Enabling NAC reassessment based on fingerprint change
First Claim
Patent Images
1. A method of providing security for a network, comprising:
- monitoring network traffic associated with a client computer connected to the network for an activity pattern indicating that a configuration change of the client computer may or may not have occurred, wherein the monitoring is based upon an observation of a trigger in the network traffic;
detecting the activity pattern;
accessing a previously stored activity pattern associated with the client computer;
comparing the previously stored activity pattern with the detected activity pattern to determine a fingerprint difference;
detecting a configuration change of the client computer if the fingerprint difference exceeds a difference threshold; and
restricting access by the client computer to the network if the detected activity pattern was not previously associated with the client computer and indicates that the configuration change of the client computer may have occurred.
3 Assignments
0 Petitions
Accused Products
Abstract
Providing security for a network is disclosed. Network traffic associated with a host is monitored. If an activity pattern associated with a configuration change of the host is observed, access by the host to the network is restricted based at least in part on the observed activity pattern.
-
Citations
20 Claims
-
1. A method of providing security for a network, comprising:
-
monitoring network traffic associated with a client computer connected to the network for an activity pattern indicating that a configuration change of the client computer may or may not have occurred, wherein the monitoring is based upon an observation of a trigger in the network traffic; detecting the activity pattern; accessing a previously stored activity pattern associated with the client computer; comparing the previously stored activity pattern with the detected activity pattern to determine a fingerprint difference; detecting a configuration change of the client computer if the fingerprint difference exceeds a difference threshold; and restricting access by the client computer to the network if the detected activity pattern was not previously associated with the client computer and indicates that the configuration change of the client computer may have occurred. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for providing security for a network, comprising:
-
a processor, configured to; monitor network traffic associated with a client computer connected to the network for an activity pattern indicating that a configuration change of the client computer may or may not have occurred, wherein the monitoring is based upon an observation of a trigger in the network traffic; detect the activity pattern; access a previously stored activity pattern associated with the client computer; compare the previously stored activity pattern with the detected activity pattern to determine a fingerprint difference; detect a configuration change of the client computer if the fingerprint difference exceeds a difference threshold; and restrict access by the client computer to the network if the detected activity pattern was not previously associated with the client computer and indicates that the configuration change of the client computer may have occurred; and a memory, coupled to the processor, configured to provide the processor with instructions. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for providing security for a network, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
monitoring network traffic associated with a client computer connected to the network for an activity pattern indicating that a configuration change of the client computer may or may not have occurred, wherein the monitoring is based upon an observation of a trigger in the network traffic; detecting the activity pattern; accessing a previously stored activity pattern associated with the client computer; comparing the previously stored activity pattern with the detected activity pattern to determine a fingerprint difference; detecting a configuration change of the client computer if the fingerprint difference exceeds a difference threshold; and restricting access by the client computer to the network if the detected activity pattern was not previously associated with the client computer and indicates that the configuration change of the client computer may have occurred. - View Dependent Claims (18, 19, 20)
-
Specification