Managing use of proxies to access restricted network locations

US 8,090,852 B2
Filed: 06/04/2008
Issued: 01/03/2012
Est. Priority Date: 06/04/2008
Status: Active Grant

First Claim

Patent Images

1. A method of operating a threat management facility to prevent proxy access to content prohibited by a network policy, the method comprising:

A. receiving a network location access request at the threat management facility from a client belonging to an enterprise secured by the threat management facility;

B. accessing a URL database that contains categorized URLs and determining if a URL associated with the network location access request is a previously uncategorized URL;

C. when the URL associated with the network location access request is a previously uncategorized URL, determining if the URL associated with the network location access request includes a primary URL with a first network location to be accessed by the client and a secondary URL within the primary URL with a second network location of a website to be accessed using the first network location as a proxy site;

D. when the URL includes a secondary URL with a second network location of a website to be accessed using the first network location as a proxy site, accessing the URL database and determining if the client is restricted from accessing the website identified by the secondary URL; and

E. when the client is restricted from accessing the website, blocking the network location access request for the URL.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In embodiments of the present invention improved capabilities are described for the detection of uncategorized web-based proxy sites, where an action may be provided in association with access to restricted network locations. In a step A, a network location access request may be received from a computing facility. In a step B, a URL database may be assessed that contains categorized URLs and it may be determined that a URL associated with the network location access request is previously uncategorized URL. In a step C, it may be determined that the URL associated with the network location access request includes a secondary URL. In a step D, the URL database may be accessed that contains categorized URLs and it may be determined that the client is restricted from accessing the secondary URL. In a step E, the action may be provided in association with the network location access request as a previously uncategorized proxy website when steps B, C, and D are all met.

31 Citations

View as Search Results

24 Claims

1. A method of operating a threat management facility to prevent proxy access to content prohibited by a network policy, the method comprising:
- A. receiving a network location access request at the threat management facility from a client belonging to an enterprise secured by the threat management facility;
  
  B. accessing a URL database that contains categorized URLs and determining if a URL associated with the network location access request is a previously uncategorized URL;
  
  C. when the URL associated with the network location access request is a previously uncategorized URL, determining if the URL associated with the network location access request includes a primary URL with a first network location to be accessed by the client and a secondary URL within the primary URL with a second network location of a website to be accessed using the first network location as a proxy site;
  
  D. when the URL includes a secondary URL with a second network location of a website to be accessed using the first network location as a proxy site, accessing the URL database and determining if the client is restricted from accessing the website identified by the secondary URL; and
  
  E. when the client is restricted from accessing the website, blocking the network location access request for the URL.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising providing a warning to the client about a policy violation.
  - 3. The method of claim 1, further comprising logging the network location access request.
  - 4. The method of claim 3, wherein the logging enables correlation with previously logged actions.
  - 5. The method of claim 4, wherein the correlation generates a further action from the threat management facility.
  - 6. The method of claim 1, wherein the previously uncategorized URL is absent from the database that contains categorized URLs.
  - 7. The method of claim 1, wherein the categorized URLs include URLs that are categorized as restricted.
  - 8. The method of claim 1, wherein the categorized URLs include URLs that are categorized as not restricted.
  - 9. The method of claim 1, wherein the categorized URLs include URLs that are categorized as allowed.
  - 10. The method of claim 1, wherein the categorized URLs include URLs that are categorized as not allowed.
  - 11. The method of claim 1, wherein the categorized URLs include a URL white list.
  - 12. The method of claim 1, wherein the categorized URLs include a URL black list.
  - 13. The method of claim 1, wherein the secondary URL is an embedded URL in the URL associated with the network location request.
  - 14. The method of claim 1, wherein the secondary URL is encoded.
  - 15. The method of claim 1, wherein the network policy includes URL access restrictions for the client.
  - 16. The method of claim 1, wherein the client is associated with a user.
  - 17. The method of claim 14, wherein the user has access restrictions associated with the network policy.
  - 18. The method of claim 1, wherein the URL associated with the network location access request is analyzed for a portion that corresponds with a restricted access URL.
  - 19. The method of claim 18, wherein the portion is associated with obfuscated data.

20. A method of operating a threat management facility to prevent proxy access to content prohibited by a network policy, the method comprising:
- A. receiving a network location access request from a client at the threat management facility;
  
  B. analyzing the network location access request to discover if the network location request includes a primary URL of a proxy site and a secondary URL within the primary URL of a website to be accessed through the proxy site;
  
  C. in response to a discovery of the secondary URL in step B wherein the secondary URL includes a location for proxy access from the client through the proxy site identified in the primary URL, determining if the secondary URL is a restricted URL to which the client is restricted from access by the network policy; and
  
  D. in the event the secondary URL is the restricted URL as identified in the network policy, providing an action in association with access to at least one of the primary URL and the secondary URL.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20, further comprising:
    - registering the secondary URL as a new restricted URL in the network policy.
  - 22. The method of claim 20, wherein the action is blocking access by the client to the secondary URL through the proxy site.
  - 23. The method of claim 20, wherein the action is providing a warning to a user about a violation of the network policy.
  - 24. The method of claim 20, wherein the action is logging the network location access request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Plc (Sophos Group Ltd.)
Inventors
Ianchici, Alexander, Cook, Robert Wendell, Roy, Cory Michael
Primary Examiner(s)
Barot, Bharat

Application Number

US12/132,979
Publication Number

US 20090307360A1
Time in Patent Office

1,308 Days
Field of Search

709223-229, 709245-246, 709238-239, 726 1- 2, 726/12, 726 26- 27
US Class Current

709/229
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

Managing use of proxies to access restricted network locations

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Managing use of proxies to access restricted network locations

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others