Isolation approach for network users associated with elevated risk
First Claim
Patent Images
1. A method, comprising the computer-implemented steps of:
- in a security controller that is coupled, through a network, to a network device having a first network address assigned from a first subset of addresses within a first specified pool associated with normal network users;
determining a user identifier associated with the network device that has caused a security event in the network;
in response to the security event, causing the network device to acquire a second network address that is selected from a second subset of addresses within a second specified pool associated with suspected malicious network users;
wherein the security event is an event that indicates at least one of;
a possible denial of service attack, possible IP address spoofing, extraneous requests for network addresses, and possible MAC address spoofing;
wherein the second subset of addresses is different from the first subset of addresses; and
configuring one or more security restrictions with respect to the second network address.
1 Assignment
0 Petitions
Accused Products
Abstract
An isolation approach for network users associated with elevated risk is disclosed for protecting networks. In one approach a method comprises the computer-implemented steps of determining a user identifier associated with a network device that has caused a security event in a network; causing the network device to receive a network address that is selected from a subset of addresses within a specified pool associated with suspected malicious network users; and configuring one or more security restrictions with respect to the selected network address.
-
Citations
47 Claims
-
1. A method, comprising the computer-implemented steps of:
in a security controller that is coupled, through a network, to a network device having a first network address assigned from a first subset of addresses within a first specified pool associated with normal network users; determining a user identifier associated with the network device that has caused a security event in the network; in response to the security event, causing the network device to acquire a second network address that is selected from a second subset of addresses within a second specified pool associated with suspected malicious network users; wherein the security event is an event that indicates at least one of;
a possible denial of service attack, possible IP address spoofing, extraneous requests for network addresses, and possible MAC address spoofing;wherein the second subset of addresses is different from the first subset of addresses; and configuring one or more security restrictions with respect to the second network address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 23)
-
11. A computer-readable storage medium carrying one or more sequences of instructions, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
in a security controller that is coupled, though a network, to a network device having a first network address assigned from a first subset of addresses within a first specified pool associated with normal network users; determining a user identifier associated with the network device that has caused a security event in the network; in response to the security event, causing the network device to acquire a second network address that is selected from a second subset of addresses within a second specified pool associated with suspected malicious network users; wherein the security event is an event that indicates at least one of;
a possible denial of service attack, possible IP address spoofing, extraneous requests for network addresses, and possible MAC address spoofing;wherein the second subset of addresses is different from the first subset of addresses; and configuring one or more security restrictions with respect to the second network address. - View Dependent Claims (17, 18, 19)
-
12. An apparatus, comprising:
in a security controller that is coupled, though a network, to a network device having a first network address assigned from a first subset of addresses within a first specified pool associated with normal network users; means for determining a user identifier associated with the network device that has caused a security event in the network; means for, in response to the security event, causing the network device to acquire a second network address that is selected from a second subset of addresses within a second specified pool associated with suspected malicious network users; wherein the security event is an event that indicates at least one of;
a possible denial of service attack, possible IP address spoofing, extraneous requests for network addresses, and possible MAC address spoofing;wherein the second subset of addresses is different from the first subset of addresses; and means for configuring one or more security restrictions with respect to the second network address. - View Dependent Claims (20, 21, 22, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
13. An apparatus, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom; a processor; one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; in a security controller that is coupled, though the data network, to a network device having a first network address assigned from a first subset of addresses within a first specified pool associated with normal network users; determining a user identifier associated with the network device that has caused a security event in the network; in response to the security event, causing the network device to acquire a second network address that is selected from a second subset of addresses within a second specified pool associated with suspected malicious network users; wherein the security event is an event that indicates at least one of;
a possible denial of service attack, possible IP address spoofing, extraneous requests for network addresses, and possible MAC address spoofing;wherein the second subset of addresses is different from the first subset of addresses; and configuring one or more security restrictions with respect to the second network address. - View Dependent Claims (14, 15, 16, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
24. A method, comprising the computer-implemented steps of:
in a security controller that is coupled, though a network, to a network device having a first network address assigned from a first subset of addresses within a first specified pool associated with normal network users; in response to a security event in the network, causing the network device to acquire a second network address that is selected from a second subset of addresses within a second specified pool associated with suspected malicious network users; wherein the security event is an event that indicates at least one of;
a possible denial of service attack, possible IP address spoofing, extraneous requests for network addresses, and possible MAC address spoofing;
wherein causing the network device to acquire a second network address comprises performing an action that causes the network device to request a new network address;wherein the second subset of addresses is different from the first subset of addresses; and configuring one or more security restrictions with respect to the new network address. - View Dependent Claims (45, 46, 47)
Specification