System And Methodology For Providing Community-Based Security Policies
First Claim
1. In a system comprising a plurality of devices connected to a network, a method for regulating network access at a particular device, the method comprising:
- providing at a plurality of devices connected to a network a security module for establishing security settings, said security settings for regulating network access at said plurality of devices;
collecting information about established security settings from at least some of said plurality of devices;
generating consensus security settings based upon the collected information; and
in response to a request for network access at a particular device, determining whether or not to permit network access based, at least in part, upon the consensus security settings.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and methodology for providing community-based security policies is described. In one embodiment in a system comprising a plurality of devices connected to a network, a security module is provided for establishing security settings for regulating network access at these devices. Information is collected from at least some the devices about the security settings established on such devices and consensus security settings are generated based upon the collected information. In response to a request for network access at a particular device, determining whether or not to permit network access is based, at least in part, upon the consensus security settings.
300 Citations
47 Claims
-
1. In a system comprising a plurality of devices connected to a network, a method for regulating network access at a particular device, the method comprising:
-
providing at a plurality of devices connected to a network a security module for establishing security settings, said security settings for regulating network access at said plurality of devices;
collecting information about established security settings from at least some of said plurality of devices;
generating consensus security settings based upon the collected information; and
in response to a request for network access at a particular device, determining whether or not to permit network access based, at least in part, upon the consensus security settings. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for managing access to resources on a per program basis, the system comprising:
-
a plurality of computers capable of connecting to resources;
a policy module enabling security policies to be defined at said plurality of computers;
a voting module collecting the security policies from said plurality of computers and generating a community-based security policy based upon the collected security policies; and
an enforcement module for trapping a request for access to resources from a particular program at a particular computer and determining whether to permit access to the resources based, at least in part, upon the community-based security policy. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for assisting a user in configuring a program, the method comprising:
-
providing a configuration module at a plurality of computers connected to a network, the configuration module enabling a user to adopt configuration settings for the program;
collecting votes from at least some users of the program based upon the configuration settings adopted by said at least some users at said plurality of computers;
generating recommended configuration settings by tallying the collected votes; and
displaying the recommended configuration settings at a particular computer to assist a user in configuring the program. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. In a system comprising a plurality of computers connected to a network, a method for managing network access, the method comprising:
-
providing a security module enabling security rules to be defined at said plurality of computers, said security rules identifying programs permitted to access the network;
collecting said security rules from said plurality of computers in a repository to form a community-based security policy;
trapping a request for access to the network from a particular program at a particular computer;
if said particular program is included in said security rules at said particular computer, determining whether to permit access to the network based upon said security rules at said particular computer; and
otherwise, if said particular program is not included in said security rules at said particular computer, determining whether to permit access based upon said community based security policy. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47)
-
Specification