Abstract: The present invention relates to using digital certificates to allow network devices to authenticate themselves upon being accepted into and forming part of a communication network.

Abstract: The present invention relates to using digital certificates to allow network devices to authenticate themselves upon being accepted into and forming part of a communication network.

Abstract: A technique for authenticating network users is disclosed. In one particular exemplary embodiment, the technique may be realized as a method for authenticating network users. The method may comprise receiving, from a client device, a request for connection to a network. The method may also comprise evaluating a security context associated with the requested connection. The method may further comprise assigning the client device one or more access privileges based at least in part on the evaluation of the security context.

Abstract: Increased security may be provided on an enterprise network by causing a central security server to administer security policy on the network. Agents in hosts on the network authenticate with the central security server to obtain policy information for that particular host user. The policy information may specify whether any special routing, processing, or other features, should occur in connection with particular classes of traffic or in connection with communications with particular other hosts or classes of hosts. In operation, the agents implement the policy by interfacing with the networking layer to cause the traffic to be routed via any other host/server on the network so that appropriate services may occur with respect to that traffic. Additionally, tunnels may be established so that traffic in-between hosts or between a host and server to be encrypted, compressed, or otherwise treated as specified in the policy.

Abstract: A technique for providing secure network access is disclosed. In one particular exemplary embodiment, the technique may be realized as a method for providing secure network access. The method may comprise establishing a plurality of access zones in a network, wherein client devices assigned to different access zones have different access privileges and are isolated from one another. The method may also comprise assigning a client device to one of the plurality of access zones based on an assessment of a security context associated with the client device and a connection of the client device to the network.