-
公开(公告)号:US09436820B1
公开(公告)日:2016-09-06
申请号:US10909755
申请日:2004-08-02
申请人: Robert E. Gleichauf , Susan E. Thomson , Dany J. Rochefort , Joseph A. Salowey , Hao Zhou , Fan Wu , Venkateswara Rao Yarlagadda , Russell E. Rice
发明人: Robert E. Gleichauf , Susan E. Thomson , Dany J. Rochefort , Joseph A. Salowey , Hao Zhou , Fan Wu , Venkateswara Rao Yarlagadda , Russell E. Rice
CPC分类号: G06F21/50 , G06F21/577 , H04L63/02 , H04L63/08 , H04L63/20
摘要: A computerized device transmits an access request to a data communications device of a network in an attempt to access network resources within the network. The data communications device, in response and in real-time, transmits a challenge request to the computerized device that directs the computerized device to retrieve configuration, or posture, credentials associated with the computerized device. A policy server receives the challenge response and, based upon a real-time analysis of the posture credentials of the computerized device, determines a security state of the computerized device and either provides some level or denies the computerized device access to the network resources based upon the analysis of posture. The data communications device detects the real-time security state of the computerized device prior to providing the computerized device with controlled access to the network resources, thereby limiting vulnerable computerized devices from accessing the network resources and minimizing the risk that the network resources receive or transmit malware.
摘要翻译: 计算机化设备向网络的数据通信设备发送访问请求,以试图访问网络内的网络资源。 数据通信设备作为响应并且实时地向计算机化设备发送质询请求,该计算机化设备指导计算机化设备检索与计算机化设备相关联的配置或姿势凭据。 策略服务器接收挑战响应,并且基于对计算机化设备的姿态凭证的实时分析来确定计算机化设备的安全状态,并且基于以下方式提供一些级别或拒绝计算机化设备对网络资源的访问 姿势分析。 在向计算机化设备提供对网络资源的受控访问之前,数据通信设备检测计算机化设备的实时安全状态,从而限制易受攻击的计算机化设备访问网络资源并最小化网络资源接收或传输的风险 恶意软件
-
公开(公告)号:US20130305362A1
公开(公告)日:2013-11-14
申请号:US13938917
申请日:2013-07-10
申请人: Klaus Hermanns , James L. Fenton , Venkateswara Rao Yarlagadda , Chandra S. Buduguru , Chandrahasa C. Pullagura , Rajiv Raghunarayan , Barry L. Greene , Ellis R. Dobbins
发明人: Klaus Hermanns , James L. Fenton , Venkateswara Rao Yarlagadda , Chandra S. Buduguru , Chandrahasa C. Pullagura , Rajiv Raghunarayan , Barry L. Greene , Ellis R. Dobbins
IPC分类号: H04L29/06
CPC分类号: H04L63/1441 , H04L29/06877 , H04L29/06884 , H04L29/06891 , H04L29/06897 , H04L29/06904 , H04L29/06911 , H04L63/08 , H04L63/101
摘要: Mitigating threats in a network includes receiving a message at a network device. The message includes device-independent parameters generated in response to a threat. The network device converts the parameters into one or more device-specific operations and then performs the operations to mitigate the threat.
摘要翻译: 减轻网络中的威胁包括在网络设备上接收消息。 该消息包括响应于威胁而生成的与设备无关的参数。 网络设备将参数转换为一个或多个特定于设备的操作,然后执行以减轻威胁的操作。
-
3.发明授权Methods and apparatus for connecting to virtual networks using non supplicant authentication 有权使用非请求方认证连接到虚拟网络的方法和装置公开(公告)号:US07869436B1
公开(公告)日:2011-01-11
申请号:US11250010
申请日:2005-10-13
IPC分类号: H04L12/28
CPC分类号: H04L12/4641 , H04L29/12216 , H04L61/2007 , H04L63/0272 , H04L63/08
摘要: A system allows a device to communicate using a virtual network the method by assigning a network address to the device. The network address is selected from a plurality of network addresses that can be assigned to any of a plurality of virtual networks. The system receives a request to authenticate the device, and then determines a virtual network on which to assign the device. The virtual network is selected from the plurality of virtual networks. The system identifies the device as authenticated based on the assigning of the network address and the virtual network.
摘要翻译: 系统允许设备使用虚拟网络通过向设备分配网络地址来进行通信。 从可以分配给多个虚拟网络中的任一个的多个网络地址中选择网络地址。 系统接收到认证设备的请求,然后确定要在其上分配设备的虚拟网络。 从多个虚拟网络中选择虚拟网络。 系统根据网络地址和虚拟网络的分配来识别设备的身份认证。
-
公开(公告)号:US08488488B1
公开(公告)日:2013-07-16
申请号:US11677872
申请日:2007-02-22
申请人: Klaus Hermanns , Jim L. Fenton , Venkateswara Rao Yarlagadda , Chandra S. Buduguru , Chandrahasa C. Pullagura , Rajiv Raghunarayan , Barry L. Greene , Ellis R. Dobbins
发明人: Klaus Hermanns , Jim L. Fenton , Venkateswara Rao Yarlagadda , Chandra S. Buduguru , Chandrahasa C. Pullagura , Rajiv Raghunarayan , Barry L. Greene , Ellis R. Dobbins
IPC分类号: H04L12/28 , H04J3/16 , H04J3/22 , G06F15/173
CPC分类号: H04L63/1441 , H04L29/06877 , H04L29/06884 , H04L29/06891 , H04L29/06897 , H04L29/06904 , H04L29/06911 , H04L63/08 , H04L63/101
摘要: Mitigating threats in a network includes receiving a message at a network device. The message includes device-independent parameters generated in response to a threat. The network device converts the parameters into one or more device-specific operations and then performs the operations to mitigate the threat.
-
公开(公告)号:US07624431B2
公开(公告)日:2009-11-24
申请号:US10728302
申请日:2003-12-04
CPC分类号: H04L63/0236 , H04L63/0272
摘要: The present invention provides a technique for securely implementing port-based authentication on a shared media port in an intermediate node, such as a router. To that end, the invention provides enhanced port-based network access control that includes client-based control at the shared media port. Unlike previous implementations, the port does not permit multiple client nodes to access a trusted subnetwork as soon as a user at any one of those nodes is authenticated by the subnetwork. Instead, port-based authentication is performed for every client node that attempts to access the trusted subnetwork through the shared media port. As such, access to the trusted subnetwork is not compromised by unauthenticated client nodes that “piggy-back” over the shared media port after a user at another client node has been authenticated by the trusted subnetwork.
摘要翻译: 本发明提供了一种用于在中间节点(例如路由器)中的共享媒体端口上安全地实现基于端口的认证的技术。 为此,本发明提供了增强的基于端口的网络访问控制,其包括在共享媒体端口处的基于客户端的控制。 与以前的实现不同,一旦这些节点中的任何一个的用户被子网络认证,该端口不允许多个客户机节点访问受信任的子网络。 相反,对于尝试通过共享媒体端口访问受信任子网络的每个客户端节点执行基于端口的身份验证。 因此,在受信任的子网络认证另一个客户端节点的用户之后,通过共享媒体端口“捎带”的未经身份验证的客户机节点不会访问受信任子网络。
-
-
-
-
搜索结果
5 条记录 (耗时 0.015 秒)
