Browse Prior Art Database

Network security policy on client move

IP.com Disclosure Number: IPCOM000030915D
Original Publication Date: 2004-Sep-01
Included in the Prior Art Database: 2004-Sep-01
Document File: 1 page(s) / 6K

Publishing Venue

IBM

Abstract

Corporate security is of client data is extremely important. People remove/steal systems. Most current solutions provide a lock-out mechanism only. This may be password and/or a required handshake to ensure the client is on the corporate network. This publication describes a method is needed to allow a client to detect when it has been moved, "phone home" for directions, and take action depending on what it receives from "home".

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 99% of the total text.

Page 1 of 1

Network security policy on client move

Corporate security of client data is extremely important. People remove/steal systems. Most current solutions provide a lock-out mechanism only. This may be password and/or a required handshake to ensure the client is on the corporate network. This publication describes a method needed to allow a client to detect when it has been moved, "phone home" for directions, and take action depending on what it receives from "home".

During a regular (policy determined) time interval the client checks the router IP address that it is connected to. This router is compared to the last router IP address which can be stored in any NVRAM on the client.

If same IP address exit routine. If different IP the client will send a secure packet to a predefined server ("call home"). Within this packet is the IP address of the new router. The server IP address can also be stored in client NVRAM. The client can use IBM's TPM or similar technology to encrypt the packet. If after a predetermined time frame no answer comes back than the client will implement the default security policy for no answer which can be anything from locking up the client, changing the client password, etc.

If the "call home" server is present it will send an encrypted packet back to the client instructing the client what to do. This can be anything from the new router is OK and the client should update the router IP information, to disabling the client, to changing the user pas...