[go: up one dir, main page]

GB2376093A - A security system relating to networks - Google Patents

A security system relating to networks Download PDF

Info

Publication number
GB2376093A
GB2376093A GB0107014A GB0107014A GB2376093A GB 2376093 A GB2376093 A GB 2376093A GB 0107014 A GB0107014 A GB 0107014A GB 0107014 A GB0107014 A GB 0107014A GB 2376093 A GB2376093 A GB 2376093A
Authority
GB
United Kingdom
Prior art keywords
requests
network according
security system
network
controlling application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0107014A
Other versions
GB0107014D0 (en
Inventor
Guy Leech
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AppSense Ltd
Original Assignee
AppSense Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AppSense Ltd filed Critical AppSense Ltd
Priority to GB0107014A priority Critical patent/GB2376093A/en
Publication of GB0107014D0 publication Critical patent/GB0107014D0/en
Publication of GB2376093A publication Critical patent/GB2376093A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A security system for controlling application requests in a network (10), the security system comprising interception means (24) for intercepting executable requests within the network, said system further comprising control means (26) for allowing or denying the request based on the characteristics of the request.

Description

<Desc/Clms Page number 1>
IMPROVEMENTS IN AND RELATING TO NETWORKS Field of the Invention The present invention relates to security systems for networks and a method of securing a network.
Background to the Invention The use of computers and networks is essential to many working environments. Such use has increased the productivity of the working environment, especially through the use of shared applications, email and the Internet. However, the use of a network introduces the opportunities for individual users to introduce unsupported applications on to a company's network. These unsupported applications provide a threat to the integrity of the corporate systems and user productivity.
The advent of server based computing has moved applications from the desktop computer to the server, which although simplifying the administrative burden associated with displaying applications, has increased the requirement for a secure and stable operating environment.
The actions of a single user in a server based computer network environment can directly affect the productivity of every other user on the same server.
For example, a user introduced application may require a large quantity of the systems resources which will, therefore, directly affect the performance of other users' applications on the same server.
<Desc/Clms Page number 2>
In addition, user introduced applications also greatly increase the risk of an executable virus being introduced into the network and also directly on to the server.
It is an aim of preferred embodiments of the present invention to overcome at least one problem associated with the prior art whether referred to herein or otherwise.
Summary of the Invention According to a first aspect of the present invention there is provided a security system for controlling application requests in a network, the security system comprising interception means for intercepting executable requests within the network, said system further comprising control means for allowing or denying the request based on the characteristics of the request.
The interception means may comprise a filter driver and suitably comprises a kernel level filter driver.
The interception means suitably intercepts all executable requests.
The interception means suitably intercepts executable images including dynamic link libraries, ActiveX controls, control panel applets and batch files.
Suitably the interception means intercepts the requests before the requests are handled by a local system driver or network redirector.
<Desc/Clms Page number 3>
Suitably the interception means is installed on each remote computer in the network. Suitably the interception means is installed on each server in the network.
Suitably the control means is installed on each remote computer in the network. Suitably the control means is installed on each server in the network.
Suitably the system comprises a management system to install and update each control means and interception means in the system. Suitably the system comprises a single management system.
The control means may comprise a control system including at least one rule to allow or deny the request, based on a characteristic of the request.
The rule may deny or allow requests relating to applications located on a specific drive or drives. The rule may deny access to all applications located on a removable drive and/or network drive.
The rule may deny or allow requests relating to applications stored in local folders and/or network folders.
The rule may deny or allow requests relating to applications by direct reference to the file.
The rule may deny or allow requests based on a particular user or users requesting the application.
The rule may deny or allow requests based on the ownership of the application requested. Suitably the rule only
<Desc/Clms Page number 4>
allows requests if-e application is owned by an administrator.
The control means may change a rule as a function of time.
Suitably the control system comprises a set of rules to allow or deny requests based on characteristics of the requests.
The rules in the set of rules may be arranged hierarchically such that one rule can overrule another rule located lower down in the hierarchy.
The or each rule in the control means may be altered.
Suitably the or each rule can be altered centrally and distributed to each remote computer and/or each server in the network.
If the control means accepts a request, suitably the control means will communicate with the interception means and indicate the interception means to allow the request.
If the request is allowed, the interception means may communicate the request to a file system driver or network redirector.
If the control means denies a request, suitably the control means will communicate with the interception and cause a display to appear on the monitor of the user. The display may comprise a message box.
The security system may comprise auditing means for auditing information relating to at least denied requests.
The auditing means may audit information relating to
<Desc/Clms Page number 5>
allowed requests. The information may include information identifying the user and/or the application.
According to a second aspect of the present invention there is provided a method of securing a network comprising intercepting executable requests within the network and communicating at least one characteristic relating to the requests to control means wherein the control means allows or denies the requests based on a characteristic of the request.
The method may comprise intercepting the executable requests with a filter driver and suitably with a kernel level filter driver.
Suitably the method comprises intercepting all executable requests.
The method may comprise using at least one rule to allow or deny the requests, based on a characteristic of the requests.
The method may comprise allowing or denying the requests as a result of the specific drive or drives of the requested application. The method may comprise denying the requests for applications located on a removable drive and/or network drive.
The method may comprise allowing or denying the requests as a result of the application being stored in local folders and/or network folders.
<Desc/Clms Page number 6>
The method may comprise allowing or denying the requests by direct reference to the file requested.
The method may comprise allowing or denying the requests as a result of the user or users requesting the application.
The method may comprise allowing or denying the requests based on the ownership of the application requested.
The method may comprise only allowing requests for applications that are owned by an administrator.
The method may comprise changing the rules for allowing or denying requests.
The method may comprise auditing information relating to denied requests. The method may comprise auditing information relating to allowed requests.
Brief Description of the Drawings The present invention will now be described, by way of example only, with reference to the drawings that follow, in which: Figure 1 is a schematic representation of a Local Area Network.
Figure 2 is a schematic representation of a preferred embodiment of the present invention.
<Desc/Clms Page number 7>
Description of the Preferred Embodiments The preferred embodiment of the present invention is described in relation to a typical thin client application incorporating a Local Area Network (LAN) using Windows NT.
However, the present invention may also work on other systems, for example Windows 2000 systems.
As shown in Figure 1, a Local Area Network 10 typically comprises a server 18, and a number of remote terminals 12,14, 16. All of the remote terminals 12,14, 16 have direct access to the server 18 in order to access applications located on the server 18. Accordingly, the resources of the server 18 are shared by the remote users.
The server 18 is also connected to communication means in order for the server 18 to communicate externally, for example to further networks 20. In addition, this enables the remote users to access the internet and send and receive external emails, through the server 18. Accordingly, it can been seen that a single user may slow the system down significantly if that user requires a substantial portion of the server's resources.
Preferred embodiments of the present invention ensure that users are restricted to running applications which are under the control of a responsible body, for example the IT department.
A solution to preventing users introducing new applications would be to remove the removable drives from all of the remote computers and to provide no access to external emails and the Internet or other external
<Desc/Clms Page number 8>
networks. However, such a solution removes the advantage of such services.
Referring to Figure 2 of the drawings that follow, there is shown a schematic representation of a preferred embodiment of the present invention. The security system comprises interception means in the form of a filter driver 24 for intercepting application execution requests 22 from users. The filter driver 24 is in communication with a control system 26 incorporating a number of rules 27 relating to characteristics of the request 22. The filter driver 24 is also in communication with a lower level file system driver or network redirectors 28. In addition, the filter driver 24 is in communication with a message generator 30.
A user initially inputs an application request 22, for example by double clicking on an application icon on their desktop. The filter driver 24 intercepts all such requests 22 by intercepting all open file requests destined for the file system drivers which have execute right.
Preferred embodiments of the present invention use a kernel level filter driver and Windows NT service to intercept application execution requests of the remote users. The kernel level filter driver is attached to the file system drivers and network redirectors of the operating system. The Windows NT operating system incorporates a standard mechanism to enable a filter driver to be attached to another device, for example a file system driver. The system intercepts executable images (32-bit, 16-bit and DOS), which also includes
<Desc/Clms Page number 9>
dynamic link libraries (DLL), ActiveX controls (OCX), control panel applets (CPL) and batch files (CMB, BAT).
As an application is launched, Windows NT opens the applications executable files which have execute rights.
Accordingly, the filter driver 24 can differentiate between files that are opened in order to run applications and files that are only opened for reading or writing date. The filter driver 24 does not have to analyse the file extensions (for example,. exe) in order to identify the type of file. The interception method of the filter driver 24 intercepts all executable code.
The filter driver 24 intercepts the execution requests 22 before the lower level file system drivers or network redirectors handle 28 them. Information relating to these requests 22 is then passed to a control system 26 which validates the requests 22 against pre-determined security rules 27. For each file execution request 22, the information that the filter driver 24 passes on to the control system 26 includes the file system device, the file name and the user SID. The user SID is Windows NT's unique identifier for the user. The control system 26 can also obtain the owner of the file and any other relevant information if necessary for the rules 27. In addition, the control system 26 can obtain the drive letter from the file system device if necessary for the rules 27. Once a request 22 has been analysed the control system 26 communicates the result back to the relevant filter driver 24. If the request 22 is allowed then the filter driver 24 will allow the application to run by passing on the original request to the lower level file system driver or network redirector 28. Alternatively, if the request 22
<Desc/Clms Page number 10>
is denied then the filter driver 24 will deny the request 22 and replace the executable request with a visible message box program 30, which creates a message box on the screen of the user's computer informing the user that access to the application has been denied.
The control system comprises predetermined security rules which determine whether the request is allowed or denied.
The rules are dependent upon different characteristics included in the request.
The security rules may include rules relating to the drive on which the application is located. The rules may include a list of drives that are allowed or, alternatively, a list of drives which are denied. Applications are only allowed to run from drives that have been allowed. However, an application may still be allowed to run if the rules explicitly allow that application to run, for example by folder or file path characteristics.
The security rules may also include restrictions relating to folders or files. The rules may allow or deny access to applications stored in local drives and network folders, or individual applications by direct file reference.
In a preferred embodiment of the present invention, the rules are arranged hierarchically such that a rule can overrule another rule located lower down in the hierarchy.
The rules relating to files and folders override the rules relating to drive restrictions. Accordingly, the system enables a drive rule to be set to define a general overall
<Desc/Clms Page number 11>
restriction or allowability for applications contained in a particular drive and then to use folder and file restriction rules to define exceptions to the drive rule.
The folder and file restriction rules are located higher in the rule hierarchy than the drive rule and, thereby, overrule the drive rule.
The system also includes rules defining particular users and/or groups as exceptions to the security rules. Such rules enable restrictions to be defined relating to particular users or groups of users. In addition, access to the folders and files can be restricted as a function of time.
A preferred embodiment of the present invention includes an override function for administrators which effectively disables or turns off all the security rules for all system administrators.
The preferred embodiment comprises a security check that prevents applications running where the application is not owned by a systems administrator. Each application has an owner which is identifiable in the Windows NT File System.
This ownership cannot be given away to another user.
However, ownership can be taken by another user where such a user has the privilege to do this, for example a system administrator.
By default, the preferred embodiment of the present invention checks the ownership of the application and only allows the application to run if the application is owned by a systems administrator. This is the initial check performed before any other security rule. Accordingly,
<Desc/Clms Page number 12>
this check will prevent a us- ; r introducing and running an application into the LAN. Applications that are downloaded from the Internet or received in an email by a user will have the user identified as the owner. The user cannot give ownership of such files to an administrator, although an administrator can take ownership of such applications if required. Accordingly, the preferred embodiment of the present invention will block these applications no matter where they reside on the system.
The security system can be controlled and installed from a single computer. The system can send and install the interception means and control means on desktop computers and servers throughout the LAN. In addition, changes to security rules can also be deployed to the remote computers, which may take effect immediately.
Accordingly, the system can be managed from a single central location by the management system.
Since the filter driver and the control means are installed individually, by a management system, on the remote computers and separate servers, the system does not use the network when analysing execution requests. The security rules are stored in the local Windows NT registry and are secured for systems administrator access only.
The configuration settings are controlled centrally by the management system and deployed therefrom. Accordingly, this ensures that the network is not unnecessarily slowed down, since the remote terminal does not use the network where a request is denied and assures that valid application requests are analysed and validated quickly.
<Desc/Clms Page number 13>
The system also includes auditing means. The auditing means logs events for refused applications. In addition, the auditing means may take a copy of the application to enable closer inspection. The auditing means may record the user who was denied access. Accordingly, systems administrators who have access to the audit results are able to identify serious or persistent offenders.
Alternatively, the user may not be recorded for confidentiality or privacy purposes.
The reader's attention is directed to all papers and documents which are filed concurrently with or previous to this specification in connection with this application and which are open to public inspection with this specification, and the contents of all such papers and documents are incorporated herein by reference.
All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and/or all of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features and/or steps are mutually exclusive.
Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. Thus, unless expressly stated otherwise, each feature disclosed is one example only of a generic series of equivalent or similar features.
<Desc/Clms Page number 14>
The invention is not restricted to the details of the foregoing embodiment (s). The invention extend to any novel one, or any novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed.

Claims (47)

  1. Claims 1. A security system for controlling application requests in a network, the security system comprising interception means for intercepting executable requests within the network, said system further comprising control means for allowing or denying the request based on the characteristics of the request.
  2. 2. A security system for controlling application requests in a network according to claim 1, in which the interception means comprises a filter driver.
  3. 3. A security system for controlling application requests in a network according to claim 1, in which the interception means comprises a kernel level filter driver.
  4. 4. A security system for controlling application requests in a network according to any preceding claim, in which the interception means intercepts all executable requests.
  5. 5. A security system for controlling application requests in a network according to any one of claims 1 to 3, in which the interception means intercepts executable images including dynamic link libraries, ActiveX controls, control panel applets and batch files.
  6. 6. A security system for controlling application requests in a network according to any preceding claim, in which the interception means intercepts the requests
    <Desc/Clms Page number 16>
    before the requests are handled by a local system driver or network redirector.
  7. 7. A security system for controlling application requests in a network according to any preceding claim, in which the interception means is installed on each remote computer in the network.
  8. 8. A security system for controlling application requests in a network according to any preceding claim, in which the interception means is installed on each server in the network.
  9. 9. A security system for controlling application requests in a network according to any preceding claim, in which the control means is installed on each remote computer in the network.
  10. 10. A security system for controlling application requests in a network according to any preceding claim, in which the control means is installed on each server in the network.
  11. 11. A security system for controlling application requests in a network according to any preceding claim, in which the system comprises a management system to install and update each control means and interception means in the system.
  12. 12. A security system for controlling application requests in a network according to claim 11, in which the system comprises a single management system.
    <Desc/Clms Page number 17>
  13. 13. A security system for controlling application requests in a network according to any preceding claim, in which the control means comprises a control system including at least one rule to allow or deny the request, based on a characteristic of the request.
  14. 14. A security system for controlling application requests in a network according to claim 13, in which the rule denies or allows requests relating to applications located on a specific drive or drives.
  15. 15. A security system for controlling application requests in a network according to claim 13, in which the rule denies access to all applications located on a removable drive and/or network drive.
  16. 16. A security system for controlling application requests in a network according to claim 13, in which the rule denies or allows requests relating to applications stored in local folders and/or network folders.
  17. 17. A security system for controlling application requests in a network according to claim 13, in which the rule denies or allows requests relating to applications by direct reference to the file.
  18. 18. A security system for controlling application requests in a network according to claim 13, in which the rule denies or allows requests based on a particular user or users requesting the application.
  19. 19. A security system for controlling application requests in a network according to claim 13, in which the rule
    <Desc/Clms Page number 18>
    denies or allows requests based on the ownership of the application requested.
  20. 20. A security system for controlling application requests in a network according to claim 19, in which the rule only allows requests if the application is owned by an administrator.
  21. 21. A security system for controlling application requests in a network according to any one of claims 13 to 20, in which the control means may change a rule as a function of time.
  22. 22. A security system for controlling application requests in a network according to any preceding claim, in which the control system comprises a set of rules to allow or deny requests based on characteristics of the requests.
  23. 23. A security system for controlling application requests in a network according to claim 22, in which the rules in the set of rules can be arranged hierarchically such that one rule can overrule another rule located lower down in the hierarchy.
  24. 24. A security system for controlling application requests in a network according to claim 22, in which the or each rule in the control means can be altered.
  25. 25. A security system for controlling application requests in a network according to claim 22, in which the or each rule can be altered centrally and distributed to
    <Desc/Clms Page number 19>
    each remote computer and/or each server in the network.
  26. 26. A security system for controlling application requests in a network according to any preceding claim, in which if the control means accepts a request, the control means communicates with the interception means and indicate the interception means to allow the request.
  27. 27. A security system for controlling application requests in a network according to claim 26, in which if the request is allowed, the interception means may communicate the request to a file system driver or network redirector.
  28. 28. A security system for controlling application requests in a network according to any one of claims 1 to 25, in which if the control means denies a request, the control means communicates with the interception and cause a display to appear on the monitor of the user.
  29. 29. A security system for controlling application requests in a network according to any preceding claim, in which the security system comprises auditing means for auditing information relating to at least denied requests.
  30. 30. A security system for controlling application requests in a network according to claim 29, in which the auditing means audits information relating to allowed requests.
    <Desc/Clms Page number 20>
  31. 31. A security system-Dr controlling application requests in a network according to claim 29 or claim 30, in which the information may include information identifying the user and/or the application.
  32. 32. A method of securing a network comprising intercepting executable requests within the network and communicating at least one characteristic relating to the requests to control means wherein the control means allows or denies the requests based on a characteristic of the request.
  33. 33. A method of securing a network according to claim 32, in which the method comprises intercepting the executable requests with a filter driver and suitably with a kernel level filter driver.
  34. 34. A method of securing a network according to claim 32 or claim 33, in which the method comprises intercepting all executable requests.
  35. 35. A method of securing a network according to any one of claims 32 to 34, in which the method comprises using at least one rule to allow or deny the requests, based on a characteristic of the requests.
  36. 36. A method of securing a network according to claim 35, in which the method comprises allowing or denying the requests as a result of the specific drive or drives of the requested application.
  37. 37. A method of securing a network according to claim 35 or claim 36, in which the method comprises denying the
    <Desc/Clms Page number 21>
    requests for applications located on a removable drive and/or network drive.
  38. 38. A method of securing a network according to claim 35, in which the method comprises allowing or denying the requests as a result of the application being stored in local folders and/or network folders.
  39. 39. A method of securing a network according to claim 35, in which the method comprises allowing or denying the requests by direct reference to the file requested.
  40. 40. A method of securing a network according to claim 35, in which the method comprises allowing or denying the requests as a result of the user or users requesting the application.
  41. 41. A method of securing a network according to claim 35, in which the method comprises allowing or denying the requests based on the ownership of the application requested.
  42. 42. A method of securing a network according to claim 35, in which the method comprises only allowing requests for applications that are owned by an administrator.
  43. 43. A method of securing a network according to any one of claims 32 to 42, in which the method comprises changing the rules for allowing or denying requests.
  44. 44. A method of securing a network according to any one of claims 32 to 43, in which the method comprises auditing information relating to denied requests.
    <Desc/Clms Page number 22>
  45. 45. A method of securing a network according to any one of claims 32 to 45, in which the method may comprise auditing information relating to allowed requests.
  46. 46. A security system for controlling application requests in a network, which system is substantially as disclosed herein, with reference to the accompanying drawings.
  47. 47. A method of securing a network, which method is substantially as described herein, with reference to the accompanying drawings.
GB0107014A 2001-03-21 2001-03-21 A security system relating to networks Withdrawn GB2376093A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0107014A GB2376093A (en) 2001-03-21 2001-03-21 A security system relating to networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0107014A GB2376093A (en) 2001-03-21 2001-03-21 A security system relating to networks

Publications (2)

Publication Number Publication Date
GB0107014D0 GB0107014D0 (en) 2001-05-09
GB2376093A true GB2376093A (en) 2002-12-04

Family

ID=9911205

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0107014A Withdrawn GB2376093A (en) 2001-03-21 2001-03-21 A security system relating to networks

Country Status (1)

Country Link
GB (1) GB2376093A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8818950B2 (en) * 2004-01-22 2014-08-26 Symantec Corporation Method and apparatus for localized protected imaging of a file system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0658837A2 (en) * 1993-12-15 1995-06-21 Checkpoint Software Technologies, Ltd. Method for controlling computer network security
WO1998040993A1 (en) * 1997-03-10 1998-09-17 Security-7 (Software) Ltd. Method and system for preventing the downloading and execution of executable objects
WO1998050853A1 (en) * 1997-05-08 1998-11-12 Pinnacle Technology, Inc. Network desktop management security system and method
US5925126A (en) * 1997-03-18 1999-07-20 Memco Software, Ltd. Method for security shield implementation in computer system's software
WO1999057863A1 (en) * 1998-05-05 1999-11-11 International Business Machines Corporation Client-server system for maintaining a user desktop consistent with server application user access permissions
US6092194A (en) * 1996-11-08 2000-07-18 Finjan Software, Ltd. System and method for protecting a computer and a network from hostile downloadables
WO2000056028A1 (en) * 1999-03-15 2000-09-21 Texar Software Corp. A secure network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0658837A2 (en) * 1993-12-15 1995-06-21 Checkpoint Software Technologies, Ltd. Method for controlling computer network security
US6092194A (en) * 1996-11-08 2000-07-18 Finjan Software, Ltd. System and method for protecting a computer and a network from hostile downloadables
WO1998040993A1 (en) * 1997-03-10 1998-09-17 Security-7 (Software) Ltd. Method and system for preventing the downloading and execution of executable objects
US5925126A (en) * 1997-03-18 1999-07-20 Memco Software, Ltd. Method for security shield implementation in computer system's software
WO1998050853A1 (en) * 1997-05-08 1998-11-12 Pinnacle Technology, Inc. Network desktop management security system and method
WO1999057863A1 (en) * 1998-05-05 1999-11-11 International Business Machines Corporation Client-server system for maintaining a user desktop consistent with server application user access permissions
WO2000056028A1 (en) * 1999-03-15 2000-09-21 Texar Software Corp. A secure network

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8818950B2 (en) * 2004-01-22 2014-08-26 Symantec Corporation Method and apparatus for localized protected imaging of a file system

Also Published As

Publication number Publication date
GB0107014D0 (en) 2001-05-09

Similar Documents

Publication Publication Date Title
US10313350B2 (en) Remote access to resources over a network
US10922403B1 (en) Methods and systems for implementing a secure application execution environment using derived user accounts for internet content
US10652745B2 (en) System and method for filtering access points presented to a user and locking onto an access point
US7636936B2 (en) Administration of protection of data accessible by a mobile device
US7779469B2 (en) Provisioning an operating environment of a remote computer
US9197668B2 (en) Access control to files based on source information
US7743336B2 (en) Widget security
US7770222B2 (en) Creating an interrogation manifest request
US7725737B2 (en) System and methodology providing secure workspace environment
US20080109679A1 (en) Administration of protection of data accessible by a mobile device
US20090064309A1 (en) Browser plug-in firewall
US9118617B1 (en) Methods and apparatus for adapting the protection level for protected content
GB2376093A (en) A security system relating to networks
CN112912879A (en) Apparatus and method for secure messaging between processes
EP2710780B1 (en) Network access control system and method
Whitelisting et al. Application Whitelisting: Enhancing Host Security
Cole Security for distributed systems

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)