Access Control Manager

摘要

A network access manager controls access to a network interface according to a set of access control instructions specifying permissible and impermissible addresses and domains on a network. The network access manager establishes a graylist of addresses based on a domain request that is associated with a whitelisted domain that is accessed via a blacklisted address. When a request to establish a connection is received directed to a graylisted address, the connection is permitted to establish and the connection is added to a session graylist. When a session data transfer packet is received, if the session corresponds to a session on the session graylist, the session data transfer packet is examined to determine if it matches a whitelisted domain, in which case the session is associated with a session whitelist and permitted access to the network. The access control instructions may be automatically updated from a trusted access control management system.

主权项

1. A method for domain-based network access management in a computer, comprising:
receiving a session data transfer packet specifying a network address; determining whether the network address corresponds to a session on a session graylist, the graylist indicating sessions that are associated with an network address that is not permitted access and at least one domain that is permitted access; determining a domain associated with the session data transfer packet; determining whether the domain is a permissible domain; and responsive to determining that the network address corresponds to a session on the session graylist and the domain is a permissible domain, associating the session with a session whitelist and permitting the session data transfer packet access to a network interface.