Automatic intervention
First Claim
Patent Images
1. A gatekeeper appliance, comprising:
- one or more processors; and
a memory coupled with the one or more processors, wherein the memory is configured to provide the one or more processors with instructions which when executed cause the one or more processors to;
provide a monitored session between a client and a first remote network device, wherein a user of the client has been authorized to access the first remote network device;
monitor for indications that the user of the client is attempting to use authorized access to the first remote network device to execute a command to obtain unauthorized access to a second remote network device reachable from the first remote network device, wherein the command is associated with an attempt to roam out from the first remote network device to the second remote network device, wherein a set of authorized commands is defined for the user of the client, and wherein a different set of authorized commands is defined for a different user; and
in response to detecting the command, intercept the detected command and perform one or more actions, wherein performing the one or more actions includes preventing the user of the client from roaming from the first remote network device to the second remote network device, wherein preventing the user of the client from roaming from the first remote network device to the second remote network device includes preventing the detected command from being executed.
3 Assignments
0 Petitions
Accused Products
Abstract
Securing a network is disclosed. A monitored session between a client and a network resource is provided. It is determined whether the client is attempting an authorized command. If the command is determined to be unauthorized, the command is intercepted. Optionally, remedial action is taken if it is determined that the client is attempting an unauthorized command.
24 Citations
22 Claims
-
1. A gatekeeper appliance, comprising:
-
one or more processors; and a memory coupled with the one or more processors, wherein the memory is configured to provide the one or more processors with instructions which when executed cause the one or more processors to; provide a monitored session between a client and a first remote network device, wherein a user of the client has been authorized to access the first remote network device; monitor for indications that the user of the client is attempting to use authorized access to the first remote network device to execute a command to obtain unauthorized access to a second remote network device reachable from the first remote network device, wherein the command is associated with an attempt to roam out from the first remote network device to the second remote network device, wherein a set of authorized commands is defined for the user of the client, and wherein a different set of authorized commands is defined for a different user; and in response to detecting the command, intercept the detected command and perform one or more actions, wherein performing the one or more actions includes preventing the user of the client from roaming from the first remote network device to the second remote network device, wherein preventing the user of the client from roaming from the first remote network device to the second remote network device includes preventing the detected command from being executed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method, comprising:
-
providing a monitored session between a client and a first remote network device, wherein a user of the client has been authorized to access the first remote network device; monitoring, using one or more processors, for indications that the user of the client is attempting to use authorized access to the first remote network device to execute a command to obtain unauthorized access to a second remote network device reachable from the first remote network device, wherein the command is associated with an attempt to roam out from the first remote network device to the second remote network device, wherein a set of authorized commands is defined for the user of the client, and wherein a different set of authorized commands is defined for a different user; and in response to detecting the command, intercepting the detected command and performing one or more actions, wherein performing the one or more actions includes preventing the user of the client from roaming from the first remote network device to the second remote network device, wherein preventing the user of the client from roaming from the first remote network device to the second remote network device includes preventing the detected command from being executed. - View Dependent Claims (18, 19)
-
-
20. A computer program product embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
providing a monitored session between a client and a first remote network device, wherein a user of the client has been authorized to access the first remote network device; monitoring, using a set of one or more processors, for indications that the user of the client is attempting to use authorized access to the first remote network device to execute a command to obtain unauthorized access to a second remote network device reachable from the first remote network device, wherein the command is associated with an attempt to roam out from the first remote network device to the second remote network device, wherein a set of authorized commands is defined for the user of the client, and wherein a different set of authorized commands is defined for a different user; and in response to detecting the command, intercepting the detected command and performing one or more actions, wherein performing the one or more actions includes preventing the user of the client from roaming from the first remote network device to the second remote network device, wherein preventing the user of the client from roaming from the first remote network device to the second remote network device includes preventing the detected command from being executed. - View Dependent Claims (21, 22)
-
Specification