Method and system for propagating network policy

US RE48,159 E1
Filed: 08/28/2017
Issued: 08/11/2020
Est. Priority Date: 08/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method for implementing network security comprising:

creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy;

creating, using the plurality of IP values, user-specified zones with filters based on user-specified weights depending upon a characteristic of a source of network traffic;

configuring a domain name system (DNS) server to resolve a DNS query to the network security policy;

receiving a name-to-IP value mapping request from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested;

resolving the network security policy name to the plurality of IP values at the DNS server;

propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for acquiring and disseminating network node characteristics to enable policy decisions including receiving a resolution request from one or more clients in a network environment. Information, for example, network address, is then acquired front one or more sources regarding a specific location in a network, for example, a network node. A list of the network addresses is then generated and ranked based on one or more parameters that merit making traffic handling decisions. The network addresses are then associated with a host name on at least one directory server and then propagated to the one or more clients.

Citations

80 Claims

1. A method for implementing network security comprising:
- creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy;
  
  creating, using the plurality of IP values, user-specified zones with filters based on user-specified weights depending upon a characteristic of a source of network traffic;
  
  configuring a domain name system (DNS) server to resolve a DNS query to the network security policy;
  
  receiving a name-to-IP value mapping request from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested;
  
  resolving the network security policy name to the plurality of IP values at the DNS server;
  
  propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising configuring an allow list or a deny list of the plurality of IP values, wherein the allow list contains IP values indicative of network traffic that should be allowed under the network security policy, and wherein the deny list contains IP values indicative of network traffic that should be denied under the network security policy.
  - 3. The method of claim 1, further comprising configuring the network security policy at the DNS server with a record time to live, the record time to live functioning as a time period of validity for the network security policy.
  - 4. The method of claim 1, wherein the network security policy involves blocking network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is blocked.
  - 5. The method of claim 1, wherein the network security policy involves prioritizing network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic.
  - 6. The method of claim 1, wherein the network security policy involves redirecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is redirected.
  - 7. The method of claim 1, wherein the network security policy involves inspecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is inspected.
  - 8. The method of claim 1, further comprising acquiring at least one of the plurality of IP values from a network security source on a network.

9. A system for propagating network policy comprising:
- a security server configured to create a network security policy to apply to network traffic, wherein a plurality of IP values conform to the network security policy;
  
  a domain name system (DNS) server configured to resolve a network security policy name to the plurality of IP values that conform to the network security policy;
  
  wherein, in operation, the security server creates, using the plurality of IP values, user-specified zones with filters based on user-specified weights depending upon a characteristic of a source of network traffic;
  
  wherein, in operation, the DNS server;
  
  receives a name-to-IP value mapping request from a network device, wherein the network security policy name is a name for which name-to-IP value mapping is requested;
  
  resolves the network security policy name to the plurality of IP values at the DNS server;
  
  propagates the network security policy to a network device by transmitting the plurality of IP values that conform to the network security policy to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, further comprising a list server for configuring an allow list or a deny list of IP values, wherein the allow list contains IP values indicative of network traffic that should be allowed under the network security policy, and wherein the deny list contains IP values indicative of network traffic that should be denied under the network security policy.
  - 11. The system of claim 9, further comprising an acquisition server configured to acquire at least one of the plurality of IP values from a network security source on a network.
  - 12. The system of claim 9, the security server further configured to associate the network security policy with a record time to live, the record time to live functioning as a time period of validity for the network security policy.
  - 13. The system of claim 9, wherein the network security policy involves blocking network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is blocked.
  - 14. The system of claim 9, wherein the network security policy involves prioritizing network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic.
  - 15. The system of claim 9, wherein the network security policy involves redirecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or inure of the plurality of IP values is redirected.
  - 16. The system of claim 9, wherein the network security policy involves inspecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is inspected.

17. A method comprising:
- instantiating a name of a network security policy as a single multi-host lookup value, wherein a plurality of IP values include a first subset of IP values associated with a first hostname and a second subset of IP values associated with a second hostname;
  
  creating an exploit or vulnerability weighted list using the plurality of IP values;
  
  including or excluding one or more of the plurality of IP values when creating the exploit or vulnerability weighted list;
  
  querying a domain name system (DNS) using the network security policy name associated with the network security policy;
  
  receiving a response from the DNS that includes the plurality of IP values;
  
  applying the network security policy to traffic associated with at least one of the plurality of IP values.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17, wherein applying the network security policy to traffic associated with the at least one of the plurality of IP values includes using the plurality of IP values as a white list.
  - 19. The method of claim 17, further comprising reprioritizing one or more of the plurality of IP values within the exploit or vulnerability weighted list.
  - 20. The method of claim 17, wherein the IP values are associated with domain names.
  - 21. The method of claim 17, wherein the IP values include an IP address.
  - 22. The method of claim 17, wherein the IP values include a subnet.
  - 23. The method of claim 17, wherein the DNS includes a private directory server, further comprising establishing a communications link with the private directory server.
  - 24. The method of claim 23, further comprising configuring a network device to establish the communication link with the private directory server.

25. A method for implementing network security comprising:
- creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy;
  
  de-conflicting a current configuration against the plurality of IP values;
  
  creating protocol specific lists including or excluding filters based on needs derived from the de-conflicting;
  
  configuring a domain name system (DNS) server to resolve a DNS query to the network security policy;
  
  receiving a name-to-IP value mapping request from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested;
  
  resolving the network security policy name to the plurality of IP values at the DNS server;
  
  propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The method of claim 25, further comprising configuring an allow list or a deny list of the plurality of IP values, wherein the allow list contains IP values indicative of network traffic that should be allowed under the network security policy, and wherein the deny list contains IP values indicative of network traffic that should be denied under the network security policy.
  - 27. The method of claim 25, further comprising configuring the network security policy at the DNS server with a record time to live, the record time to live functioning as a time period of validity for the network security policy.
  - 28. The method of claim 25, wherein the network security policy involves blocking network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is blocked.
  - 29. The method of claim 25, wherein the network security policy involves prioritizing network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic.
  - 30. The method of claim 25, wherein the network security policy involves redirecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is redirected.
  - 31. The method of claim 25, wherein the network security policy involves inspecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is inspected.
  - 32. The method of claim 25, further comprising acquiring at least one of the plurality of IP values from a network security source on a network.

33. A system for propagating network policy comprising:
- a security server configured to create a network security policy to apply to network traffic, wherein a plurality of IP values conform to the network security policy;
  
  a domain name system (DNS) server configured to resolve a network security policy name to the plurality of IP values that conform to the network security policy;
  
  wherein, in operation, the security server;
  
  de-conflicts a current configuration against the plurality of IP values;
  
  creates protocol specific lists including or excluding filters based on needs derived from the de-conflicting;
  
  wherein, in operation, the DNS server;
  
  receives a name-to-IP value mapping request from a network device, wherein the network security policy name is a name for which name-to-IP value mapping is requested;
  
  resolves the network security policy name to the plurality of IP values at the DNS server;
  
  propagates the network security policy to a network device by transmitting the plurality of IP values that conform to the network security policy to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. The system of claim 33, further comprising a list server for configuring an allow list or a deny list of IP values, wherein the allow list contains IP values indicative of network traffic that should be allowed under the network security policy, and wherein the deny list contains IP values indicative of network traffic that should be denied under the network security policy.
  - 35. The system of claim 33, further comprising an acquisition server configured to acquire at least one of the plurality of IP values from a network security source on a network.
  - 36. The system of claim 33, the security server further configured to associate the network security policy with a record time to live, the record time to live functioning as a time period of validity for the network security policy.
  - 37. The system of claim 33, wherein the network security policy involves blocking network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is blocked.
  - 38. The system of claim 33, wherein the network security policy involves prioritizing network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic.
  - 39. The system of claim 33, wherein the network security policy involves redirecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is redirected.
  - 40. The system of claim 33, wherein the network security policy involves inspecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is inspected.

41. A method for implementing network security comprising:
- creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy;
  
  creating, using the plurality of IP values, zones with filters based on weights depending upon a characteristic of a source of network traffic, the zones and the weights being specified by a user based on a single multi-host address mapping record;
  
  configuring a domain name system (DNS) server to resolve a DNS query to the network security policy;
  
  receiving a name-to-IP value mapping request for name-to-IP value mapping in one of the zones from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested;
  
  resolving the network security policy name to the plurality of IP values at the DNS server;
  
  propagating at least part of the network security policy corresponding to the one of the zones to the network device by transmitting at least part of the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize the at least part of the plurality of IP values when applying network security to the network traffic at the network device.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
- - 42. The method of claim 41, further comprising configuring an allow list or a deny list of the plurality of IP values, wherein the allow list contains IP values indicative of the network traffic that should be allowed under the network security policy, and wherein the deny list contains IP values indicative of the network traffic that should be denied under the network security policy.
  - 43. The method of claim 41, further comprising configuring the network security policy at the DNS server with a record time to live, the record time to live functioning as a time period of validity for the network security policy.
  - 44. The method of claim 41, wherein the network security policy involves blocking the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is blocked.
  - 45. The method of claim 41, wherein the network security policy involves prioritizing the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic.
  - 46. The method of claim 41, wherein the network security policy involves redirecting the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is redirected.
  - 47. The method of claim 41, wherein the network security policy involves inspecting the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is inspected.
  - 48. The method of claim 41, further comprising acquiring at least one of the plurality of IP values from a network security source on a network.

49. A system for propagating network policy comprising:
- a security server configured to create a network security policy to apply to a network traffic, wherein a plurality of IP values conform to the network security policy;
  
  a domain name system (DNS) server configured to resolve a network security policy name to the plurality of IP values that conform to the network security policy;
  
  wherein, in operation, the security server creates zones with filters based on weights depending upon a characteristic of a source of network traffic, the zones and the weights being specified by a user based on a single multi-host address mapping record;
  
  wherein, in operation, the DNS server;
  
  receives a name-to-IP value mapping request for name-to-IP value mapping in one of the zones from a network device, wherein the network security policy name is a name for which name-to-IP value mapping is requested;
  
  resolves the network security policy name to the plurality of IP values at the DNS server;
  
  propagates at least part of the network security policy corresponding to the one of the zones to a network device by transmitting at least part of the plurality of IP values that conform to the at least part of the network security policy to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize the at least part of the plurality of IP values when applying network security to the network traffic at the network device.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56)
- - 50. The system of claim 49, further comprising a list server for configuring an allow list or a deny list of IP values, wherein the allow list contains IP values indicative of the network traffic that should be allowed under the network security policy, and wherein the deny list contains IP values indicative of the network traffic that should be denied under the network security policy.
  - 51. The system of claim 49, further comprising an acquisition server configured to acquire at least one of the plurality of IP values from a network security source on a network.
  - 52. The system of claim 49, the security server further configured to associate the network security policy with a record time to live, the record time to live functioning as a time period of validity for the network security policy.
  - 53. The system of claim 49, wherein the network security policy involves blocking the network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is blocked.
  - 54. The system of claim 49, wherein the network security policy involves prioritizing the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic.
  - 55. The system of claim 49, wherein the network security policy involves redirecting the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is redirected.
  - 56. The system of claim 49, wherein the network security policy involves inspecting the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is inspected.

57. A method comprising:
- instantiating a name of a network security policy as a single multi-host lookup value, wherein a plurality of IP values include a first subset of IP values associated with a first hostname and a second subset of IP values associated with a second hostname;
  
  creating an exploit or vulnerability weighted list using the plurality of IP values;
  
  including or excluding one or more of the plurality of IP values when creating the exploit or vulnerability weighted list;
  
  querying a domain name system (DNS) using the network security policy name associated with the network security policy based on the exploit or vulnerability weighted list;
  
  receiving a response from the DNS that includes the exploit or vulnerability weighted list containing one or more of the plurality of IP values that are reprioritized for a specific user;
  
  applying the network security policy based on the exploit or vulnerability weighted list to traffic associated with at least one of the plurality of IP values.
- View Dependent Claims (58, 59, 60, 61, 62, 63, 64)
- - 58. The method of claim 57, wherein applying the network security policy to the traffic associated with the at least one of the plurality of IP values includes using the plurality of IP values as a white list.
  - 59. The method of claim 57, further comprising reprioritizing one or more of the plurality of IP values within the exploit or vulnerability weighted list.
  - 60. The method of claim 57, wherein one or more of the plurality of IP values are associated with domain names.
  - 61. The method of claim 57, wherein one or more of the plurality of IP values include an IP address.
  - 62. The method of claim 57, wherein one or more of the plurality of IP values include a subnet.
  - 63. The method of claim 57, wherein the DNS includes a private directory server, further comprising establishing a communications link with the private directory server.
  - 64. The method of claim 63, further comprising configuring a network device to establish the communication link with the private directory server.

65. A method for implementing network security comprising:
- creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy;
  
  creating protocol specific lists including or excluding filters based on needs derived from resolving of a current configuration of a user against the plurality of IP values;
  
  configuring a domain name system (DNS) server to resolve a DNS query to the network security policy based on the protocol specific lists;
  
  receiving a name-to-IP value mapping request from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested;
  
  resolving the network security policy name to the plurality of IP values at the DNS server;
  
  propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to the network traffic at the network device.
- View Dependent Claims (66, 67, 68, 69, 70, 71, 72)
- - 66. The method of claim 65, further comprising configuring an allow list or a deny list of the plurality of IP values, wherein the allow list contains IP values indicative of the network traffic that should be allowed under the network security policy, and wherein the deny list contains IP values indicative of the network traffic that should be denied under the network security policy.
  - 67. The method of claim 65, further comprising configuring the network security policy at the DNS server with a record time to live, the record time to live functioning as a time period of validity for the network security policy.
  - 68. The method of claim 65, wherein the network security policy involves blocking the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is blocked.
  - 69. The method of claim 65, wherein the network security policy involves prioritizing the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic.
  - 70. The method of claim 65, wherein the network security policy involves redirecting the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is redirected.
  - 71. The method of claim 65, wherein the network security policy involves inspecting the network traffic, and wherein the network traffic having a source IP value or a destination IP value so that references the one or more of the plurality of IP values is inspected.
  - 72. The method of claim 65, further comprising acquiring at least one of the plurality of IP values from a network security source on a network.

73. A system for propagating network policy comprising:
- a security server configured to create a network security policy to apply to a network traffic, wherein a plurality of IP values conform to the network security policy;
  
  a domain name system (DNS) server configured to resolve a network security policy name to the plurality of IP values that conform to the network security policy;
  
  wherein, in operation, the security server creates protocol specific lists including or excluding filters based on needs derived from resolving of a current configuration of a user against the plurality of IP values;
  
  wherein, in operation, the DNS server;
  
  receives a name-to-IP value mapping request from a network device, wherein the network security policy name is a name for which name-to-IP value mapping is requested;
  
  resolves the network security policy name to the plurality of IP values at the DNS server based on the protocol specific lists;
  
  propagates the network security policy to a network device by transmitting the plurality of IP values that conform to the network security policy to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to the network traffic at the network device.
- View Dependent Claims (74, 75, 76, 77, 78, 79, 80)
- - 74. The system of claim 73, further comprising a list server for configuring an allow list or a deny list of IP values, wherein the allow list contains IP values indicative of the network traffic that should be allowed under the network security policy, and wherein the deny list contains IP values indicative of the network traffic that should be denied under the network.
  - 75. The system of claim 73, further comprising an acquisition server configured to acquire at least one of the plurality of IP values from a network security source on a network.
  - 76. The system of claim 73, the security server further configured to associate the network security policy with a record time to live, the record time to live functioning as a time period of validity for the network security policy.
  - 77. The system of claim 73, wherein the network security policy involves blocking the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is blocked.
  - 78. The system of claim 73, wherein the network security policy involves prioritizing the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic.
  - 79. The system of claim 73, wherein the network security policy involves redirecting the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is redirected.
  - 80. The system of claim 73, wherein the network security policy involves inspecting the network traffic, and wherein the network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is inspected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ThreatSTOP, Inc.
Original Assignee
ThreatSTOP, Inc.
Inventors
Byrnes, Tomas L.
Primary Examiner(s)
Nguyen, Minh Dieu

Application Number

US15/688,761
Time in Patent Office

1,079 Days
Field of Search

726 1- 2, 726 22
US Class Current
CPC Class Codes

N/A

Method and system for propagating network policy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

80 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for propagating network policy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

80 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links