Method and apparatus for providing security in an intranet network
First Claim
Patent Images
1. A method for providing security in a virtual private network, comprising:
- defining, by a processor of a customer edge router, a protected server group, wherein the protected server group identifies a subset of all customer endpoint devices in the virtual private network, wherein the subset includes a server within the virtual private network to be protected;
receiving, by the processor, a packet; and
applying, by the processor, an inbound access control list to the packet when the packet is destined to a server in the protected server group, wherein the inbound access control list comprises an inbound list of internet protocol addresses that are not allowed to be accessed by the protected server group, wherein the applying inbound access control list comprises;
determining the packet is destined to the server in the protected server group, and that the packet comprises a message which is allowed to proceed to the server in the protected server group.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and an apparatus for providing security in an intranet network are disclosed. For example, the method receives a packet at a customer edge router, and applies an inbound access control list by the customer edge router to the packet if the packet is destined to a server in a protected server group, wherein said protected server group identifies one or more servers within the intranet network to be protected. The method applies an outbound access control list by the customer edge router to the packet if the packet is from a server in the protected server group.
-
Citations
20 Claims
-
1. A method for providing security in a virtual private network, comprising:
-
defining, by a processor of a customer edge router, a protected server group, wherein the protected server group identifies a subset of all customer endpoint devices in the virtual private network, wherein the subset includes a server within the virtual private network to be protected; receiving, by the processor, a packet; and applying, by the processor, an inbound access control list to the packet when the packet is destined to a server in the protected server group, wherein the inbound access control list comprises an inbound list of internet protocol addresses that are not allowed to be accessed by the protected server group, wherein the applying inbound access control list comprises; determining the packet is destined to the server in the protected server group, and that the packet comprises a message which is allowed to proceed to the server in the protected server group. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium storing a plurality of instructions which, when executed by a processor of a customer edge router, cause the processor to perform operations for providing security in a virtual private network, the operations comprising:
-
defining a protected server group, wherein the protected server group identifies a subset of all customer endpoint devices in the virtual private network, wherein the subset includes a server within the virtual private network to be protected; receiving a packet; and applying an inbound access control list to the packet when the packet is destined to a server in the protected server group, wherein the inbound access control list comprises an inbound list of internet protocol addresses that are not allowed to be accessed by the protected server group, wherein the applying inbound access control list comprises; determining the packet is destined to the server in the protected server group, and that the packet comprises a message which is allowed to proceed to the server in the protected server group. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for providing security in a virtual private network, comprising:
-
a processor of a customer edge router; and a computer-readable medium storing a plurality of instructions which, when executed by the processor, cause the processor to perform operations, the operations comprising; defining a protected server group, wherein the protected server group identifies a subset of all customer endpoint devices in the virtual private network, wherein the subset includes a server within the virtual private network to be protected; receiving a packet; and applying an inbound access control list to the packet when the packet is destined to a server in the protected server group, wherein the inbound access control list comprises an inbound list of internet protocol addresses that are not allowed to be accessed by the protected server group, wherein the applying inbound access control list comprises; determining the packet is destined to the server in the protected server group, and that the packet comprises a message which is allowed to proceed to the server in the protected server group. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification