Monitoring remote access to an enterprise network
First Claim
1. A method of operating a computing device comprising at least one processor for monitoring remote access by entities to resources through security associations in an enterprise network, the method comprising, with the at least one processor:
- for each security association created between one of the entities and one of the resources, generating a session identifier;
associating security associations having matching session, identifiers with unique entity sessions, wherein each security association associated with a unique entity session has a same session identifier;
associating entity sessions with connections, based on at least identities of remote client computers related to the security associations, such that each entity session associated with a connection is related to a same remote client computer, such that each connection represents security associations created for resources on the enterprise network accessed through the same remote client computer; and
providing a representation of each connection, the representation indicating one or more of the resources accessed by one or more of the entities through the same remote client computer over the connection.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques to provide an improved representation of remote network access for a network administrator managing and controlling access to resources on an enterprise network. The representation indicates resources accessed by a remote computer or by a user of that computer and provides associated information useful for managing remote network access. To create the representation, multiple security associations formed between a remote client computer and resources on the enterprise network are associated with entity sessions, based on identical session identifiers generated for each security association within an entity session. The entity sessions may be aggregated into a to DirectAccess “connection” between the remote client computer and the enterprise network, based on an identity of the remote client computer. Resources accessed over the connection may be identified using a session identifier of each entity session so that security associations in that entity session may be matched with the resources.
-
Citations
20 Claims
-
1. A method of operating a computing device comprising at least one processor for monitoring remote access by entities to resources through security associations in an enterprise network, the method comprising, with the at least one processor:
-
for each security association created between one of the entities and one of the resources, generating a session identifier; associating security associations having matching session, identifiers with unique entity sessions, wherein each security association associated with a unique entity session has a same session identifier; associating entity sessions with connections, based on at least identities of remote client computers related to the security associations, such that each entity session associated with a connection is related to a same remote client computer, such that each connection represents security associations created for resources on the enterprise network accessed through the same remote client computer; and providing a representation of each connection, the representation indicating one or more of the resources accessed by one or more of the entities through the same remote client computer over the connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer for monitoring remote access by entities to resources through security associations in an enterprise network, the computer comprising at least one processor, the computer adapted to, with the at least one processor:
-
for each security association, generate a session identifier; associate security associations having matching session identifiers, with unique entity sessions, wherein each security association associated with one of the unique entity sessions has a same session identifier; associate entity sessions with connections, based on at least identities of remote client computers related to the security associations, such that each entity session associated with a connection is related to a same remote client computer, such that each connection represents security associations created for resources on the enterprise network accessed through the same remote client computer; and provide a representation of each connection, the representation indicating one or more of the resources accessed by one or more of the entities through the same remote client computer over the connection. - View Dependent Claims (14, 15, 16)
-
-
17. At least one computer-readable storage medium, being at least one of memory and nonvolatile storage, comprising computer-executable instructions that, when executed by at least one processor, implement a method of monitoring remote access by entities to resources through security associations in an enterprise network, the method comprising:
-
for each security associated created between one of the entities and one of the resources, generating a session identifier; associating security associations having matching session identifiers with unique entity sessions, wherein each security association associated with a unique entity session has a same session identifier; associating entity sessions with connections, based on at least identities of remote client computers related to the security associations, such that each entity session associated with a connection is related to a same remote client computer, such that each connection represents security associations created for resources on the enterprise network accessed through the same remote client computer connected; and providing information on each connection, the information indicating one or more of the resources accessed by one or more of the entities through the same remote client computer over the connection. - View Dependent Claims (18, 19, 20)
-
Specification