Deploying a security policy based on domain names
First Claim
1. A method for deploying a security policy based on domain names comprising:
- receiving a network request from an endpoint at a firewall, the network request including an address for a remote resource;
when the address includes a domain name, applying the security policy to the network request based upon the domain name; and
when the address includes an Internet Protocol (IP) address, performing the steps of;
transmitting a hypertext transfer protocol (HTTP) GET request from the firewall to the IP address;
receiving a response including a header;
extracting a second domain name associated with the IP address from the header; and
applying the security policy to the network request based upon the second domain name.
4 Assignments
0 Petitions
Accused Products
Abstract
A firewall uses a variety of techniques to obtain a useful domain name from a network request, that is, a domain name that facilitates the accurate enforcement of domain-based security rules for network traffic at the firewall. If the network request includes an Internet Protocol (IP) address instead of the domain name, the firewall may begin with a reverse domain name lookup. If this technique fails to adequately resolve the domain name, then the firewall may attempt a hypertext transfer protocol (HTTP) GET request to the IP address and investigate the header for useful domain name information. The firewall may also or instead initiate a secure connection to the IP address and analyze a certificate returned from the destination for the presence of domain name information. These measures can produce one or more domain names that can be collectively analyzed to select a suitable domain name for the application of a domain-based security rule or policy by the firewall.
19 Citations
21 Claims
-
1. A method for deploying a security policy based on domain names comprising:
-
receiving a network request from an endpoint at a firewall, the network request including an address for a remote resource; when the address includes a domain name, applying the security policy to the network request based upon the domain name; and when the address includes an Internet Protocol (IP) address, performing the steps of; transmitting a hypertext transfer protocol (HTTP) GET request from the firewall to the IP address; receiving a response including a header; extracting a second domain name associated with the IP address from the header; and applying the security policy to the network request based upon the second domain name. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product comprising computer executable code embodied in a non-transitory computer-readable medium that, when executing on a firewall, deploys a security policy for an enterprise by performing the steps of:
-
receiving a network request from an endpoint at a firewall, the network request including an address for a remote resource; when the address includes a domain name, applying the security policy to the network request based upon the domain name; and when the address includes an Internet Protocol (IP) address, performing the steps of; transmitting a hypertext transfer protocol (HTTP) GET request from the firewall to the IP address; receiving a response including a header; extracting a second domain name associated with the IP address from the header; and applying the security policy to the network request based upon the second domain name. - View Dependent Claims (20)
-
-
21. A firewall comprising:
-
a first network interface coupled to an endpoint; a second network interface coupled to a remote resource; a memory containing computer code; a processor configured to respond to a network request including an address from the endpoint received at the first network interface by performing the steps of;
when the address includes a domain name, applying a security policy to the network request based upon the domain name; and
when the address includes an Internet Protocol (IP) address, performing the steps of;
attempting a reverse domain name lookup and extracting a first domain name associated with the IP address from the reverse domain name lookup, transmitting a hypertext transfer protocol (HTTP) GET request from the firewall to the IP address, receiving a response including a header, extracting a second domain name associated with the IP address from the header, initiating a secure connection from the firewall to the IP address, receiving a certificate at the firewall from a server hosting a source of the IP address, analyzing the certificate for name information, extracting a third domain name associated with the IP address from the name information; and
applying the security policy to the network request based upon at least one of the first domain name, the second domain name, and the third domain name.
-
Specification