Virtual host security profiles
First Claim
Patent Images
1. A computer-implemented security system, comprising:
- a set of security profiles that provides communications security for a multi-homed device, each of the security profiles including a set of rules that constrains device connectivity according to that profile, the security profiles being associated with connections from which data packets are being received, the set of security profiles comprising a first security profile being constrained to apply to a first address range for all traffic from a first active connection, and a second security profile being constrained to apply to a second address range for all traffic from a second concurrently active connection, the first security profile being different from the second security profile such that the first security profile does not affect security of the second concurrently active connection and the second security profile does not affect security of the first active connection; and
a security component for determining if the connections are active by examining the data packets received, and responsive to determining that one or more of the connections is active automatically selecting and applying corresponding security profiles to the one or more active connections.
2 Assignments
0 Petitions
Accused Products
Abstract
Architecture that creates and applies a virtual firewall profile for each network to which a multi-homed device is connected. In one implementation, the virtual profiles can be based on address ranges of the networks. This ensures seamless concurrent connectivity of the multi-homed device to multiple networks.
-
Citations
19 Claims
-
1. A computer-implemented security system, comprising:
-
a set of security profiles that provides communications security for a multi-homed device, each of the security profiles including a set of rules that constrains device connectivity according to that profile, the security profiles being associated with connections from which data packets are being received, the set of security profiles comprising a first security profile being constrained to apply to a first address range for all traffic from a first active connection, and a second security profile being constrained to apply to a second address range for all traffic from a second concurrently active connection, the first security profile being different from the second security profile such that the first security profile does not affect security of the second concurrently active connection and the second security profile does not affect security of the first active connection; and a security component for determining if the connections are active by examining the data packets received, and responsive to determining that one or more of the connections is active automatically selecting and applying corresponding security profiles to the one or more active connections. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented security system, comprising:
-
a set of firewall profiles that provides communications security for a multi-homed device, the set of firewall profiles configuring firewall access to the multi-homed device, and being associated with connections from which data packets are being received, the set of firewall profiles comprising a first firewall profile being constrained to apply to a first address range for all traffic from a first active connection, and a second firewall profile being constrained to apply to a second address range for all traffic from a second concurrently active connection to provide seamless concurrent connectivity of the multi-homed device to the first and second active connections, the first firewall profile being different from the second firewall profile; and a security component for determining if the connections are active by examining the data packets received, and responsive to determining that one or more of the connections is active automatically selecting and applying specific firewall profiles to the one or more active connections. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer-implemented security method for a multi-homed device, comprising:
-
detecting concurrently active connections at the multi-homed device by examining data packets received from multiple connections; selecting a security profile from a set of security profiles for each active connection, the security profiles being different from one another such that one security profile does not affect security of an active connection associated with another security profile; applying the security profile for each active connection to provide secure communications over the active connections; and constraining communications to the active connections based on address ranges associated with the active connections as defined in the security profile corresponding to each of the active connections. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification