Browser access control
First Claim
Patent Images
1. A computer implemented method, comprising:
- receiving at a processing node a request for a domain from a client browser, wherein the processing node is external to a protected network comprising the client browser and is part of a distributed security system, and wherein the domain is external to the protected network and separate from the processing node;
determining at the processing node whether the request for the domain includes browser authorization data indicative of an acceptable browser configuration level to minimize exploitation of the client browser;
if the request for the domain includes the browser authorization data, then allowing the request;
if the request for the domain does not include the browser authorization data, then;
providing a configuration page to the client browser, the configuration page including a configuration script that in response to execution at the client browser generates browser configuration data, the browser configuration data defining a browser configuration of the client browser;
receiving the browser configuration data from the client browser;
comparing the browser configuration data to security policy data associated with the client browser, the security policy data defining a security policy associated with the browser configuration of the client browser;
determining whether the browser configuration data complies with the security policy data based on the comparison; and
if the browser configuration data complies with the security policy data, then providing the browser authorization data to the client browser.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods and apparatus for a distributed security that monitors communications to manage client browser network access based upon the browser configuration of the client browser by use of a configuration script executed in the browser environment. Such management can reduce the exposure of potentially vulnerable client browsers to domains associated with malicious activity.
-
Citations
20 Claims
-
1. A computer implemented method, comprising:
-
receiving at a processing node a request for a domain from a client browser, wherein the processing node is external to a protected network comprising the client browser and is part of a distributed security system, and wherein the domain is external to the protected network and separate from the processing node; determining at the processing node whether the request for the domain includes browser authorization data indicative of an acceptable browser configuration level to minimize exploitation of the client browser; if the request for the domain includes the browser authorization data, then allowing the request; if the request for the domain does not include the browser authorization data, then; providing a configuration page to the client browser, the configuration page including a configuration script that in response to execution at the client browser generates browser configuration data, the browser configuration data defining a browser configuration of the client browser; receiving the browser configuration data from the client browser; comparing the browser configuration data to security policy data associated with the client browser, the security policy data defining a security policy associated with the browser configuration of the client browser; determining whether the browser configuration data complies with the security policy data based on the comparison; and if the browser configuration data complies with the security policy data, then providing the browser authorization data to the client browser. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 17, 18, 19, 20)
-
-
5. The method of 1, further comprising:
if the request for the domain includes the browser authorization data, then; removing the browser authorization data before the request for the domain is allowed; and redirecting the request to the domain.
-
14. A computer implemented method, comprising:
-
providing from a client browser a request for a domain to a processing node external to a protected network comprising the client browser and the processing node is part of a distributed security system, wherein the domain is external to the protected network and separate from the processing node; in response to the request; receiving at the client browser a configuration page including a configuration script; executing at the client browser the configuration script to generate browser configuration data, the browser configuration data defining a browser configuration of the client browser; comparing at the client browser the browser configuration data to security policy data associated with the client browser; determining at the client browser whether the browser configuration data complies with the security policy data based on the comparison; and if the browser configuration data complies with the security policy data, then providing security policy compliance data to the processing node; and receiving, at the client browser, browser authorization data after providing the security policy compliance data to the processing node, the browser authorization data is indicative of an acceptable browser configuration level to minimize exploitation of the client browser. - View Dependent Claims (15)
-
-
16. A network security system, comprising:
-
a processing node external to network edges of an external system, the processing node comprising; a configuration processor configured to; receive a request for a domain from a client browser, wherein the client browser is part of the external system and the domain is external to the external system and separate from the processing node; determine whether the request for the domain includes browser authorization data; identify browser configuration data associated with the request for the domain from the client browser; generate the browser authorization data if the browser configuration data complies with a security policy data associated with the client browser, wherein the browser authorization data is indicative of an acceptable browser configuration level to minimize exploitation of the client browser; and provide the browser authorization data to the client browser.
-
Specification