Secure enterprise network
First Claim
1. A method of implementing a security system that enables transparent authentication and transparent policy enforcement in a fabric of a network, the method comprising:
- receiving, after an authentication process, a packet stream sent from a network host prior to the packet stream reaching a network resource comprising access to one or more applications;
identifying an authentication exchange packet in the packet stream, the authentication exchange packet being associated with the authentication process, wherein the authentication exchange packet includes authenticated information;
determining, using the authentication exchange packet and a directory service, a user associated with the packet stream and whether the user has authorization to access the network resource and the one or more applications; and
creating a network policy based on the identifying and the determining, the network policy defining whether the user has access to the network resource and the one or more applications.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system enables transparent authentication and transparent policy enforcement in a fabric of a network. In an exemplary embodiment thereof, a packet stream sent from a network host to a network resource is received at a security system. The security system identifies an authentication exchange packet in the packet stream and determines, using the authentication exchange packet and a directory service, a user identity associated with the packet stream and whether the identified user has authorization to access the network resource. A network policy is created that defines whether the user has access to the network resource.
-
Citations
19 Claims
-
1. A method of implementing a security system that enables transparent authentication and transparent policy enforcement in a fabric of a network, the method comprising:
-
receiving, after an authentication process, a packet stream sent from a network host prior to the packet stream reaching a network resource comprising access to one or more applications; identifying an authentication exchange packet in the packet stream, the authentication exchange packet being associated with the authentication process, wherein the authentication exchange packet includes authenticated information; determining, using the authentication exchange packet and a directory service, a user associated with the packet stream and whether the user has authorization to access the network resource and the one or more applications; and creating a network policy based on the identifying and the determining, the network policy defining whether the user has access to the network resource and the one or more applications. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a directory server comprising user information, user authorization information, and network policy information; and at least one processor programmed to; receive, after an authentication process, a packet stream sent from a network host prior to the packet stream reaching a network resource comprising access to one or more applications; identify an authentication exchange packet in the packet stream, the authentication exchange packet being associated with the authentication process, wherein the authentication exchange packet includes authenticated information; determine, using the authentication exchange packet and the directory server, a user associated with the packet stream and whether the user has authorization to access the network resource and the one or more applications; and create a network policy based on the identifying and the determining, the network policy defining whether the user has access to the network resource and the one or more applications. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable medium comprising computer-readable instructions thereon that instruct one or more processors to:
-
receive, after an authentication exchange process, a packet stream sent from a network host prior to the packet stream reaching a network resource comprising access to one or more applications; identify an authentication exchange packet in the packet stream, the authentication exchange packet being associated with the authentication process, wherein the authentication exchange packet includes authenticated information; determine, using the authentication exchange packet and a directory service, a user associated with the packet stream and whether the user has authorization to access the network resource and the one or more applications; and create a network policy based on the identifying and the determining, the network policy defining whether the user has access to the network resource and the one or more applications. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification