System and method for controlling access to network resources
First Claim
1. A method for controlling access to a computer network, the method comprising:
- intercepting by a network access controller a data transmission to or from a computer, wherein the network access controller includes a device associated with the network that has the highest performance rating among a plurality of computers in the network, and wherein the performance rating is determined based on the device'"'"'s configuration and network topology;
identifying by the network access controller a network access policy associated with said computer;
if there is a network access policy associated with said computer, allowing the data transmission to or from said computer based on the associated network access policy;
if there is no network access policy associated with said computer, deploying on said computer an administration agent configured to collect configuration information from said computer and information about topology of said network and send the collected information to the network access controller;
determining by the network access controller a network access policy for said computer based on the collected information;
redirecting the intercepted data transmission based on the network access policy;
activating via the administrative agent of said computer an antivirus software on said computer, the antivirus software configured to perform antivirus analysis of said computer, and, if a malicious activity is detected on said computer, report about said activity to the network access controller; and
limiting by the network access controller data transmissions to or from said computer until the malicious activity is eliminated by the antivirus software to prevent spread of the malicious activity to other computers in the network.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are systems, methods and computer program products for controlling access to a computer network. An example network access controller is configured to intercept data transmission to or from a computer and identify a network access policy associated with said computer. If there is no network access policy associated with said computer, the controller deploys on said computer an administration agent configured to collect configuration information from said computer and information about topology of said network. The controller determines a network access policy for said computer based on the collected information. The controller also activates antivirus software on said computer, to detect any malicious activity on said computer. If malicious activity is detected, the controller limits data transmissions to or from said computer until the malicious activity is eliminated by the antivirus software to prevent spread of the malicious activity to other computers in the network.
-
Citations
15 Claims
-
1. A method for controlling access to a computer network, the method comprising:
-
intercepting by a network access controller a data transmission to or from a computer, wherein the network access controller includes a device associated with the network that has the highest performance rating among a plurality of computers in the network, and wherein the performance rating is determined based on the device'"'"'s configuration and network topology; identifying by the network access controller a network access policy associated with said computer; if there is a network access policy associated with said computer, allowing the data transmission to or from said computer based on the associated network access policy; if there is no network access policy associated with said computer, deploying on said computer an administration agent configured to collect configuration information from said computer and information about topology of said network and send the collected information to the network access controller; determining by the network access controller a network access policy for said computer based on the collected information; redirecting the intercepted data transmission based on the network access policy; activating via the administrative agent of said computer an antivirus software on said computer, the antivirus software configured to perform antivirus analysis of said computer, and, if a malicious activity is detected on said computer, report about said activity to the network access controller; and limiting by the network access controller data transmissions to or from said computer until the malicious activity is eliminated by the antivirus software to prevent spread of the malicious activity to other computers in the network. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for controlling access to a computer network, the system comprising:
-
a network access controller comprising a processor and a memory, wherein the network access controller includes a device associated with the network that has the highest performance rating among a plurality of computers in the network, and wherein the performance rating is determined based on the device'"'"'s configuration and network topology; wherein the memory is configured to store a plurality of network access policies for a plurality of computers in the network; and wherein the processor is configured to; intercept a data transmission to or from a computer; identify a network access policy associated with said computer; if there is a network access policy associated with said computer, allow the data transmission to or from said computer based on the associated network access policy; if there is no network access policy associated with said computer, deploy on said computer an administration agent configured to collect configuration information from said computer and information about topology of said network and send the collected information to the network access controller; determine a network access policy for said computer based on the collected information; redirect the intercepted data transmission based on the network access policy; activate via the administrative agent of said computer an antivirus software on said computer, the antivirus software configured to perform antivirus analysis of said computer, and, if a malicious activity is detected on said computer, report about said activity to the network access controller; and limit data transmissions to or from said computer until the malicious activity is eliminated by the antivirus software to prevent spread of the malicious activity to other computers in the network. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product embedded in a non-transitory computer-readable storage medium, the computer-readable storage medium comprising computer-executable instructions for controlling access to a computer network, the medium comprises instructions for:
-
intercepting by a network access controller a data transmission to or from a computer, wherein the network access controller includes a device associated with the network that has the highest performance rating among a plurality of computers in the network, and wherein the performance rating is determined based on the device'"'"'s configuration and network topology; identifying by the network access controller a network access policy associated with said computer; if there is a network access policy associated with said computer, allowing the data transmission to or from said computer based on the associated network access policy; if there is no network access policy associated with said computer, deploying on said computer an administration agent configured to collect configuration information from said computer and information about topology of said network and send the collected information to the network access controller; determining by the network access controller a network access policy for said computer based on the collected information; redirecting the intercepted data transmission based on the network access policy; activating via the administrative agent of said computer an antivirus software on said computer, the antivirus software configured to perform antivirus analysis of said computer, and, if a malicious activity is detected on said computer, report about said activity to the network access controller; and limiting by the network access controller data transmissions to or from said computer until the malicious activity is eliminated by the antivirus software to prevent spread of the malicious activity to other computers in the network. - View Dependent Claims (12, 13, 14, 15)
-
Specification