System and Method for Network Access Control and Logging via Authenticated Logon, Proxy Management, and Web Page Title Logging
Original Publication Date: 2008-Dec-18
Included in the Prior Art Database: 2008-Dec-18
Restricting network access is a valuable tool for preventing abuse of corporate code of conduct and security policies and for minimizing the spread of malware. This invention uses a software application that combines enterprise ID authentication with local computer network access management and logging of web browser usage to provide a complete access control and logging solution.
System and Method for Network Access Control and Logging via Authenticated Logon , Proxy Management, and Web Page Title Logging
Locking down network access is a valuable tool for preventing abuse of corporate code of conduct and security policies and for minimizing the spread of malware. Existing solutions rely on global network limitations which effect all users of a network or are software solutions that target individual machines. In the case of solutions that target individual machines, the solutions either lockdown access for a machine as a whole or make use of the operating system user id to control access on a user level. When controlling individual users, this approach requires that the user have an account on the machine used to connect to the network. This is inefficient in an environment with multiple user that require access via multiple machines. The problem is further exaggerated when computers with different operating systems are used since central management of operating system accounts becomes increasingly difficult or impossible. An example of this type of environment is a manufacturing floor where technicians move between different work areas and require network access via computers at each of the work areas.
Another aspect of network access control is monitoring and/or logging. Current solutions either monitor all network access or log ip addresses, host names, or URLs to which the user connects. In the case of monitoring all accesses, this results in very large quantities of data and is all but impossible to manage except by automated programs. In the case of ip addresses, host name, or URLs, these items frequently do not indicate the content being accessed by the user. In either of these cases, in order for the solution to be effective a large database of all known work policy violating sites must be maintained and constantly updated so that user accesses may be compared to the database to determine if any work policy violations have occurred.
A novel approach to address these problems is an application that uses a centralized user authentication via a non-operating system based logon. When network access is requested by a user, the application presents a logon prompt to the user and performs user id validation. If the user id is validated, network access is granted. If the user id is rejected, a message is displayed to the user indicating (s)he may not have network access. The access itself is controlled via proxy settings on the local computer which are modified by the application to either allow or prevent network access.
Once access is granted, the application mo...