Method and apparatus for providing security in an intranet network
First Claim
Patent Images
1. A method for providing security in a virtual private network, the method comprising:
- defining, by a processor of a customer edge router, a protected server group, wherein the protected server group identifies a subset of all customer endpoint devices in the virtual private network, wherein the subset includes a server within the virtual private network to be protected;
receiving, by the processor, a packet; and
applying, by the processor, an outbound access control list to the packet when the packet is from a server in the protected server group, wherein the outbound access control list comprises an outbound list of internet protocol addresses that the protected server group is allowed to initiate a session with, wherein the applying the outbound access control list comprises;
determining that the packet is from the server in the protected server group and that the packet is sent without being solicited; and
blocking a transmission of the packet that is sent without being solicited.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and an apparatus for providing security in an intranet network are disclosed. For example, the method receives a packet at a customer edge router, and applies an inbound access control list by the customer edge router to the packet if the packet is destined to a server in a protected server group, wherein said protected server group identifies one or more servers within the intranet network to be protected. The method applies an outbound access control list by the customer edge router to the packet if the packet is from a server in the protected server group.
-
Citations
20 Claims
-
1. A method for providing security in a virtual private network, the method comprising:
-
defining, by a processor of a customer edge router, a protected server group, wherein the protected server group identifies a subset of all customer endpoint devices in the virtual private network, wherein the subset includes a server within the virtual private network to be protected; receiving, by the processor, a packet; and applying, by the processor, an outbound access control list to the packet when the packet is from a server in the protected server group, wherein the outbound access control list comprises an outbound list of internet protocol addresses that the protected server group is allowed to initiate a session with, wherein the applying the outbound access control list comprises; determining that the packet is from the server in the protected server group and that the packet is sent without being solicited; and blocking a transmission of the packet that is sent without being solicited. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A tangible non-transitory computer-readable medium storing a plurality of instructions which, when executed by a processor of a customer edge router, cause the processor to perform operations for providing security in a virtual private network, the operations comprising:
-
defining a protected server group, wherein the protected server group identifies a subset of all customer endpoint devices in the virtual private network, wherein the subset includes a server within the virtual private network to be protected; receiving a packet; and applying an outbound access control list to the packet when the packet is from a server in the protected server group, wherein the outbound access control list comprises an outbound list of Internet protocol addresses that the protected server group is allowed to initiate a session with, wherein the applying the outbound access control list comprises; determining that the packet is from the server in the protected server group and that the packet is sent without being solicited; and blocking a transmission of the packet that is sent without being solicited. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for providing security in a virtual private network, the apparatus comprising:
-
a processor of a customer edge router; and a non-transitory computer-readable medium storing a plurality of instructions which, when executed by the processor, cause the processor to perform operations, the operations comprising; defining a protected server group, wherein the protected server group identifies a subset of all customer endpoint devices in the virtual private network, wherein the subset includes a server within the virtual private network to be protected; receiving a packet; and applying an outbound access control list to the packet when the packet is from a server in the protected server group, wherein the outbound access control list comprises an outbound list of internet protocol addresses that the protected server group is allowed to initiate a session with, wherein the applying the outbound access control list comprises; determining that the packet is from the server in the protected server group and that the packet is sent without being solicited; and blocking a transmission of the packet that is sent without being solicited. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification