SYSTEM AND METHOD FOR SECURING NETWORK TRAFFIC
First Claim
Patent Images
1. A method comprising:
- receiving DNS queries sent over the internet;
selecting from three resource access levels for the DNS queries based on an internet resource database and rules set by a network administration interface, wherein the three resource access levels are a permitted level, a restricted level, and a partially permitted level;
returning an unmodified IP address for the permitted level DNS queries;
returning a replacement resource IP address for the restricted level DNS queries, wherein the replacement resource IP address is directed to a block page that allows authentication and, upon successful authentication, stores an access cookie on the client machine;
returning a web proxy server IP address for the partially permitted level DNS queries;
recognizing the access cookie on the client machine and redirecting traffic, sent from the client machine and originally directed to the replacement resource IP address, to the web proxy server IP address;
performing a content analysis of HTTP traffic directed to the web proxy server IP address; and
monitoring and modifying the HTTP traffic directed to the web proxy server IP address based on the rules set by the network administration interface, the access cookie and the content analysis.
3 Assignments
0 Petitions
Accused Products
Abstract
One variation of a method for selectively filtering internet traffic includes: receiving DNS queries; determining resource access levels for the DNS queries based on an internet resource database, wherein the resource access levels comprise a first level, a second level, and a third level returning an unmodified IP address for the first level DNS queries; returning a replacement resource IP address for the second level DNS queries; returning a web proxy server IP address for the third level DNS queries; and regulating HTTP traffic directed to the web proxy server IP address.
91 Citations
23 Claims
-
1. A method comprising:
-
receiving DNS queries sent over the internet; selecting from three resource access levels for the DNS queries based on an internet resource database and rules set by a network administration interface, wherein the three resource access levels are a permitted level, a restricted level, and a partially permitted level; returning an unmodified IP address for the permitted level DNS queries; returning a replacement resource IP address for the restricted level DNS queries, wherein the replacement resource IP address is directed to a block page that allows authentication and, upon successful authentication, stores an access cookie on the client machine; returning a web proxy server IP address for the partially permitted level DNS queries; recognizing the access cookie on the client machine and redirecting traffic, sent from the client machine and originally directed to the replacement resource IP address, to the web proxy server IP address; performing a content analysis of HTTP traffic directed to the web proxy server IP address; and monitoring and modifying the HTTP traffic directed to the web proxy server IP address based on the rules set by the network administration interface, the access cookie and the content analysis. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
receiving DNS queries; determining resource access levels for the DNS queries based on an internet resource database, wherein the resource access levels comprise a first level, a second level, and a third level; returning an unmodified IP address for the first level DNS queries; returning a replacement resource IP address for the second level DNS queries; returning a web proxy server IP address for the third level DNS queries; and regulating HTTP traffic directed to the web proxy server IP address. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for identifying users in the cloud comprising:
-
intercepting DNS requests from a client; determining user identification requirements for the DNS requests; redirecting the client to a web proxy server based on the user identification requirements; and regulating traffic through the web proxy server based on an access token of the client. - View Dependent Claims (20, 21, 22, 23)
-
Specification