Using geographical information in policy enforcement
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
receive, from a device having an associated source IP address, a request to access a resource having an associated destination IP address;
determine a security policy based at least in part on an IP address-geolocation mapping associated with at least one of the source IP address and the destination IP address, wherein the security policy includes at least one action to be taken by the system with respect to the request; and
enforce the security policy based at least in part on the IP address-geolocation mapping;
a data store configured to store a plurality of IP address-geolocation mappings, wherein a geolocation comprises at least one of (1) country information and (2) a user-defined region; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Using geographical information in policy enforcement is disclosed. A policy is determined based on geographical information associated with an IP address. A policy is enforced based at least in part on the geographical information. The IP address may be either a source IP address or a destination IP address. In some cases network traffic is monitored to determine the IP address.
-
Citations
17 Claims
-
1. A system, comprising:
-
a processor configured to; receive, from a device having an associated source IP address, a request to access a resource having an associated destination IP address; determine a security policy based at least in part on an IP address-geolocation mapping associated with at least one of the source IP address and the destination IP address, wherein the security policy includes at least one action to be taken by the system with respect to the request; and enforce the security policy based at least in part on the IP address-geolocation mapping; a data store configured to store a plurality of IP address-geolocation mappings, wherein a geolocation comprises at least one of (1) country information and (2) a user-defined region; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
receiving, from a device having an associated source IP address, a request to access a resource having an associated destination IP address; determining, by a processor, a security policy based at least in part on an IP address-geolocation mapping associated with at least one of the source IP address and the destination IP address, wherein the security policy includes at least one action to be taken with respect to the request; and enforcing the security policy based at least in part on the geographical information; wherein a plurality of IP address-geolocation mappings are included in a data store accessible to the processor and wherein a geolocation comprises at least one of (1) country information and (2) a user-defined region.
-
-
17. A computer program product embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
receiving, from a device having an associated source IP address, a request to access a resource having an associated destination IP address; determining a security policy based at least in part on an IP address-geolocation mapping associated with at least one of the source IP address and the destination IP address, wherein the security policy includes at least one action to be taken with respect to the request; and enforcing the security policy based at least in part on the geographical information; wherein the instructions further comprise instructions for accessing a plurality of IP address-geolocation mappings included in a data store and wherein a geolocation comprises at least one of (1) country information and (2) a user-defined region.
-
Specification