System, method and computer program product for controlling network communications based on policy compliance

US 8,301,767 B1
Filed: 12/21/2005
Issued: 10/30/2012
Est. Priority Date: 12/21/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

assessing compliancy, based on one or more policies, of at least one subset of computers, each of which include an instance of a scanner, wherein said compliancy is assessed by the respective instance of a scanner;

receiving, at a server, information over a communication network relating to the at least one subset of computers that are at least potentially out of compliance with the one or more policies, wherein the information is received from the respective instance of a scanner;

compiling a blacklist utilizing the information, wherein the blacklist identifies the at least one subset of computers; and

sending, by the server, via the communications network the blacklist to a plurality of other computers,wherein network communication involving the at least one subset of computers is controlled at plurality of other computers utilizing the blacklist,wherein a network communication involving the at least one subset of computers is controlled utilizing a respective firewall of the at least one subset of computers such that a two-way quarantining is established in order to isolate out of compliance computers, andwherein a plurality of different subsets of computers is quarantined as a function of the computers themselves, thereby creating multiple quarantine zones, andwherein each of the quarantine zones is defined by domain name and implemented such that one of the computers on the blacklist and included in one of the quarantine zones defined by a first domain is denied from communicating with other computers in the first domain and is allowed to communicate with other computers in a second domain that is different from the first domain, and wherein the information identifying the at least one at least potentially out of compliance computer includes an Internet protocol (IP) address, a description of a behavior, and a severity associated with a violation of the policy that resulted in the at least one subset of computers being at least potentially out of compliance with the policy,wherein a network communication involving the at least one subset of computers is capable of being controlled utilizing a white list, the white list compiled utilizing the information.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A policy management system, method and computer program product are provided. In use, information is received over a network relating to at least one subset of computers that are at least potentially out of compliance with a policy. Further, such information is sent to a plurality of the computers, utilizing the network. To this end, network communication involving the at least one subset of computers is capable of being controlled utilizing the information.

57 Citations

View as Search Results

22 Claims

1. A method, comprising:
- assessing compliancy, based on one or more policies, of at least one subset of computers, each of which include an instance of a scanner, wherein said compliancy is assessed by the respective instance of a scanner;
  
  receiving, at a server, information over a communication network relating to the at least one subset of computers that are at least potentially out of compliance with the one or more policies, wherein the information is received from the respective instance of a scanner;
  
  compiling a blacklist utilizing the information, wherein the blacklist identifies the at least one subset of computers; and
  
  sending, by the server, via the communications network the blacklist to a plurality of other computers,wherein network communication involving the at least one subset of computers is controlled at plurality of other computers utilizing the blacklist,wherein a network communication involving the at least one subset of computers is controlled utilizing a respective firewall of the at least one subset of computers such that a two-way quarantining is established in order to isolate out of compliance computers, andwherein a plurality of different subsets of computers is quarantined as a function of the computers themselves, thereby creating multiple quarantine zones, andwherein each of the quarantine zones is defined by domain name and implemented such that one of the computers on the blacklist and included in one of the quarantine zones defined by a first domain is denied from communicating with other computers in the first domain and is allowed to communicate with other computers in a second domain that is different from the first domain, and wherein the information identifying the at least one at least potentially out of compliance computer includes an Internet protocol (IP) address, a description of a behavior, and a severity associated with a violation of the policy that resulted in the at least one subset of computers being at least potentially out of compliance with the policy,wherein a network communication involving the at least one subset of computers is capable of being controlled utilizing a white list, the white list compiled utilizing the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein the information is received periodically.
  - 3. The method of claim 1, wherein the information is sent to the plurality of the computers periodically.
  - 4. The method of claim 1, wherein the information is received upon it being determined that a compliance status of at least one of the computers has changed.
  - 5. The method of claim 1, wherein the information is sent to the plurality of the computers upon it being determined that a compliance status of at least one of the computers has changed.
  - 6. The method of claim 1, wherein the subset of computers is updated based on the information.
  - 7. The method of claim 1, wherein the white list includes a domain name server (DNS).
  - 8. The method of claim 1, wherein the white list includes a Windows Internet name server (WINS).
  - 9. The method of claim 1, wherein the white list includes a remediation server.
  - 10. The method of claim 1, wherein the white list is configurable by an administrator.
  - 11. The method of claim 1, wherein the white list includes a server that sends the information to the plurality of the computers.
  - 13. The method of claim 9, wherein the remediation server is adapted for providing updates to the computers which are necessary for staying in compliance.
  - 14. The method of claim 8, wherein the WINS converts NetBIOS names to IP addresses for remediation purposes.
  - 15. The method of claim 1, where the white list is updated to add the at least one server.
  - 16. The method of claim 1, wherein the compliancy is assessed upon identification of an event that at least potentially impacts the compliancy of the at least one subset of computers.
  - 17. The method of claim 1, wherein a determination of the compliancy is based on whether a particular behavior has been recognized utilizing heuristics.
  - 18. The method of claim 1, wherein the information identifying the at least one at least potentially out of compliance computer further includes user name.
  - 19. The method of claim 1, further comprising resetting the blacklist by allowing communication with all computers by the plurality of the computers, and sending an updated blacklist to the plurality of computers.
  - 20. The method of claim 1, wherein the white list is provided and includes violation information relating to a severity of a policy violation and a description of activities that prompted the policy violation, and is updated as a function of the violation information, such that a more serious policy violation prompts a more stringent white list.
  - 21. The method of claim 1, wherein, when a computer is determined to be compliant with the policy, information relating to the computer'"'"'s policy compliance is conditionally reported, to a server, depending on whether the computer was out of compliance immediately prior to the determination to preserve bandwidth and processing resources.
  - 22. The method of claim 1, wherein the at least one other subset of the computers identified by the white list thwart network communications with each out of compliance computer to avoid communications with out of compliance computers that are capable of circumventing a firewall.

12. A computer program product embodied on a non-transitory computer readable storage medium for performing operations, comprising:
- assessing compliancy, based on one or more policies, of at least one subset of computers, each of which include an instance of a scanner, wherein said compliancy is assessed by the respective instance of a scanner;
  
  receiving, at least one server, information over a communication network relating to the at least one subset of computers that are at least potentially out of compliance with the one or more policies, wherein the information is received from the respective instance of a scanner;
  
  compiling a blacklist utilizing the information, wherein the blacklist identifies the at least one subset of computers, wherein the blacklist identifies the at least one subset of computers; and
  
  sending, by the at least one server, via the communication network the blacklist to a plurality of other computers,wherein network communications involving the at least one subset of computers is controlled at the plurality of the other computers utilizing the blacklist,wherein network communications involving the at least one subset of computers is controlled utilizing a respective firewall of the at least one subset of computers such that a two-way quarantining is established in order to isolate out of compliance computers, andwherein a plurality of different subsets of computers is quarantined as a function of the computers themselves, thereby creating multiple quarantine zones, andwherein each of the quarantine zones is defined by domain name and implemented such that one of the computers on the blacklist and included in one of the quarantine zones defined by a first domain is denied from communicating with other computers in the first domain and is allowed to communicate with other computers in a second domain that is different from the first domain, and wherein the information identifying the at least one at least potentially out of compliance computer includes an Internet protocol (IP) address, a description of a behavior, and a severity associated with a violation of the policy that resulted in the at least one subset of computers being at least potentially out of compliance with the policy,wherein the network communication involving the at least one subset of computers is capable of being controlled utilizing a white list, the white list compiled utilizing the information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Davis, Michael Anthony, Lowe, Joe C., Zeigler, Arthur S.
Primary Examiner(s)
Divecha, Kamal

Application Number

US11/313,605
Time in Patent Office

2,505 Days
Field of Search

709/206, 709/223, 709/224, 709/225, 709/229, 709/232, 726/1, 726/2, 726/22, 726/26, 726/11
US Class Current

709/225
CPC Class Codes

H04L 63/0272 Virtual private networks

H04L 63/102 Entity profiles

System, method and computer program product for controlling network communications based on policy compliance

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

System, method and computer program product for controlling network communications based on policy compliance

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others