×

Dynamic address assignment for access control on DHCP networks

  • US 7,890,658 B2
  • Filed: 08/28/2009
  • Issued: 02/15/2011
  • Est. Priority Date: 09/14/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method of controlling access to a protected network, the method comprising:

  • receiving first endpoint information from an agent running on an endpoint, the first endpoint information including a MAC address of the endpoint and information characterizing the endpoint;

    receiving a DHCPDISCOVER packet with the MAC address of the endpoint at an input of a DHCP server via a router, the router including an access control list characterizing a restricted subnet of the protected network, the restricted subnet accessible to endpoints with an IP address in a first address range but not accessible to endpoints with an IP address in a second address range;

    altering the DHCPDISCOVER packet received at the input, the alteration being responsive to the first endpoint information having met requirements of a security assessment;

    passing the altered DHCPDISCOVER packet to a processor configured to execute computing instructions for generating a DHCPOFFER packet;

    executing the computing instructions, wherein execution of the computing instructions by the processor generates the DHCPOFFER packet responsive to the alteration made in the DHCPDISCOVER packet, the DHCPOFFER packet including an IP address associated with the first address range if the endpoint information has met the requirements of the security assessment, the DHCPOFFER packet including an IP address associated with the second address range if the endpoint information has not met the requirements of the security assessment;

    receiving second endpoint information from the agent as a result of the agent detecting changes at the endpoint; and

    using the second endpoint information in a subsequent security assessment.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×