Method and system for propagating network policy
First Claim
Patent Images
1. A method for implementing network security comprising:
- creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy;
creating, using the plurality of IP values, user-specified zones with filters based on user-specified weights depending upon a characteristic of a source of network traffic;
configuring a domain name system (DNS) server to resolve a DNS query to the network security policy;
receiving a name-to-IP value mapping request from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested;
resolving the network security policy name to the plurality of IP values at the DNS server;
propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for acquiring and disseminating network node characteristics to enable policy decisions including receiving a resolution request from one or more clients in a network environment. Information, for example, network address, is then acquired front one or more sources regarding a specific location in a network, for example, a network node. A list of the network addresses is then generated and ranked based on one or more parameters that merit making traffic handling decisions. The network addresses are then associated with a host name on at least one directory server and then propagated to the one or more clients.
-
Citations
80 Claims
-
1. A method for implementing network security comprising:
-
creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy; creating, using the plurality of IP values, user-specified zones with filters based on user-specified weights depending upon a characteristic of a source of network traffic; configuring a domain name system (DNS) server to resolve a DNS query to the network security policy; receiving a name-to-IP value mapping request from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested; resolving the network security policy name to the plurality of IP values at the DNS server; propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for propagating network policy comprising:
-
a security server configured to create a network security policy to apply to network traffic, wherein a plurality of IP values conform to the network security policy; a domain name system (DNS) server configured to resolve a network security policy name to the plurality of IP values that conform to the network security policy; wherein, in operation, the security server creates, using the plurality of IP values, user-specified zones with filters based on user-specified weights depending upon a characteristic of a source of network traffic; wherein, in operation, the DNS server; receives a name-to-IP value mapping request from a network device, wherein the network security policy name is a name for which name-to-IP value mapping is requested; resolves the network security policy name to the plurality of IP values at the DNS server; propagates the network security policy to a network device by transmitting the plurality of IP values that conform to the network security policy to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
instantiating a name of a network security policy as a single multi-host lookup value, wherein a plurality of IP values include a first subset of IP values associated with a first hostname and a second subset of IP values associated with a second hostname; creating an exploit or vulnerability weighted list using the plurality of IP values; including or excluding one or more of the plurality of IP values when creating the exploit or vulnerability weighted list; querying a domain name system (DNS) using the network security policy name associated with the network security policy; receiving a response from the DNS that includes the plurality of IP values; applying the network security policy to traffic associated with at least one of the plurality of IP values. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for implementing network security comprising:
-
creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy; de-conflicting a current configuration against the plurality of IP values; creating protocol specific lists including or excluding filters based on needs derived from the de-conflicting; configuring a domain name system (DNS) server to resolve a DNS query to the network security policy; receiving a name-to-IP value mapping request from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested; resolving the network security policy name to the plurality of IP values at the DNS server; propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
-
33. A system for propagating network policy comprising:
-
a security server configured to create a network security policy to apply to network traffic, wherein a plurality of IP values conform to the network security policy; a domain name system (DNS) server configured to resolve a network security policy name to the plurality of IP values that conform to the network security policy; wherein, in operation, the security server; de-conflicts a current configuration against the plurality of IP values; creates protocol specific lists including or excluding filters based on needs derived from the de-conflicting; wherein, in operation, the DNS server; receives a name-to-IP value mapping request from a network device, wherein the network security policy name is a name for which name-to-IP value mapping is requested; resolves the network security policy name to the plurality of IP values at the DNS server; propagates the network security policy to a network device by transmitting the plurality of IP values that conform to the network security policy to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
-
41. A method for implementing network security comprising:
-
creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy; creating, using the plurality of IP values, zones with filters based on weights depending upon a characteristic of a source of network traffic, the zones and the weights being specified by a user based on a single multi-host address mapping record; configuring a domain name system (DNS) server to resolve a DNS query to the network security policy; receiving a name-to-IP value mapping request for name-to-IP value mapping in one of the zones from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested; resolving the network security policy name to the plurality of IP values at the DNS server; propagating at least part of the network security policy corresponding to the one of the zones to the network device by transmitting at least part of the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize the at least part of the plurality of IP values when applying network security to the network traffic at the network device. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
-
-
49. A system for propagating network policy comprising:
-
a security server configured to create a network security policy to apply to a network traffic, wherein a plurality of IP values conform to the network security policy; a domain name system (DNS) server configured to resolve a network security policy name to the plurality of IP values that conform to the network security policy; wherein, in operation, the security server creates zones with filters based on weights depending upon a characteristic of a source of network traffic, the zones and the weights being specified by a user based on a single multi-host address mapping record; wherein, in operation, the DNS server; receives a name-to-IP value mapping request for name-to-IP value mapping in one of the zones from a network device, wherein the network security policy name is a name for which name-to-IP value mapping is requested; resolves the network security policy name to the plurality of IP values at the DNS server; propagates at least part of the network security policy corresponding to the one of the zones to a network device by transmitting at least part of the plurality of IP values that conform to the at least part of the network security policy to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize the at least part of the plurality of IP values when applying network security to the network traffic at the network device. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56)
-
-
57. A method comprising:
-
instantiating a name of a network security policy as a single multi-host lookup value, wherein a plurality of IP values include a first subset of IP values associated with a first hostname and a second subset of IP values associated with a second hostname; creating an exploit or vulnerability weighted list using the plurality of IP values; including or excluding one or more of the plurality of IP values when creating the exploit or vulnerability weighted list; querying a domain name system (DNS) using the network security policy name associated with the network security policy based on the exploit or vulnerability weighted list; receiving a response from the DNS that includes the exploit or vulnerability weighted list containing one or more of the plurality of IP values that are reprioritized for a specific user; applying the network security policy based on the exploit or vulnerability weighted list to traffic associated with at least one of the plurality of IP values. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64)
-
-
65. A method for implementing network security comprising:
-
creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy; creating protocol specific lists including or excluding filters based on needs derived from resolving of a current configuration of a user against the plurality of IP values; configuring a domain name system (DNS) server to resolve a DNS query to the network security policy based on the protocol specific lists; receiving a name-to-IP value mapping request from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested; resolving the network security policy name to the plurality of IP values at the DNS server; propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to the network traffic at the network device. - View Dependent Claims (66, 67, 68, 69, 70, 71, 72)
-
-
73. A system for propagating network policy comprising:
-
a security server configured to create a network security policy to apply to a network traffic, wherein a plurality of IP values conform to the network security policy; a domain name system (DNS) server configured to resolve a network security policy name to the plurality of IP values that conform to the network security policy; wherein, in operation, the security server creates protocol specific lists including or excluding filters based on needs derived from resolving of a current configuration of a user against the plurality of IP values; wherein, in operation, the DNS server; receives a name-to-IP value mapping request from a network device, wherein the network security policy name is a name for which name-to-IP value mapping is requested; resolves the network security policy name to the plurality of IP values at the DNS server based on the protocol specific lists; propagates the network security policy to a network device by transmitting the plurality of IP values that conform to the network security policy to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to the network traffic at the network device. - View Dependent Claims (74, 75, 76, 77, 78, 79, 80)
-
Specification