all.
217 Citations
46 Claims
-
1. A computer-implemented method for enforcing a set of security policies associated with a protected network, the method comprising the steps of:
-
receiving a request for a network address from a client; determining whether the client is in compliance with the set of security policies, wherein the set of security policies includes at least one rule that evaluates a client'"'"'s compliance based on a configuration of the client; and responsive to the client'"'"'s being in compliance with the set of security policies, assigning the client a logical address on the protected network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method for enforcing a set of security policies associated with a protected network, the method comprising the steps of:
-
receiving compliance data indicating whether a client is in compliance with the set of security policies, wherein the set of security policies includes at least one rule that evaluates a client'"'"'s compliance based on a configuration of the client; storing the compliance data for later access; responsive to a DHCP request for an IP address from the client, retrieving the compliance data related to the client; and responsive to the retrieved compliance data'"'"'s indicating that the client is in compliance with the set of security policies, assigning the client a logical address on the protected network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer program product comprising a computer-readable medium containing computer program code for enforcing a set of security policies associated with a protected network, the computer program code comprising instructions for performing the steps of:
-
receiving a request for a network address from a client; determining whether the client is in compliance with the set of security policies, wherein the set of security policies includes at least one rule that evaluates a client'"'"'s compliance based on a configuration of the client; and responsive to the client'"'"'s being in compliance with the set of security policies, assigning the client a logical address on the protected network. - View Dependent Claims (23, 24, 25, 27)
-
-
26. The computer program product of 25, wherein the set of security policies further includes one or more rules related to an update for the security software.
-
28. The computer program product of 22, wherein the set of security policies further includes one or more rules related to a configuration of software on the client.
-
29. A computer program product comprising a computer-readable medium containing computer program code for enforcing a set of security policies associated with a protected network, the computer program code comprising instructions for performing the steps of:
-
receiving compliance data indicating whether a client is in compliance with the set of security policies, wherein the set of security policies includes at least one rule that evaluates a client'"'"'s compliance based on a configuration of the client; storing the compliance data for later access; responsive to a DHCP request for an IP address from the client, retrieving the compliance data related to the client; and responsive to the retrieved compliance data'"'"'s indicating that the client is in compliance with the set of security policies, assigning the client a logical address on the protected network. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
-
-
37. A DHCP proxy device for enforcing a set of security policies associated with a protected network, the proxy device comprising:
-
a DHCP request interface module configured to receive a DHCP request for an IP address from a client; and a client compliance module coupled to the DHCP request interface module, the client compliance module configured to retrieve, responsive to the DHCP request, compliance data, the compliance data indicating whether the client is in compliance with the set of security policies, wherein the set of security policies includes at least one rule that evaluates a client'"'"'s compliance based on a configuration of the client; wherein, responsive to the retrieved compliance data'"'"'s indicating that the client is in compliance with the set of security policies, the DHCP request interface module assigns the client a logical address on the protected network. - View Dependent Claims (38, 39, 40, 41, 42)
-
-
43. A system comprising:
-
a protected network having associated therewith a set of security policies; a compliance registration manager for storing compliance data associated with a plurality of clients, the compliance data for each client indicating whether the client is in compliance with the set of security policies, wherein the set of security policies includes at least one rule that evaluates a client'"'"'s compliance based on a configuration of the client; and a DHCP proxy coupled to the compliance registration manager for retrieving compliance data therefrom, the DHCP proxy further coupled to the protected network, the DHCP proxy configured to intercept a DHCP request for an IP address from a particular client, and further configured to assign that client a logical address on the protected network upon the condition that the client is in compliance with the security policies. - View Dependent Claims (44, 45, 46)
-
Specification