System and method for interlocking a host and a gateway
First Claim
Patent Images
1. At least one non-transitory computer readable medium having logic encoded therein, wherein the logic, when executed by one or more processors, is operable to perform operations comprising:
- receiving, at a network gateway, a session descriptor from a host, wherein the session descriptor identifies an application file associated with a process on the host attempting to establish a network connection via the network gateway;
selecting a network policy to be applied to network traffic associated with the host based, at least in part, on information contained in the session descriptor, wherein based on the information including an indication of a wireless network connection and a wired network connection being active simultaneously on the host, the network policy is selected to restrict access to sensitive data by the application file via the network connection;
correlating network traffic received by the network gateway with the host based on a universally unique identifier (UUID) contained in the session descriptor; and
applying the network policy to the network traffic.
9 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel.
417 Citations
19 Claims
-
1. At least one non-transitory computer readable medium having logic encoded therein, wherein the logic, when executed by one or more processors, is operable to perform operations comprising:
-
receiving, at a network gateway, a session descriptor from a host, wherein the session descriptor identifies an application file associated with a process on the host attempting to establish a network connection via the network gateway; selecting a network policy to be applied to network traffic associated with the host based, at least in part, on information contained in the session descriptor, wherein based on the information including an indication of a wireless network connection and a wired network connection being active simultaneously on the host, the network policy is selected to restrict access to sensitive data by the application file via the network connection; correlating network traffic received by the network gateway with the host based on a universally unique identifier (UUID) contained in the session descriptor; and applying the network policy to the network traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A network gateway, comprising:
-
a firewall module; and one or more hardware processors operable to execute instructions associated with the firewall module, the one or more processors being operable to; receive a session descriptor from a host, wherein the session descriptor identifies an application file associated with a process on the host attempting to establish a network connection via the network gateway; select a network policy to be applied to network traffic associated with the host based, at least in part, on information contained in the session descriptor, wherein based on the information including an indication of a wireless network connection and a wired network connection being active simultaneously on the host, the network policy is selected to restrict access to sensitive data by the application file via the network connection; correlate network traffic received by the network gateway with the host based on a universally unique identifier (UUID) contained in the session descriptor; and apply the network policy to the network traffic. - View Dependent Claims (14, 15, 16)
-
-
17. A method, comprising:
-
receiving, at a network gateway, a session descriptor from a host, wherein the session descriptor identifies an application file associated with a process on the host attempting to establish a network connection via the network gateway; selecting a network policy to be applied to network traffic associated with the host based, at least in part, on information contained in the session descriptor, wherein based on the information including an indication of a wireless network connection and a wired network connection being active simultaneously on the host, the network policy is selected to restrict access to sensitive data by the application file via the network connection; correlating network traffic received by the network gateway with the host based on a universally unique identifier (UUID) contained in the session descriptor; and applying the network policy to the network traffic. - View Dependent Claims (18, 19)
-
Specification