Credentials enforcement using a firewall
First Claim
Patent Images
1. A system for credentials enforcement using a firewall, comprising:
- a processor of a network device configured to;
store a plurality of user credentials at the network device;
monitor network traffic at the network device to determine if there is a match between the plurality of user credentials and one or more of the plurality of user credentials for external site authentication, comprising to;
monitor network communications between a client and an external site; and
determine if the client sends a request that includes user credentials for authentication at the external site, comprising to;
determine whether a bloom filter accepts the user credentials included in the request, wherein the bloom filter is generated based at least in part on the stored plurality of user credentials, the bloom filter being located in the network device, the bloom filter being configured to have a false positive rate set to a predetermined threshold, the predetermined threshold being non-zero, wherein the determining of whether the bloom filter accepts the user credentials comprises to;
determine whether a first hash of a first portion and a second portion of a first user credential of the user credentials included in the request corresponds to a second hash of a third portion and a fourth portion of a second user credential of the stored plurality of user credentials, the first portion and the second portion being non-overlapping and non-adjacent portions of the first user credential, the third portion and the fourth portion being non-overlapping and non-adjacent portions of the second user credential; and
in response to a determination that the first hash corresponds to the second hash, determine that the bloom filter accepts the user credentials included in the request; and
in response to a determination that the bloom filter accepts the user credentials included in the request;
send the user credentials included in the request to an enterprise data store to query the enterprise data store whether the user credentials included in the request are enterprise user credentials, the external site being separate from the enterprise data store, the enterprise data store being separate from the network device; and
receive, from the enterprise data store, query results indicating whether or not the user credentials match the enterprise user credentials; and
perform an action if the match between the plurality of user credentials and the one or more of the plurality of user credentials for external site authentication is determined, wherein the action corresponds to blocking the network traffic, generating an alert, sending a block page that notifies the user that using enterprise credentials on this external site is not recommended or is prohibited, logging network activity, or any combination thereof; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.
-
Citations
21 Claims
-
1. A system for credentials enforcement using a firewall, comprising:
-
a processor of a network device configured to; store a plurality of user credentials at the network device; monitor network traffic at the network device to determine if there is a match between the plurality of user credentials and one or more of the plurality of user credentials for external site authentication, comprising to; monitor network communications between a client and an external site; and determine if the client sends a request that includes user credentials for authentication at the external site, comprising to; determine whether a bloom filter accepts the user credentials included in the request, wherein the bloom filter is generated based at least in part on the stored plurality of user credentials, the bloom filter being located in the network device, the bloom filter being configured to have a false positive rate set to a predetermined threshold, the predetermined threshold being non-zero, wherein the determining of whether the bloom filter accepts the user credentials comprises to;
determine whether a first hash of a first portion and a second portion of a first user credential of the user credentials included in the request corresponds to a second hash of a third portion and a fourth portion of a second user credential of the stored plurality of user credentials, the first portion and the second portion being non-overlapping and non-adjacent portions of the first user credential, the third portion and the fourth portion being non-overlapping and non-adjacent portions of the second user credential; and
in response to a determination that the first hash corresponds to the second hash, determine that the bloom filter accepts the user credentials included in the request; andin response to a determination that the bloom filter accepts the user credentials included in the request;
send the user credentials included in the request to an enterprise data store to query the enterprise data store whether the user credentials included in the request are enterprise user credentials, the external site being separate from the enterprise data store, the enterprise data store being separate from the network device; and
receive, from the enterprise data store, query results indicating whether or not the user credentials match the enterprise user credentials; andperform an action if the match between the plurality of user credentials and the one or more of the plurality of user credentials for external site authentication is determined, wherein the action corresponds to blocking the network traffic, generating an alert, sending a block page that notifies the user that using enterprise credentials on this external site is not recommended or is prohibited, logging network activity, or any combination thereof; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for credentials enforcement using a firewall, comprising:
-
storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match between the plurality of user credentials and one or more of the plurality of user credentials, comprising; monitoring network communications between a client and an external site; and determining if the client sends a request that includes user credentials for authentication at the external site, comprising; determining whether a bloom filter accepts the user credentials included in the request, wherein the bloom filter is generated based at least in part on the stored plurality of user credentials, the bloom filter being located in the network device, the bloom filter being configured to have a false positive rate set to a predetermined threshold, the predetermined threshold being non-zero, wherein the determining of whether the bloom filter accepts the user credentials comprises; determining whether a first hash of a first portion and a second portion of a first user credential of the user credentials included in the request corresponds to a second hash of a third portion and a fourth portion of a second user credential of the stored plurality of user credentials, the first portion and the second portion being non-overlapping and non-adjacent portions of the first user credential, the third portion and the fourth portion being non-overlapping and non-adjacent portions of the second user credential; and in response to a determination that the first hash corresponds to the second hash, determining that the bloom filter accepts the user credentials included in the request; and in response to a determination that the bloom filter accepts the user credentials included in the request; sending the user credentials included in the request to an enterprise data store to query the enterprise data store whether the user credentials included in the request are enterprise user credentials, the external site being separate from the enterprise data store, the enterprise data store being separate from the network device; and receiving, from the enterprise data store, query results indicating whether or not the user credentials match the enterprise user credentials; and performing an action if the match between the plurality of user credentials and the one or more of the plurality of user credentials for external site authentication is determined, wherein the action corresponds to blocking the network traffic, generating an alert, sending a block page that notifies the user that using enterprise credentials on this external site is not recommended or is prohibited, logging network activity, or any combination thereof.
-
-
21. A computer program product for credentials enforcement using a firewall, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match between the plurality of user credentials and one or more of the plurality of user credentials, comprising; monitoring network communications between a client and an external site; and determining if the client sends a request that includes user credentials for authentication at the external site, comprising; determining whether a bloom filter accepts the user credentials included in the request, wherein the bloom filter is generated based at least in part on the stored plurality of user credentials, the bloom filter being located in the network device, the bloom filter being configured to have a false positive rate set to a predetermined threshold, the predetermined threshold being non-zero, wherein the determining of whether the bloom filter accepts the user credentials comprises; determining whether a first hash of a first portion and a second portion of a first user credential of the user credentials included in the request corresponds to a second hash of a third portion and a fourth portion of a second user credential of the stored plurality of user credentials, the first portion and the second portion being non-overlapping and non-adjacent portions of the first user credential, the third portion and the fourth portion being non-overlapping and non-adjacent portions of the second user credential; and in response to a determination that the first hash corresponds to the second hash, determining that the bloom filter accepts the user credentials included in the request; and in response to a determination that the bloom filter accepts the user credentials included in the request; sending the user credentials included in the request to an enterprise data store to query the enterprise data store whether the user credentials included in the request are enterprise user credentials, the external site being separate from the enterprise data store, the enterprise data store being separate from the network device; and receiving, from the enterprise data store, query results indicating whether or not the user credentials match the enterprise user credentials; and performing an action if the match between the plurality of user credentials and the one or more of the plurality of user credentials for external site authentication is determined, wherein the action corresponds to blocking the network traffic, generating an alert, sending a block page that notifies the user that using enterprise credentials on this external site is not recommended or is prohibited, logging network activity, or any combination thereof.
-
Specification