SYSTEM, METHOD, AND COMPUTER PROGRAM FOR PREVENTING INFECTIONS FROM SPREADING IN A NETWORK ENVIRONMENT USING DYNAMIC APPLICATION OF A FIREWALL POLICY
9 Assignments
0 Petitions
Accused Products
Abstract
A method for containing a threat in network environment using dynamic firewall policies is provided. In one example embodiment, the method can include detecting a threat originating from a first node having a source address in a network, applying a local firewall policy to block connections with the source address, and broadcasting an alert to a second node in the network. In more particular embodiments, an alert may be sent to a network administrator identifying the source address and providing remedial information. In yet other particular embodiments, the method may also include applying a remote firewall policy to the first node blocking outgoing connections from the first node.
61 Citations
40 Claims
-
1-20. -20. (canceled)
-
21. One or more computer readable media comprising code for execution, wherein the code is executable by one or more processors to:
-
detect, by a first node, a threat received at the first node from a source node in a network, the network including at least a plurality of nodes having respective security modules; create, at the first node, a first firewall policy to block incoming network requests associated with a source address of the source node; broadcast an alert from the first node to the respective security modules of the plurality of nodes in the network, wherein the broadcast alert comprises the first firewall policy to be applied by the plurality of nodes; and communicate, from the first node to the source node, a second firewall policy to be applied by the source node to block outgoing network requests from the source node to the plurality of nodes in the network. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A first node in a network, comprising:
logic, at least partially comprising hardware logic, to; detect a threat received from a source node in the network, the network including at least a plurality of nodes having respective security modules; apply a first firewall policy to block incoming network requests associated with a source address of the source node; and broadcast an alert to the respective security modules of the plurality of nodes in the network, wherein the broadcast alert comprises the first firewall policy to be applied by the plurality of nodes; and communicate a second firewall policy to the source node to be applied by the source node to block outgoing network requests from the source node to the plurality of nodes in the network. - View Dependent Claims (32, 33, 34)
-
35. A method, comprising:
-
detecting, by a first node, a threat received from a source node in a network, the network including at least a plurality of nodes having respective security modules; creating, at the first node, a first firewall policy to block incoming network requests associated with a source address of the source node; broadcasting an alert from the first node to the respective security modules of the plurality of nodes in the network, wherein the broadcast alert comprises the first firewall policy to be applied by the plurality of nodes; and communicating, from the first node to the source node, a second firewall policy to be applied by the source node to block outgoing network requests from the source node to the plurality of nodes in the network. - View Dependent Claims (36, 37)
-
-
38. One or more computer readable media comprising code for execution, wherein the code is executable by one or more processors to:
-
broadcast an alert from a first node in a network to respective security modules of a plurality of nodes in the network, the broadcast based, at least in part, on a threat received at the first node from a source node in the network being detected by the first node, wherein the broadcast alert comprises a local firewall policy to be applied by the plurality of nodes to block incoming network requests associated with a source address of the source node, wherein the first node is a target of the received threat; and communicate, from the first node to the source node, a second firewall policy to be applied by the source node to block outgoing network requests from the source node to the plurality of nodes in the network. - View Dependent Claims (39, 40)
-
Specification