Computer security lock down methods
First Claim
Patent Images
1. A computer program product embodied in a non-transitory computer readable medium that, when executing on a client computing facility, performs the steps of:
- obtaining security compliance information from a security policy resident at a server location, wherein the server location is a threat management facility remote from the client computing facility and accessible by the client computing facility through a data network;
determining a security compliance state of the client computing facility by comparing the security compliance information with configuration information of the client computing facility;
identifying external storage devices that are external to the client computing facility and locally coupled in a communicating relationship to the client computing facility through a local device port selected from a group consisting of a USB port, a Firewire port, a WiFi port, a serial port, and a parallel port; and
when the security compliance state indicates that the client computing facility is in an out of compliance condition according to the security compliance information from the security policy resident at the server location, blocking communications between the client computing facility and the external storage devices thereby preventing files from being written to or executed from the external storage devices.
9 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention extend the enforcement of computer security policies by blocking device access as well as network access. In some embodiments, communications with external devices are blocked upon discovery that some aspect of the client computing facility is out of compliance vis-à-vis a security policy.
-
Citations
19 Claims
-
1. A computer program product embodied in a non-transitory computer readable medium that, when executing on a client computing facility, performs the steps of:
-
obtaining security compliance information from a security policy resident at a server location, wherein the server location is a threat management facility remote from the client computing facility and accessible by the client computing facility through a data network; determining a security compliance state of the client computing facility by comparing the security compliance information with configuration information of the client computing facility; identifying external storage devices that are external to the client computing facility and locally coupled in a communicating relationship to the client computing facility through a local device port selected from a group consisting of a USB port, a Firewire port, a WiFi port, a serial port, and a parallel port; and when the security compliance state indicates that the client computing facility is in an out of compliance condition according to the security compliance information from the security policy resident at the server location, blocking communications between the client computing facility and the external storage devices thereby preventing files from being written to or executed from the external storage devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification