摘要:
A method and system for controlling access to files in a remote file system is provided. In one embodiment, a firewall system at a client computer system intercepts requests originating from the client computer system and sent to the remote file system for accessing remote files, that is, files stored on a server computer system. Upon intercepting a remote file access request (e.g., to open a remote file), the firewall system determines whether the file access request should be allowed based on access control criteria.
摘要:
A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.
摘要:
A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.
摘要:
A method and system for intercepting communications between a transport client and a transport provider is provided. An interceptor system registers to intercept calls made by the transport client to functions of the transport provider. The interceptor system also replaces callbacks of the transport client so that calls from the transport provider intended for the transport client can be intercepted. When the interceptor system intercepts the call, it provides an indication of the call to a processing component. The processing component may analyze the call and determine whether the call should be allowed or denied. The interceptor system then proceeds to process the call in accordance with the indication of the processing component.
摘要:
A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.
摘要:
A supplicant on a first computing system authenticating the first computing system to an authenticator on a second computing system in a manner that is independent of the underlying data link and physical layer protocols. The first computing system establishes a data link layer connection with the second computing system using specific data link and physical layer protocols. The supplicant on the first computing system and the authenticator on the second computing system then receive an indication that the data link layer connection has been established. The supplicant determines that authentication is to occur with the authenticator, and vice versa. The supplicant (and the authenticator) then instructs that authentication is to occur in a manner that is independent of the underlying data link and physical layer protocols used to establish the connection.
摘要:
A system and method for enabling a zero configuration nomadic wireless and wired computing environment presenting a just works experience is presented. The system examines predefined user preference or profile settings to determine to which of a competing number of wireless networks available it should connect, and what type of authentication should be used for such connection. Nomadic wireless computing between infrastructure wireless networks and ad hoc wireless networks may be accomplished without further user intervention required in an auto mode. Also, both infrastructure only and ad hoc only modes are available through the system of the invention. Further, the user may set a preference for infrastructure or ad hoc modes in the auto mode. With an infrastructure mode preference set, the system will automatically detect and transfer connectivity to a newly available infrastructure wireless network if the user was previously operating off-line or in ad hoc mode.
摘要:
A method and system for tracking context information of a service provider and interceptors of service provider requests is provided. An interceptor modifies a portion of service provider context information to reference interceptor context information associated with a client. When the client requests a service of the service provider, the client provides the modified service provider context information along with the request. The interceptor uses the reference of the modified portion of the service provider context information to retrieve its context information. The interceptor then restores the modified portion of the service provider context information to the original unmodified portion, which the interceptor retained as part of its context information. The interceptor then forwards the request along with the original service provider context information to the service provider.
摘要:
A method and system for tracking context information of a service provider and interceptors of service provider requests is provided. An interceptor modifies a portion of service provider context information to reference interceptor context information associated with a client. When the client requests a service of the service provider, the client provides the modified service provider context information along with the request. The interceptor uses the reference of the modified portion of the service provider context information to retrieve its context information. The interceptor then restores the modified portion of the service provider context information to the original unmodified portion, which the interceptor retained as part of its context information. The interceptor then forwards the request along with the original service provider context information to the service provider.
摘要:
A method for setting up and managing secure data/audio/video links with secure key exchanges, authentication and authorization is described. An embodiment of the invention enables establishment of a secure link with limited privileges using the machine identifier of a trusted machine. This is particularly useful if the user of the machine does not have a user identifying information suitable for authentication. Furthermore, the presentation of a default user identifying information by a user advantageously initiates intervention by a system administrator instead of a blanket denial. This decentralized procedure allows new users access to the network without having to physically access a centralized facility to present their credentials. Another embodiment of the invention enables a remote user to connect to a secure network with limited privileges.