Locked down network interface
First Claim
1. A logic device for intercepting a data flow from a network source to a network destination, the logic device comprising:
- a data store holding a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period;
a packet inspector configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow, wherein the temporary compliance rule is generated in response to the inspected data flow being associated with a compliance rule with a corresponding action comprising the generation of said temporary compliance rule; and
a packet filter configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid,wherein said logic device is further configured to when the data flow is identified as being associated with the temporary compliance rule, inform a compliance rule controller of the generation of a temporary compliance rule, the compliance rule controller being configured to audit the data flow and determine whether the temporary compliance rule is to be made permanent.
6 Assignments
0 Petitions
Accused Products
Abstract
A logic device and method are provided for intercepting a data flow from a network source to a network destination. A data store holds a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period. A packet inspector is configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow. A packet filter is configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid.
193 Citations
20 Claims
-
1. A logic device for intercepting a data flow from a network source to a network destination, the logic device comprising:
-
a data store holding a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period; a packet inspector configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow, wherein the temporary compliance rule is generated in response to the inspected data flow being associated with a compliance rule with a corresponding action comprising the generation of said temporary compliance rule; and a packet filter configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid, wherein said logic device is further configured to when the data flow is identified as being associated with the temporary compliance rule, inform a compliance rule controller of the generation of a temporary compliance rule, the compliance rule controller being configured to audit the data flow and determine whether the temporary compliance rule is to be made permanent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 20)
-
-
12. A method comprising:
-
intercepting a data flow from a network source to a network destination; storing a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period; inspecting the intercepted data flow and identifying a temporary compliance rule associated with the inspected data flow, wherein the temporary compliance rule is generated in response to the inspected data flow being associated with a compliance rule with a corresponding action comprising the generation of said temporary compliance rule; when the data flow is identified as being associated with the temporary compliance rule, carrying out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid; when the data flow is identified as being associated with the temporary compliance rule, informing a compliance rule controller of the generation of a temporary compliance rule; and auditing by the compliance rule controller the data flow and determining whether the temporary compliance rule is to be made permanent. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification