| 摘要 |
A security system with methodology providing verified secured individual end points is described. In one embodiment, for example, a method of the present invention is described for controlling access to a particular application, the method comprises steps of: defining firewall rules specifying filtering conditions for incoming network traffic, the firewall rules including an application attribute that allows individual rules to be associated with specific applications, the firewall rules also including extended attributes that allow specification of additional conditions that a given end point is required to meet; intercepting incoming network traffic destined for a particular application for which a particular application-specific firewall rule has been created; examining the extended attributes for the particular application-specific firewall rule, for determining what additional conditions the given end point must comply with in order to communicate with the particular application; if the given end point complies with the additional conditions, allowing the end point to communicate with the particular application; and otherwise blocking the end point to prevent communication with the particular application.
|
