Network appliance for customizable quarantining of a node on a network

US 8,520,512 B2
Filed: 07/31/2006
Issued: 08/27/2013
Est. Priority Date: 01/26/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

intercepting a network packet transmitted to a device by an enforcement point in a network, wherein the network packet is transmitted in response to a request from the device to join the network;

determining information identifying a port on the enforcement point at which the request is received, wherein the information identifying the port is determined by evaluating the contents of the intercepted network packet;

establishing a network connection to a network access control appliance (NACA) in the network; and

transmitting the information identifying the port to the NACA to enable security enforcement operations to be performed on the device via the NACA, wherein the security enforcement operations include;

selecting a first quarantined network from a plurality of quarantined networks if the first quarantined network is not managing another device, wherein devices on different quarantined networks are inhibited from accessing each other; and

causing the device to be quarantined by placing the device on the first quarantined network such that communications over the network by the device are restricted and traffic for the device is filtered through the NACA, wherein the NACA enforces the quarantine of the device through the enforcement point by placing the port of the enforcement point into the first quarantined network.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and apparatus are directed to managing access to a network. An agent may intercept a network packet transmitted by an enforcement point in response to a request from a device to join the network. The agent identifies, based on the network packet, a port number on the enforcement point at which the request is received. The agent may transmit the port number to a NACA to enable security enforcement operations to be performed on the device. Another device may reside outside the quarantined network and be enabled by the NACA to direct a remediation measure to be performed on the device using at least the port number. The NACA may spoof an ARP response with an address of the NACA to restrict access to resources. The NACA may also place the device into one of a plurality of quarantined networks.

58 Citations

View as Search Results

11 Claims

1. A method, comprising:
- intercepting a network packet transmitted to a device by an enforcement point in a network, wherein the network packet is transmitted in response to a request from the device to join the network;
  
  determining information identifying a port on the enforcement point at which the request is received, wherein the information identifying the port is determined by evaluating the contents of the intercepted network packet;
  
  establishing a network connection to a network access control appliance (NACA) in the network; and
  
  transmitting the information identifying the port to the NACA to enable security enforcement operations to be performed on the device via the NACA, wherein the security enforcement operations include;
  
  selecting a first quarantined network from a plurality of quarantined networks if the first quarantined network is not managing another device, wherein devices on different quarantined networks are inhibited from accessing each other; and
  
  causing the device to be quarantined by placing the device on the first quarantined network such that communications over the network by the device are restricted and traffic for the device is filtered through the NACA, wherein the NACA enforces the quarantine of the device through the enforcement point by placing the port of the enforcement point into the first quarantined network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein transmitting the information comprises transmitting other information about credentials of the device.
  - 3. The method of claim 1, wherein the network packet is a discovery protocol packet.
  - 4. The method of claim 1, further comprising:
    - before enabling the security enforcement operations to be performed on the device, providing a first authentication measure; and
      
      if the device fails the first authentication measure, providing a second authentication measure, including a web based authentication mechanism.
  - 5. The method of claim 1, further comprising enabling another device outside of the plurality of quarantined networks to direct a remediation measure to be performed on the device to bring the device into compliance with a security policy.
  - 6. The method of claim 1, wherein the network packet is intercepted by an agent on the device.
  - 7. The method of claim 1, wherein the network packet is intercepted by an agent external to the device, wherein the agent is in communication with the device.
  - 8. The method of claim 1, further comprising:
    - receiving health and compliance checking information related to the device; and
      
      transmitting the health and compliance checking information to the NACA.
  - 9. The method of claim 8, wherein the health and compliance checking information is received from an outside intelligence entity.
  - 10. The method of claim 1, wherein the quarantine is enforced on the enforcement point by the NACA at an Open Systems Interconnection (OSI) protocol layer 2.
  - 11. The method of claim 1, wherein the traffic of the quarantined device is filtered by a filter rule preventing the device from communicating with any port on the enforcement point except a port associated with the NACA.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Gilde, Robert G., Boscolo, Christopher Daniel
Primary Examiner(s)
Sefcheck, Gregory
Assistant Examiner(s)
YOUNG, STEVE R

Application Number

US11/461,321
Publication Number

US 20130091534A1
Time in Patent Office

2,584 Days
Field of Search

None
US Class Current

370/230
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0227   Filtering policies mail mes...

H04L 63/10   for controlling access to d...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/025   for remote control or remot...

Network appliance for customizable quarantining of a node on a network

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

11 Claims

Specification

Use Cases

Quick Links

Others

Network appliance for customizable quarantining of a node on a network

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

11 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others