Network security policy enforcement integrated with DNS server
First Claim
1. A method of enforcing a security policy on a user computer in a computer network, said method comprising:
- detecting a request from said user computer of said computer network to access a requested web site, said detecting performed by a plug-in module of a Domain Name Service (DNS) server;
intercepting said request at said DNS server by said plug-in module such that said request is not received by a DNS service on said DNS server;
determining a network address of said user computer by said plug-in module;
performing a security check of said user computer by said plug-in module using one or more probe packets sent by said plug-in module to said network address to determine whether said user computer has implemented a security policy of said computer network;
determining as a result of said security check of said user computer that said security policy is not implemented on said user computer;
redirecting said user computer to a security Web site by returning an Internet Protocol (IP) address to said user computer that is an IP address of said security web site, said IP address not being an IP address of said requested web site; and
displaying a message on said user computer from said security web site indicating said security policy to be implemented on said user computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A plug-in software module of a DNS server helps to enforce a network security policy. The plug-in module scans communication packets at a DNS server computer and intercepts a request from a user computer to access a web site. The intercepted request is not received by the DNS service. The plug-in module initiates a security check of the user computer over a network connection to determine if the user computer has implemented the security policy of the computer network. If the user computer does not implement the security policy then the plug-in module returns an IP address to the user computer that is the IP address of a security web site. The security web site then displays on the user'"'"'s browser an indication of a security policy to be applied. The security web site may also perform the security check.
26 Citations
35 Claims
-
1. A method of enforcing a security policy on a user computer in a computer network, said method comprising:
-
detecting a request from said user computer of said computer network to access a requested web site, said detecting performed by a plug-in module of a Domain Name Service (DNS) server; intercepting said request at said DNS server by said plug-in module such that said request is not received by a DNS service on said DNS server; determining a network address of said user computer by said plug-in module; performing a security check of said user computer by said plug-in module using one or more probe packets sent by said plug-in module to said network address to determine whether said user computer has implemented a security policy of said computer network; determining as a result of said security check of said user computer that said security policy is not implemented on said user computer; redirecting said user computer to a security Web site by returning an Internet Protocol (IP) address to said user computer that is an IP address of said security web site, said IP address not being an IP address of said requested web site; and displaying a message on said user computer from said security web site indicating said security policy to be implemented on said user computer. - View Dependent Claims (2, 3, 4, 5, 17, 18, 21, 24, 25, 27, 30, 33)
-
-
6. A method of enforcing a security policy on a user computer in a computer network, said method comprising:
-
detecting a request from said user computer of said computer network to access a requested web site, said detecting performed by a plug-in module of a Domain Name Service (DNS) server; intercepting said request at said DNS server by said plug-in module such that said request is not received by a DNS service on said DNS server; redirecting said user computer to said security web site by returning an Internet Protocol (IP) address to said user computer that is an IP address of said security web site, said IP address not being an IP address of said requested web site; performing a security check of said user computer to determine whether said user computer has implemented a security policy of said computer network, said security check being performed by software on said security web site; and displaying a message on said user computer from said security web site indicating said security policy to be implemented on said user computer. - View Dependent Claims (7, 8, 9, 10, 11, 19, 22, 23, 28, 31, 34)
-
-
12. A non-transitory and tangible computer-readable medium comprising computer code for enforcing a security policy on a user computer in a network, said computer code of said computer-readable medium effecting the following:
-
scanning communication packets at a Domain Name Service (DNS) server computer; intercepting a request from said user computer of said network to access a requested web site such that said request is received by a plug-in module of said DNS server computer and is not received by a DNS service executing in said DNS server computer; determining a network address of said user computer by said plug-in module; initiating a security check of said user computer by said plug-in module over a network connection using one or more probe packets sent by said plug-in module to said network address to determine whether said user computer has implemented a security policy of said computer network; determining that said user computer does not implement said security policy by examining a response from said user computer to said one or more probe packets; and redirecting said user computer to a security web site by returning an Internet Protocol (IP) address to said user computer that is an IP address of said security web site, said IP address not being an IP address of said requested web site. - View Dependent Claims (13, 14, 15, 16, 20, 26, 29, 32, 35)
-
Specification