System and methodology for providing community-based security policies
First Claim
1. In a system comprising a plurality of devices connected to a network, a method for regulating network access at a particular device, the method comprising:
- providing at a plurality of devices connected to a network a security module for establishing security settings, said security settings for regulating network access at said plurality of devices;
collecting information about established security settings from at least some of said plurality of devices connected to the network;
in response to a request for network access at a particular device, determining whether or not to permit network access based, at least in part, upon the collected information about established security settings;
wherein said collecting step includes collecting information about whether a particular program is permitted to access the network; and
wherein said determining step includes determining whether at least a majority of users permit a particular program to access the network.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and methodology for providing community-based security policies is described. In one embodiment in a system comprising a plurality of devices connected to a network, a security module is provided for establishing security settings for regulating network access at these devices. Information is collected from at least some the devices about the security settings established on such devices and consensus security settings are generated based upon the collected information. In response to a request for network access at a particular device, determining whether or not to permit network access is based, at least in part, upon the consensus security settings.
62 Citations
40 Claims
-
1. In a system comprising a plurality of devices connected to a network, a method for regulating network access at a particular device, the method comprising:
-
providing at a plurality of devices connected to a network a security module for establishing security settings, said security settings for regulating network access at said plurality of devices; collecting information about established security settings from at least some of said plurality of devices connected to the network; in response to a request for network access at a particular device, determining whether or not to permit network access based, at least in part, upon the collected information about established security settings; wherein said collecting step includes collecting information about whether a particular program is permitted to access the network; and wherein said determining step includes determining whether at least a majority of users permit a particular program to access the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a system comprising a plurality of devices connected to a network, a method for regulating network access at a particular device, the method comprising:
-
providing at a plurality of devices connected to a network a security module for establishing security settings, said security settings for regulating network access at said plurality of devices; collecting information about established security settings from at least some of said plurality of devices connected to the network; in response to a request for network access at a particular device, determining whether or not to permit network access based, at least in part, upon the collected information about established security settings; and wherein said determining step includes determining a percentage of the collected security settings permitting access to the network. - View Dependent Claims (12, 13)
-
-
14. A system for managing access to resources on a per program basis, the system comprising:
-
a plurality of computers capable of connecting to resources; a policy module enabling security policies to be defined at said plurality of computers; a repository for collecting the security policies from said plurality of computers, said repository available to said plurality of computers; an enforcement module for trapping a request for access to resources from a particular program at a particular computer and determining whether to permit access to the resources based, at least in part, upon security policies collected in said repository; and wherein said enforcement module determines whether a particular program is permitted to access the resources under at least a majority of the security policies.
-
-
15. A system for managing access to resources on a per program basis, the system comprising:
-
a plurality of computers capable of connecting to resources; a policy module enabling security policies to be defined at said plurality of computers; a repository for collecting the security policies from said plurality of computers, said repository available to said plurality of computers; an enforcement module for trapping a request for access to resources from a particular program at a particular computer and determining whether to permit access to the resources based, at least in part, upon security policies collected in said repository; and wherein said enforcement module determines a percentage of the collected security policies permitting access to the resources. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for assisting a user in configuring a program, the method comprising:
-
providing a configuration module at a plurality of computers connected to a network, the configuration module enabling a user to adopt a configuration setting for the program; collecting at a computer on the network the configuration setting adopted by at least some users of the program at said plurality of computers; generating a recommended configuration setting based upon the collected configuration settings; displaying the recommended configuration setting at a particular computer connected to the network to assist a user in configuring the program; and wherein said generating step includes determining the configuration setting adopted by at least a majority of users from which configuration settings are collected. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
-
32. A method for assisting a user in configuring a program, the method comprising:
-
providing a configuration module at a plurality of computers connected to a network, the configuration module enabling a user to adopt a configuration setting for the program; collecting at a computer on the network the configuration setting adopted by at least some users of the program at said plurality of computers; generating a recommended configuration setting based upon the collected configuration settings; displaying the recommended configuration setting at a particular computer connected to the network to assist a user in configuring the program; and wherein said generating step includes generating information about a percentage of users adopting a particular configuration setting.
-
-
33. A method for assisting a user in configuring a program, the method comprising:
-
providing a configuration module at a plurality of computers connected to a network, the configuration module enabling a user to adopt a configuration setting for the program; collecting at a computer on the network the configuration setting adopted by at least some users of the program at said plurality of computers; generating a recommended configuration setting based upon the collected configuration settings; displaying the recommended configuration setting at a particular computer connected to the network to assist a user in configuring the program; and wherein generating step includes utilizing a weighted voting calculation.
-
-
34. In a system comprising a plurality of computers connected to a network, a method for managing network access, the method comprising:
-
providing a security module enabling security rules to be defined at said plurality of computers, said security rules identifying programs permitted to access the network; collecting said security rules from said plurality of computers in a repository, said repository available to said plurality of computers; trapping a request for access to the network from a particular program at a particular computer; if said particular program is included in said security rules at said particular computer, determining whether to permit access to the network based upon said security rules at said particular computer; and otherwise, if said particular program is not included in said security rules at said particular computer, determining whether to permit access based upon said repository; wherein said step of determining whether to permit access based upon said repository includes determining whether at least a majority of users permit a particular program to access the network. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
Specification