Systems and methods for protecting network devices
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving, by a computer system implementing a gateway to a private network, a request from a client device for a network tunnel between the client device and a network device in the private network;
authenticating the client device by the computer system;
upon authenticating the client device, receiving, from an authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with;
upon receiving the client access list, verifying, by the computer system, that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and
upon verifying that the network device in the private network is part of the list of network devices the client device is allowed to communicate with, establishing, by the computer system, the network tunnel between the client device and the network device in the private network through the gateway.
9 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure help protect network devices from unauthorized access. Among other things, embodiments of the disclosure allow full access to application servers and other network devices that a client is allowed to access, while preventing all access (or even knowledge) of network devices the client is not allowed to access.
-
Citations
19 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a computer system implementing a gateway to a private network, a request from a client device for a network tunnel between the client device and a network device in the private network; authenticating the client device by the computer system; upon authenticating the client device, receiving, from an authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with; upon receiving the client access list, verifying, by the computer system, that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and upon verifying that the network device in the private network is part of the list of network devices the client device is allowed to communicate with, establishing, by the computer system, the network tunnel between the client device and the network device in the private network through the gateway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory, computer-readable medium storing instructions that, when executed, cause a computer system implementing a gateway to a private network to:
-
receive a request from a client device for a network tunnel between the client device and a network device in the private network; authenticate the client device; upon authenticating the client device, receive, from an authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with; upon receiving the client access list, verify that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and upon verifying that the network device in the private network is part of the list of network devices the client device is allowed to communicate with, establish the network tunnel between the client device and the network device in the private network through the gateway.
-
-
19. A computer system implementing a gateway, the computer system comprising:
-
a processor; and non-transitory memory in communication with the processor and storing instructions that, when executed by the processor, cause the computer system to; receive a request from a client device for a network tunnel between the client device and a network device in the private network; authenticate the client device; upon authenticating the client device, receive, from an authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with; upon receiving the client access list, verify that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and upon verifying that the network device in the private network is part of the list of network devices the client device is allowed to communicate with, establish the network tunnel between the client device and the network device in the private network through the gateway.
-
Specification