Automated security policy enforcement and auditing
First Claim
1. A method of managing a connection to or from a device, the method comprising the steps of:
- a computer identifying connections of the device;
based on the connections, the computer determining and classifying the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device;
the computer determining that an existing or proposed connection is inconsistent with the classification of the device, and subsequently, the computer receiving a confirmation of the existing or proposed connection from a user, the confirmation permitting the existing or proposed connection to remain unchanged, without a modification of the existing or proposed connection and without a modification of a policy that specifies the classification of the device, even though the existing or proposed connection is inconsistent with the classification, and the computer displaying an indication or sending a notification that the existing or proposed connection is inconsistent with the classification of the device;
the computer determining one or more other devices have one or more classifications that match the classification of the device;
the computer determining respective one or more other existing or proposed connections of the one or more other devices are inconsistent with the one or more classifications;
the computer receiving one or more other confirmations of the one or more other existing or proposed connections;
the computer determining a count of the confirmation and the one or more other confirmations and determining the count is greater than a threshold number of confirmations;
subsequent to the step of determining the count, the computer classifying another device based on security zones to which the other device is or has been connected, a quality of service requirement for one or more applications within the other device, or a level of ITSM for the other device;
the computer determining another existing or proposed connection of the other device is inconsistent with the classification of the other device; and
based on the count being greater than the threshold number of confirmations, the computer permitting another existing or proposed connection of the other device to remain unchanged, without requiring a confirmation of the other existing or proposed connection, without a modification of the other existing or proposed connection and without a modification of a policy that specifies the classification of the other device, even though the other existing or proposed connection is inconsistent with the classification.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach for managing a connection to or from a device is presented. Connections of the device are identified. Based on the connections, the device is determined and classified based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management for the device. Whether an existing or proposed connection of the device is consistent with the classification of the device is determined, and if not, an indication is displayed or a notification is sent that the existing or proposed connection is inconsistent with the classification of the device.
32 Citations
18 Claims
-
1. A method of managing a connection to or from a device, the method comprising the steps of:
-
a computer identifying connections of the device; based on the connections, the computer determining and classifying the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device; the computer determining that an existing or proposed connection is inconsistent with the classification of the device, and subsequently, the computer receiving a confirmation of the existing or proposed connection from a user, the confirmation permitting the existing or proposed connection to remain unchanged, without a modification of the existing or proposed connection and without a modification of a policy that specifies the classification of the device, even though the existing or proposed connection is inconsistent with the classification, and the computer displaying an indication or sending a notification that the existing or proposed connection is inconsistent with the classification of the device; the computer determining one or more other devices have one or more classifications that match the classification of the device; the computer determining respective one or more other existing or proposed connections of the one or more other devices are inconsistent with the one or more classifications; the computer receiving one or more other confirmations of the one or more other existing or proposed connections; the computer determining a count of the confirmation and the one or more other confirmations and determining the count is greater than a threshold number of confirmations; subsequent to the step of determining the count, the computer classifying another device based on security zones to which the other device is or has been connected, a quality of service requirement for one or more applications within the other device, or a level of ITSM for the other device; the computer determining another existing or proposed connection of the other device is inconsistent with the classification of the other device; and based on the count being greater than the threshold number of confirmations, the computer permitting another existing or proposed connection of the other device to remain unchanged, without requiring a confirmation of the other existing or proposed connection, without a modification of the other existing or proposed connection and without a modification of a policy that specifies the classification of the other device, even though the other existing or proposed connection is inconsistent with the classification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system for managing a connection to or from a device, the computer system comprising:
-
a CPU; a computer-readable memory; a computer-readable storage device; first program instructions to identify connections of the device; second program instructions to, based on the connections, determine and classify the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device; third program instructions to determine that an existing or proposed connection is inconsistent with the classification of the device, and subsequently, receive a confirmation of the existing or proposed connection from a user, the confirmation permitting the existing or proposed connection to remain unchanged, without a modification of the existing or proposed connection and without a modification of a policy that specifies the classification of the device, even though the existing or proposed connection is inconsistent with the classification and display an indication or send a notification that the existing or proposed connection is inconsistent with the classification of the device, fourth program instructions to determine one or more other devices have one or more classifications that match the classification of the device; fifth program instructions to determine respective one or more other existing or proposed connections of the one or more other devices are inconsistent with the one or more classifications; sixth program instructions to receive one or more other confirmations of the one or more other existing or proposed connections; seventh program instructions to determine a count of the confirmation and the one or more other confirmations and determine the count is greater than a threshold number of confirmations; eighth program instructions to, subsequent to the seventh program instructions determining the count, classify another device based on security zones to which the other device is or has been connected, a quality of service requirement for one or more applications within the other device, or a level of ITSM for the other device; ninth program instructions to determine another existing or proposed connection of the other device is inconsistent with the classification of the other device; and tenth program instructions to, based on the count being greater than the threshold number of confirmations, permit another existing or proposed connection of the other device to remain unchanged, without requiring a confirmation of the other existing or proposed connection, without a modification of the other existing or proposed connection and without a modification of a policy that specifies the classification of the other device, even though the other existing or proposed connection is inconsistent with the classification, wherein the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth program instructions are stored on the computer-readable storage device for execution by the CPU via the computer-readable memory. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer program product for managing a connection to or from a device, the computer program product comprising:
-
computer-readable storage device(s); and computer-readable program instructions stored on the computer-readable storage device(s), the computer-readable program instructions when executed by a CPU; identify connections of the device; based on the connections, determine and classify the device based on security zones to which the device is or has been connected, a quality of service requirement for one or more applications within the device, or a level of information technology service management (ITSM) for the device; determine that an existing or proposed connection is inconsistent with the classification of the device, and subsequently, receive a confirmation of the existing or proposed connection from a user, the confirmation permitting the existing or proposed connection to remain unchanged, without a modification of the existing or proposed connection and without a modification of a policy that specifies the classification of the device, even though the existing or proposed connection is inconsistent with the classification, and display an indication or send a notification that the existing or proposed connection is inconsistent with the classification of the device; determine one or more other devices have one or more classifications that match the classification of the device; determine respective one or more other existing or proposed connections of the one or more other devices are inconsistent with the one or more classifications; receive one or more other confirmations of the one or more other existing or proposed connections; determine a count of the confirmation and the one or more other confirmations and determine the count is greater than a threshold number of confirmations; classify, subsequent to determining the count, another device based on security zones to which the other device is or has been connected, a quality of service requirement for one or more applications within the other device, or a level of ITSM for the other device; determine another existing or proposed connection of the other device is inconsistent with the classification of the other device; and based on the count being greater than the threshold number of confirmations, permit another existing or proposed connection of the other device to remain unchanged, without requiring a confirmation of the other existing or proposed connection, without a modification of the other existing or proposed connection and without a modification of a policy that specifies the classification of the other device, even though the other existing or proposed connection is inconsistent with the classification. - View Dependent Claims (15, 16, 17, 18)
-
Specification