Self-isolating and self-healing networked devices
First Claim
Patent Images
1. A method comprising:
- monitoring a host electronic system with a monitoring component of the host electronic system to determine whether a network connection for the host electronic system is operating within a predefined operating profile that includes at least network packet transmission parameters, wherein the monitoring component comprises an embedded agent;
generating an indication of out-of-profile operation when the network connection for the host electronic system is not operating within the predefined operating profile;
taking action on one or more components within the host electronic system in response to the indication of out-of-profile operation by isolating the one or more components from a network to which the host electronic system is coupled while maintaining an out-of-band communication channel for the host electronic system, wherein the out-of-band communication channel is maintained by the embedded agent that operates independently of a host operating system executing on the host electronic system and is used for management purposes to allow one or more components not isolated from the network to restore or repair a condition causing the out-of-profile operation, wherein the embedded agent is coupled to an embedded firmware agent via a bi-directional agent bus, and the embedded agent and embedded firmware agent operate together to provide manageability and/or security functionality;
examining, as part of a network authentication process when the host system is first authenticated to the network, a connection history of the host electronic system to determine a boot history and network connection history of the host system since a previous secure connection, wherein the connection history comprises at least an amount of traffic, a kind of traffic by category and a destination network; and
isolating the host electronic system if untrusted networks were contacted or untrusted peripherals were installed until an approved configuration can be validated or restored via the out-of-band network connection.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for self-isolation of a network device that has been identified as potentially harmful. The network device may be isolated from the network except for an out-of-band communication channel that can be used for management purposes to restore or repair the device prior to the network connection being re-established.
68 Citations
58 Claims
-
1. A method comprising:
-
monitoring a host electronic system with a monitoring component of the host electronic system to determine whether a network connection for the host electronic system is operating within a predefined operating profile that includes at least network packet transmission parameters, wherein the monitoring component comprises an embedded agent; generating an indication of out-of-profile operation when the network connection for the host electronic system is not operating within the predefined operating profile; taking action on one or more components within the host electronic system in response to the indication of out-of-profile operation by isolating the one or more components from a network to which the host electronic system is coupled while maintaining an out-of-band communication channel for the host electronic system, wherein the out-of-band communication channel is maintained by the embedded agent that operates independently of a host operating system executing on the host electronic system and is used for management purposes to allow one or more components not isolated from the network to restore or repair a condition causing the out-of-profile operation, wherein the embedded agent is coupled to an embedded firmware agent via a bi-directional agent bus, and the embedded agent and embedded firmware agent operate together to provide manageability and/or security functionality; examining, as part of a network authentication process when the host system is first authenticated to the network, a connection history of the host electronic system to determine a boot history and network connection history of the host system since a previous secure connection, wherein the connection history comprises at least an amount of traffic, a kind of traffic by category and a destination network; and isolating the host electronic system if untrusted networks were contacted or untrusted peripherals were installed until an approved configuration can be validated or restored via the out-of-band network connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. An article comprising a non-transitory computer-readable medium having stored thereon instructions that, when executed, cause one or more processors to:
-
monitor a host electronic system with a monitoring component of the host electronic system to determine whether a network connection for the host electronic system is operating within a predefined operating profile that includes at least network packet transmission parameters, wherein the monitoring component comprises an embedded agent; generate an indication of out-of-profile operation when the network connection for the host electronic system is not operating within the predefined operating profile; take action on one or more components within the host electronic system in response to the indication of out-of-profile operation by isolating the one or more components from a network to which the host electronic system is coupled while maintaining an out-of-band communication channel for the host electronic system, wherein the out-of-band communication channel is maintained by the embedded agent that operates independently of a host operating system executing on the host electronic system and is used for management purposes to allow one or more components not isolated from the network to restore or repair a condition causing the out-of-profile operation, wherein the embedded agent is coupled an to embedded firmware agent via a bi-directional agent bus, and the embedded agent and embedded firmware agent operate together to provide manageability and/or security functionality; examine, as part of a network authentication process when the host system is first authenticated to the network, a connection history of the host electronic system to determine a boot history and network connection history of the host system since a previous secure connection, wherein the connection history comprises at least an amount of traffic, a kind of traffic by category and a destination network; and isolate the host electronic system if untrusted networks were contacted or untrusted peripherals were installed until an approved configuration can be validated or restored via the out-of-band network connection. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. A system comprising:
-
dynamic random access memory (DRAM); one or more processors coupled with the DRAM; and a computer-readable medium having stored thereon instructions that, when executed, cause the one or more processors to monitor a host electronic system with a monitoring component of the host electronic system to determine whether a network connection for the host electronic system is operating within a predefined operating profile that includes at least network packet transmission parameters, wherein the monitoring component comprises an embedded agent, to generate an indication of out-of-profile operation when the network connection for the host electronic system is not operating within the predefined operating profile, to take action on one or more components within the host electronic system in response to the indication of out-of-profile operation by isolating the one or more components from a network to which the host electronic system is coupled while maintaining an out-of-band communication channel for the host electronic system, wherein the out-of-band communication channel is maintained by the embedded agent that operates independently of a host operating system executing on the host electronic system and is used for management purposes to allow one or more components not isolated from the network to restore or repair a condition causing the out-of-profile operation, wherein the embedded agent is coupled to an embedded firmware agent via a bi-directional agent bus, and the embedded agent and embedded firmware agent operate together to provide manageability and/or security functionality, to examine, as part of a network authentication process when the host system is first authenticated to the network, a connection history of the host electronic system to determine a boot history and network connection history of the host system since a previous secure connection, wherein the connection history comprises at least an amount of traffic, a kind of traffic by category and a destination network; and
, and to isolate the host electronic system if untrusted networks were contacted or untrusted peripherals were installed until an approved configuration can be validated or restored via the out-of-band network connection. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
-
Specification