Deploying a security policy based on domain names
US9571452B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jun 29, 2015 |
| Grant date | Feb 14, 2017 |
| Priority date | — |
| Expiry date | Oct 30, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A firewall uses a variety of techniques to obtain a useful domain name from a network request, that is, a domain name that facilitates the accurate enforcement of domain-based security rules for network traffic at the firewall. If the network request includes an Internet Protocol (IP) address instead of the domain name, the firewall may begin with a reverse domain name lookup. If this technique fails to adequately resolve the domain name, then the firewall may attempt a hypertext transfer protocol (HTTP) GET request to the IP address and investigate the header for useful domain name information. The firewall may also or instead initiate a secure connection to the IP address and analyze a certificate returned from the destination for the presence of domain name information. These measures can produce one or more domain names that can be collectively analyzed to select a suitable domain name for the application of a domain-based security rule or policy by the firewall.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.