Network appliance for customizable quarantining of a node on a network
First Claim
1. A method, comprising:
- intercepting a network packet transmitted to a device by an enforcement point in a network, wherein the network packet is transmitted in response to a request from the device to join the network;
determining information identifying a port on the enforcement point at which the request is received, wherein the information identifying the port is determined by evaluating the contents of the intercepted network packet;
establishing a network connection to a network access control appliance (NACA) in the network; and
transmitting the information identifying the port to the NACA to enable security enforcement operations to be performed on the device via the NACA, wherein the security enforcement operations include;
selecting a first quarantined network from a plurality of quarantined networks if the first quarantined network is not managing another device, wherein devices on different quarantined networks are inhibited from accessing each other; and
causing the device to be quarantined by placing the device on the first quarantined network such that communications over the network by the device are restricted and traffic for the device is filtered through the NACA, wherein the NACA enforces the quarantine of the device through the enforcement point by placing the port of the enforcement point into the first quarantined network.
11 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and apparatus are directed to managing access to a network. An agent may intercept a network packet transmitted by an enforcement point in response to a request from a device to join the network. The agent identifies, based on the network packet, a port number on the enforcement point at which the request is received. The agent may transmit the port number to a NACA to enable security enforcement operations to be performed on the device. Another device may reside outside the quarantined network and be enabled by the NACA to direct a remediation measure to be performed on the device using at least the port number. The NACA may spoof an ARP response with an address of the NACA to restrict access to resources. The NACA may also place the device into one of a plurality of quarantined networks.
58 Citations
11 Claims
-
1. A method, comprising:
-
intercepting a network packet transmitted to a device by an enforcement point in a network, wherein the network packet is transmitted in response to a request from the device to join the network; determining information identifying a port on the enforcement point at which the request is received, wherein the information identifying the port is determined by evaluating the contents of the intercepted network packet; establishing a network connection to a network access control appliance (NACA) in the network; and transmitting the information identifying the port to the NACA to enable security enforcement operations to be performed on the device via the NACA, wherein the security enforcement operations include; selecting a first quarantined network from a plurality of quarantined networks if the first quarantined network is not managing another device, wherein devices on different quarantined networks are inhibited from accessing each other; and causing the device to be quarantined by placing the device on the first quarantined network such that communications over the network by the device are restricted and traffic for the device is filtered through the NACA, wherein the NACA enforces the quarantine of the device through the enforcement point by placing the port of the enforcement point into the first quarantined network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification