Detection of network environment for network access control
First Claim
Patent Images
1. A network access control (NAC) method comprising:
- receiving a request at a network access control module to connect a device to a network;
if a security policy is received for the connection of the device, applying the received security policy for the device;
if a security policy for the connection of the device is not received, then;
determining the domain of the device and establishing a security policy for the connection of the device based on the determined domain as follows;
determining whether the device is in an enterprise domain, and, if not, setting a non-enterprise security policy, and if the device is in the enterprise domain, then determining whether the device is in a network access control domain, and, if the device is not in a network access control domain, then setting a non-NAC environment security policy, and, if the device is in a network access control domain, then setting a non-compliant enterprise host security policy, and applying the established security policy to the device; and
determining whether to approve the request to connect the device to the network based at least in part on the security policy applied for the device;
wherein applying a security policy comprises enforcing security policy compliance for devices connecting to the network.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for detection of network environment to aid policy selection for network access control. An embodiment of a method includes receiving a request to connect a device to a network and, if a security policy is received for the connection of the device, applying the policy for the device. If a security policy for the connection of the device is not received, the domain of the device is determined by determining whether the device is in an enterprise domain and determining whether the device is in a network access control domain, which allows selection of an appropriate domain/environment specific policy.
-
Citations
25 Claims
-
1. A network access control (NAC) method comprising:
- receiving a request at a network access control module to connect a device to a network;
if a security policy is received for the connection of the device, applying the received security policy for the device;
if a security policy for the connection of the device is not received, then;
determining the domain of the device and establishing a security policy for the connection of the device based on the determined domain as follows;
determining whether the device is in an enterprise domain, and, if not, setting a non-enterprise security policy, and if the device is in the enterprise domain, then determining whether the device is in a network access control domain, and, if the device is not in a network access control domain, then setting a non-NAC environment security policy, and, if the device is in a network access control domain, then setting a non-compliant enterprise host security policy, and applying the established security policy to the device; and
determining whether to approve the request to connect the device to the network based at least in part on the security policy applied for the device;
wherein applying a security policy comprises enforcing security policy compliance for devices connecting to the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- receiving a request at a network access control module to connect a device to a network;
-
11. A network security apparatus for a network comprising:
- a network access control module, wherein, if the network access control module receives a security policy for the connection of a device to the network, the network access module is to identify the received security policy for the device, and, if the network access control module does not receive a security policy for the connection of a device to the network, the network access control module is to identify the platform of the device and a security policy for the connection of the device, the identification of the platform and security policy including;
a determination whether the device in contained in an enterprise domain, and, if not, identifying a non-enterprise security policy, and if the device is in the enterprise domain, then a determination whether the device is contained in a network access control domain, and, if the device is not in a network access control domain, then identifying a non-NAC environment security policy, and, if the device is in a network access control domain, then identifying a non-compliant enterprise host security policy; and
a network management module, the network management module to control access of the device to the network based at least in part on the determination of the platform of the device and the identified security policy;
wherein to control access of the device to the network based at least in part on a security policy comprises enforcing security policy compliance for devices connecting to the network. - View Dependent Claims (12, 13, 14)
- a network access control module, wherein, if the network access control module receives a security policy for the connection of a device to the network, the network access module is to identify the received security policy for the device, and, if the network access control module does not receive a security policy for the connection of a device to the network, the network access control module is to identify the platform of the device and a security policy for the connection of the device, the identification of the platform and security policy including;
-
15. A system comprising:
- a network access control module for a network to determine network access for a device;
a trust server to provide compliance vectors to the network access control module; and
a router, the router to direct a device connection request to the network access control module, the device supporting a network management system;
wherein, if the network access control module receives a security policy for the connection of a device to the network, the network access control module is to identify the received security policy for the device, and, if the network access control module does not receive a security policy for the connection of a device to the network, the network access control module obtains data regarding the device to determine the domain of the device, including;
whether the device is contained in an enterprise domain, and, if not, identifying a non-enterprise security policy, and if the device is in the enterprise domain, then whether the device is contained in a network access control domain, and, if the device is not in a network access control domain, then identifying a non-NAC environment security policy, and, if the device is in a network access control domain, then identifying a non-compliant enterprise host security policy;
wherein for the connection of a device to the network based at least in part on a security policy comprises enforcing security policy compliance for devices connecting to the network. - View Dependent Claims (16, 17, 18, 19, 20, 21)
- a network access control module for a network to determine network access for a device;
-
22. A non-transitory computer-readable medium having stored thereon data representing sequences of instructions that, when executed by a processor, cause the processor to perform operations comprising:
- receiving a request at a network access control module to connect a device to a network;
if a security policy is received for the connection of the device, applying the received security policy for the device; and
if a security policy for the connection of the device is not received, then;
determining the domain of the device and establishing a security policy for the connection of the device based on the determined domain as follows;
determining whether the device is in an enterprise domain, and, if not, setting a non-enterprise security policy, and if the device is in the enterprise domain, then determining whether the device is in a network access control domain, and, if the device is not in a network access control domain, then setting a non-NAC environment security policy, and, if the device is in a network access control domain, then setting a non-compliant enterprise host security policy, and applying the established security policy to the device; and
determining whether to approve the request to connect the device to the network based at least in part on the security policy applied for the device;
wherein applying a security policy comprises enforcing security policy compliance for devices connecting to the network. - View Dependent Claims (23, 24, 25)
- receiving a request at a network access control module to connect a device to a network;
Specification