Security model for enhanced network security
阅读说明:本技术 用于增强的网络安全性的安全模式 (Security model for enhanced network security ) 是由 N·甘地 于 2018-12-20 设计创作,主要内容包括:公开了与用于保护网络的增强安全模式有关的技术。这些技术包括机器可读介质,所述机器可读介质上存储有指令,所述指令包括在被执行时使设备执行以下操作的指令:接收多个安全模式中的安全模式的指示,该安全模式包括与连接到本地网络的多个连网设备中的连网设备集合相关联的安全设置集合,并且其中,所述安全设置集合包括至少阻止所述连网设备集合的网络访问;基于所指示的安全模式来选择所述连网设备集合;以及引导将所述安全设置集合应用到所选择的连网设备集合。(Techniques related to enhanced security modes for protecting networks are disclosed. These techniques include a machine-readable medium having instructions stored thereon, the instructions including instructions that when executed cause an apparatus to: receiving an indication of a security mode of a plurality of security modes, the security mode comprising a set of security settings associated with a set of networking devices of a plurality of networking devices connected to a local network, and wherein the set of security settings comprises at least preventing network access by the set of networking devices; selecting the set of networking devices based on the indicated security mode; and directing application of the set of security settings to the selected set of networked devices.)
1. A machine-readable medium having instructions stored thereon for an enhanced security mode for blocking network access for a set of devices, the instructions comprising instructions that when executed cause a programmable device to:
receiving an indication of a security mode of a plurality of security modes, the security mode comprising a set of security settings associated with a set of networking devices of a plurality of networking devices connected to a local network, wherein each security mode of the plurality of security modes is associated with a different set of security settings, and wherein the set of security settings comprises at least blocking network access by the set of networking devices;
selecting the set of networking devices based on the indicated security mode; and
direct application of the set of security settings to the selected set of networked devices.
2. The machine-readable medium of claim 1, wherein blocking network access comprises blocking internet and intranet access.
3. The machine-readable medium of claim 2, wherein the indication of the security mode is received from a user equipment over a network separate from the local network.
4. The machine-readable medium of claim 1, wherein the set of security settings associated with the security mode is different from another set of security settings associated with another security mode of the set of security modes.
5. The machine readable medium of claim 1, wherein the instructions further comprise instructions that when executed cause a routing device to disable a guest network based on the indication of the secure mode.
6. The machine-readable medium of claim 1, wherein receiving the indication of the secure mode comprises receiving a user selection of the secure mode from a plurality of secure modes from a mobile device.
7. The machine readable medium of claim 1, wherein the instructions further comprise instructions that when executed cause a routing device to block joining a new device to the local network based on the indicated security mode.
8. A method for enhancing security mode for preventing network access of a set of devices, the method comprising the steps of:
receiving, from a user, a first indication of a first security mode selected from a plurality of security modes;
selecting a first predetermined set of networking devices based on the first security mode;
direct blocking of network access by the first predetermined set of networking devices; and
directing a prevention of joining a new device to a local network based on the first security mode.
9. The method of claim 8, further comprising:
receiving, from the user, a second indication of a second security mode selected from the plurality of security modes;
selecting a second predetermined set of networking devices based on the second security mode; and
blocking network access of the second predetermined set of networking devices.
10. The method of claim 8, further comprising:
receiving, from the user, a selection of one or more devices from a plurality of devices connected to the network; and
assigning the selection of the one or more devices to the first predetermined set of networking devices.
11. The method of claim 10, further comprising:
disabling at least the step of preventing the joining of the new device to the network based on a third indication that the first security mode is disabled;
determining that the new device is connected to the network;
displaying a fourth indication to the user that the new device is connected to the network and the plurality of security modes to the user;
receiving a selection of the first security mode from the user; and
assigning the new device to the first predetermined set of networking devices.
12. The method of claim 8, wherein the step of blocking network access comprises blocking internet and intranet access.
13. The method of claim 12, wherein the first indication of the first security mode is received from a user equipment over a network separate from the local network.
14. The method of claim 12, wherein the first predetermined set of networking devices is a subset of all networking devices on the network.
15. The method of claim 8, further comprising: directing another device to take one or more actions based on the indicated first security mode.
16. An apparatus for an enhanced security mode for preventing network access of a set of devices, the apparatus comprising:
a memory to store instructions to enhance a security mode;
one or more network interfaces operatively coupled to one or more networking devices; and
a processor operatively coupled to the memory and one or more network interfaces and adapted to execute the instructions stored in the memory, the instructions causing the processor to:
receiving an indication of a secure mode;
selecting a set of networking devices based on the indication of the secure mode;
preventing network access of the set of networked devices; and
preventing joining of the new device to the local network based on the indicated security mode.
17. The apparatus of claim 16, wherein blocking network access comprises blocking internet and intranet access.
18. The apparatus of claim 17, wherein blocking network access further comprises one of: dropping data packets sent to and from the blocked device or forwarding the data packets for further security processing.
19. The apparatus of claim 16, wherein the set of networking devices is a subset of all networking devices on the network.
20. The apparatus of claim 16, wherein the instructions stored in the memory further cause the processor to disable a guest network based on the indicated security mode.
Technical Field
Embodiments described herein relate generally to network security and privacy, and more particularly to a security mode for enhanced network security by preventing network access of a set of devices.
Background
The field of network security is becoming increasingly important and complex in today's society. The network environment is actually configured for each home, business, or organization, which typically has multiple interconnected computers (e.g., end user computers, laptops, servers, printing devices, internet of things (IoT) devices, etc.). In many enterprises, Information Technology (IT) administrators may be responsible for maintaining and controlling the network environment, including executable software files (e.g., web application files) on hosts, servers, and other network computers. At home, often inexperienced end users may handle such tasks with various devices operating in a network environment that is often less controlled. As the number of executable software files in a network environment increases, the ability to effectively control, maintain, and repair these files may become more difficult. Furthermore, today's computer and communication networks encompass mobile devices such as smartphones, tablet computers, and the like that allow users to quickly download and install applications on these devices with minimal supervision. Accordingly, innovative tools are needed to assist home users and IT administrators in effectively controlling and managing applications and devices running within their communication network environments. Such tools may include tools for a security mode of enhanced network security.
Such tools may run on a routing device such as a router. Routing devices are commonly used to forward data packets, such as Internet Protocol (IP) data packets, between devices on one network, such as the internet, and another network, such as a local network, sometimes referred to as an intranet, or Local Area Network (LAN). The routing device may interconnect any number of networks together, typically one network interface per network, as long as sufficient network interfaces are provided. For example, a typical home router may include network interfaces for the internet, wired networks, and wireless networks. A routing device may combine multiple networks into a single logical network such that devices on the logical network appear to be on the same network, such as combining a wired network and a wireless network together to form a single local network. The local network may also include multiple routing devices working together.
The routing device may also include an integrated switching device. Switching devices are commonly used to direct network traffic to a particular network port. For example, a switching device may maintain a record of the Media Access Control (MAC) addresses of all devices connected to the switching device, the record being associated with the particular network port to which the respective device is connected. The switching device may then direct the network traffic directly to the appropriate network port, rather than, for example, broadcasting the network traffic to all network ports.
Since the local network is interconnected with the internet using routing devices, some routing devices (such as configured with
(McAfee is a registered trademark owned by McAfee, LLC) a router of a Secure Home Platform (SHP) may be configured with security tools, such as tools that prevent or suspend internet access to certain devices.According to certain aspects of the present disclosure, blocking functionality may be extended in the context of network security. For example, malware requires a connection between two devices to propagate. This connection may be between a device located on the external network and another device on the internal network, or may be between two devices connected to the internal network. Preventing network access by local devices to internal networks and other devices on the internet at the router helps to improve security by preventing typical connections through which malware may propagate. Additionally, as the number and complexity of internet-connected devices (e.g., video streaming media players, internet of things (IoT) devices, etc.) added to a network increases, in certain situations, such as at night, it may be desirable to disable internet connections associated with a group of these devices or alter other router security settings to help improve privacy, improve data usage efficiency, and prevent unauthorized access.
Drawings
Fig. 1 is a block diagram illustrating a system of security modes for enhanced network security in accordance with aspects of the present disclosure.
Fig. 2 is a block diagram illustrating a router configured with a secure mode in accordance with aspects of the present disclosure.
FIG. 3 illustrates a UI for device selection for secure mode in accordance with aspects of the present disclosure.
FIG. 4 illustrates a UI for security setting configuration in accordance with aspects of the present disclosure.
FIG. 5 illustrates a UI for controlling a security mode in accordance with aspects of the present disclosure.
Fig. 6 is a flow diagram illustrating a method of security mode for enhanced network security in accordance with aspects of the present disclosure.
FIG. 7 is a block diagram illustrating a programmable device according to one embodiment.
FIG. 8 is a block diagram illustrating a programmable device according to one embodiment.
Detailed Description
In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances, structures and devices are shown in block diagram form in order to avoid obscuring the invention. References to numbers without a subscript or suffix should be understood to refer to all instances of the subscript and suffix that correspond to the referenced number. Moreover, the language used in the present disclosure has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter, but rather may be resort to the claims being necessary to determine such inventive subject matter. Reference in the specification to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least one embodiment of the invention, and multiple references to "one embodiment" or "an embodiment" should not be understood as necessarily all referring to the same embodiment.
As used herein, the term "programmable device" may refer to a single programmable device or a plurality of programmable devices that work together to perform the functions described as being performed on or by a programmable device. Similarly, a "machine-readable medium" may refer to a single physical medium or to multiple media that may collectively store the material described as being stored on the machine-readable medium.
As used herein, the term "computer system" may refer to a single computer or a plurality of computers working together to perform the functions described as being performed on or by the computer system.
As used herein, the terms "media" and "memory" refer to one or more non-transitory physical media that together store content described as being stored thereon. Implementations may include non-volatile secondary memory, Read Only Memory (ROM), and/or Random Access Memory (RAM).
A routing device may be configured to adjust internet connectivity and security settings for a group of devices connected to the routing device. For example, based on a request received from a user, network access for a group of devices may be disabled, the ability to add new devices to the local network may be disabled, and the guest network may be disabled.
Referring now to fig. 1, fig. 1 is a block diagram illustrating a system 100 for a security mode for enhanced network security in accordance with aspects of the present invention. System 100 includes a local network 102 connected to a data center 104 via a network 106, such as the internet. The local network 102 includes a plurality of devices, including wireless devices 108 (such as IoT devices, security cameras, streaming devices, etc.), portable devices 110 (such as laptop computers, handheld devices, tablets, etc.), and wired devices 112 (such as personal computers). These devices may be connected to network 106 via router 114. Further, one or more of devices 108-112 and router 114 may be connected via network 106 to a server 120, which server 120 operates in data center 104 and is connected to a database 122.
As an example, router 114 may be configured to run a client management and security platform that implements a security mode to help secure local network 102. The client platform may be controlled by, or configured in conjunction with, a client application, such as an app running on a mobile device, a web application within a browser on a user device or some other device. The client application may communicate directly through local network 102 with the client platform on router 114.
In some cases, the client application may communicate with the server 120, and then the server 120 communicates with the client platform on the router 114. For example, the mobile app may receive a request from a user to perform an action via input of the mobile app UI. The mobile app may interface with server 120 and send an indication to server 120 to cause router 114 to perform an action. After server 120 receives the request, server 120 may relay, reformat, or otherwise send an indication to router 114 to direct router 114 to perform the action. By communicating the request directly with server 120, the user is able to adjust the security mode not only when connected to local network 102, but also remotely when not connected to local network 102 (such as when on a cellular network). The server 120 may also include logic to prevent blocking network access by user devices running mobile apps.
Referring to fig. 2, fig. 2 is a block diagram illustrating a router 200 configured with a secure mode in accordance with aspects of the present disclosure. The router 200 includes a number of network interfaces, including a Wide Area Network (WAN)
In some cases, server 120 may store or track configuration and security information for router 114. For example, server 120 may include
When the functionality of certain devices is not utilized, it may be desirable to have enhanced network security by restricting network access of those devices. In such a case, it may be advantageous to disable network access for those devices, allow for reduced attack surface (attack), and reduce the use of network resources. For example, when audio/video (AV) streaming devices or smart tv functionality is not required (such as no one there or late at night), network access for those devices may be limited. There are many scenarios where the functionality of the device may not be required, and different network security modes may be applicable for these scenarios. For example, if no human presence is expected for a longer period of time, the ability to add a new device to the network may be securely disabled. For example, at night, when someone may still add a device, it may not be desirable to disable the addition of a new device. Multiple security modes may be defined based on, for example, common situations where certain device functionality may not be required. For example, in the case of a home user, security modes may be defined for these scenarios: the user is away from home or the user is at home but expects not to use certain devices (such as at night).
Different security modes may be associated with different sets of devices to allow adaptation of the security modes to different scenarios. For example, a first security mode (such as a night mode) may be associated with a different set of devices connected to the LAN than a second security mode (such as a leave mode). Fig. 3 illustrates a UI 300 for device selection of a secure mode according to aspects of the present disclosure. In some cases, UI 300,
A UI 300 may be provided to allow a user to select a device from the LAN that is associated with a certain security mode. The router may obtain information from devices connected to the LAN, such as from the wireless device 302, the wired device 304, and the mobile device 306. This information may be obtained, for example, using the universal plug and play (UPnP) protocol, and may include device information such as device name, description, MAC address, and IP address. As indicated by the security mode identifier element 310, the user may select one or more devices for inclusion in the security mode using a selection element 308 (such as a button, toggle, switch, etc.).
Each security mode may be associated with a separate set of devices. The set of devices may be selected by the user, for example, during a security mode setting, after a device has connected to the LAN, or after a new device is added to the LAN. In some cases, a device may be automatically added to one or more security modes. For example, during setup or if a new device is added, the profile (e.g., device fingerprint) for a given device may be derived based on information obtained from the device, such as UPnP information. The device profile may be compared to a database (such as a local database or an online database) and added to one or more security models based on the comparison. For example, a newly added device may be automatically added to a secure mode when the device has a device profile that is consistent with the device profile that most other users have added to the secure mode.
The multiple security modes allow the security modes to be further adapted to different scenarios. For example, a router may include one or more predefined security modes, such as a night security mode and/or an away security mode. User-defined security modes may also be configured. Each security mode may be configured to include a set of security settings that are enabled when the security mode is in an active state. The set of security settings may be configured, for example, by a user for each security mode.
Fig. 4 illustrates a
Security settings may be implemented, for example, by adjusting the appropriate router configuration. For example, blocking all network access may be achieved by: the routing table is adjusted to drop (e.g., discard) all packets sent to or received from the blocked device or forward the packets to another security module for further inspection or processing. As an example of forwarding, a data packet sent to or received from a blocked device may be forwarded to another security module, such as a mode-recognition enabled security module, which checks whether the data packet conforms to a data packet mode of a similar device. This forwarding may be internal to the routing device, across multiple devices, or across a network. Likewise, the blocking new device may drop or forward all packets sent or received by any device not previously connected to the router. In some cases, security settings may adjust or configure features that are not traditionally associated with router functions. For example, activating the security mode may improve the alertness of network monitoring, such as by SHP. Such increased alertness may, for example, adjust a sensitivity level of an alarm that may be notified to a user, adjust a content filter, and/or the like. For the safe mode, some or a minimum number of safety settings may also be required. For example, each security mode may be required to prevent network access by an associated set of devices, or each security mode must have at least one associated security setting.
Fig. 5 illustrates a
In some cases, the secure mode may also be activated without a conventionally displayed UI. For example, the security schema may be bound to IoT sensors or devices. For example, the security mode may be based on an indication from an IoT sensor or device (such as a security keypad), that no person is detected within a set period of time. The secure mode may also be used to adjust the configuration of the device. For example, an instruction may be transmitted to a device, such as a remote door lock, that deactivates the remote door lock based on the security mode or activates the home security system based on the indicated security mode. In some cases, security modes may be planned, for example, activating or deactivating particular security modes based on a schedule or geofence location.
FIG. 6 is a flow diagram illustrating a
Referring now to fig. 7, a block diagram illustrates a programmable device 700 that may be used to implement the techniques described herein, according to one embodiment. Programmable device 700 shown in fig. 7 is a multi-processor programmable device that includes a first processing element 770 and a second processing element 780. Although two processing elements 770 and 780 are shown, an embodiment of programmable device 700 may include only one such processing element.
Programmable device 700 is illustrated as a point-to-point interconnect system in which a first processing element 770 and a second processing element 780 are coupled via a point-to-point interconnect 750. Any or all of the interconnects shown in fig. 7 may be implemented as multi-drop buses rather than point-to-point interconnects.
As shown in fig. 7, respective processing elements 770 and 780 may be multicore processors, including first and second processor cores (i.e., processor cores 774a and 774b and processor cores 784a and 784 b). Such cores 774a, 774b, 784a, 784b may be configured to execute instruction code. However, other embodiments may use the processing element as a single core processor, as desired. In embodiments with multiple processing elements 770, 780, the various processing elements may be implemented with different numbers of cores as desired.
Each processing element 770, 780 may include at least one shared cache 746. The shared caches 746a, 746b may store data (e.g., instructions) that are utilized by one or more components of the processing element, such as the cores 774a, 774b and 784a, 784b, respectively. For example, the shared cache may locally cache data stored in memories 732, 734 for faster access by components of processing elements 770, 780. In one or more embodiments, the shared caches 746a, 746b may include one or more intermediate levels of cache (such as a level 2 (L2), level 3 (L3), level 4 (L4), or other levels of cache), Last Level Cache (LLC), or a combination thereof.
Although fig. 7 illustrates a programmable device having two processing elements 770, 780 for clarity, the scope of the invention is not so limited and any number of processing elements may be present. Alternatively, one or more of the processing elements 770, 780 may be an element other than a processor, such as a Graphics Processing Unit (GPU), a Digital Signal Processing (DSP) unit, a field programmable gate array, or any other programmable processing element. Processing element 780 may be heterogeneous or asymmetric with processing element 770. Various differences between the processing elements 770, 780 may exist in terms of metrics that include a range of metrics for architectural, microarchitectural, thermal, power consumption characteristics, etc. These differences may effectively exhibit their own asymmetry and heterogeneity amongst the processing elements 770, 780. In some embodiments, the various processing elements 770, 780 may reside in the same die package.
First processing element 770 may also include memory controller logic (MC)772 and point-to-point (P-P) interconnects 776 and 778. Similarly, second processing element 780 may include MC 782 and P-P interconnects 786 and 788. As shown in fig. 7, MC772 and 782 couple processing elements 770, 780 to respective memories, namely a memory 732 and a memory 734, which may be portions of main memory locally attached to the respective processors. Although MC logic 772 and 782 are illustrated as being integrated into processing elements 770, 780, in some embodiments memory controller logic may be discrete logic external to processing elements 770, 780 rather than integrated therein.
Processing element 770 and processing element 780 may be coupled to I/O subsystem 790 through links 752 and 754 via respective P-P interconnects 776 and 786. As shown in FIG. 7, I/O subsystem 790 includes P-P interconnects 794 and 798. In addition, the I/O subsystem 790 includes an interface 792 to couple the I/O subsystem 790 with a high performance graphics engine 738. In one embodiment, a bus (not shown) may be used to couple graphics engine 738 to I/O subsystem 790. Alternatively, point-to-point interconnect 739 may couple these components.
In turn, the I/O subsystem 790 may be coupled to a first link 716 via an interface 796. In one embodiment, first link 716 may be a Peripheral Component Interconnect (PCI) bus, or a bus such as a PCI Express bus or another I/O interconnect bus, although the scope of the present invention is not so limited.
As shown in fig. 7, various I/O devices 714, 724 may be coupled to the first link 716 along with a bridge 718, which bridge 718 may couple the first link 716 to the second link 710. In one embodiment, second link 710 may be a Low Pin Count (LPC) bus. In one embodiment, various devices may be coupled to the second link 720 including, for example, a keyboard/mouse 712, communication devices 726 (which may in turn be in communication with the network 703), and a data storage unit 728 (such as a disk drive or other mass storage device), which data storage unit 728 may include code 730. Code 730 may include instructions for performing implementations of one or more of the techniques described above. Further, an audio I/O724 may be coupled to the second link 710.
Note that other embodiments are contemplated. For example, instead of the point-to-point architecture of fig. 7, a system may implement a multi-drop bus or another such communication topology. Although links 716 and 720 are shown in fig. 7 as buses, any desired type of link may be used. Additionally, more or fewer integrated chips than shown in FIG. 7 may alternatively be used to divide the elements of FIG. 7.
Referring now to fig. 8, a block diagram illustrates a
FIG. 8 illustrates that processing
The programmable devices depicted in fig. 7 and 8 are schematic illustrations of embodiments of programmable devices that can be used to implement the various embodiments discussed herein. The various components of the programmable devices depicted in fig. 7 and 8 may be combined in a system on chip (SoC) architecture.
The following examples relate to other embodiments.
Example 1 is a machine-readable medium having instructions stored thereon for an enhanced security mode for blocking network access for a set of devices, the instructions comprising instructions that when executed cause a programmable device to: receiving an indication of a security mode of a plurality of security modes, the security mode comprising a set of security settings associated with a set of networking devices of a plurality of networking devices connected to a local network, wherein each security mode of the plurality of security modes is associated with a different set of security settings, and wherein the set of security settings comprises at least blocking network access by the set of networking devices; selecting the set of networking devices based on the indicated security mode; and directing application of the set of security settings to the selected set of networked devices.
In example 2, the subject matter of example 1 optionally includes: wherein blocking network access comprises blocking internet and intranet access.
In example 3, the subject matter of example 2 optionally includes: wherein the indication of the security mode is received from a user equipment over a network separate from the local network.
In example 4, the subject matter of example 1 optionally includes: wherein the set of security settings associated with the security mode is different from another set of security settings associated with another security mode of the set of security modes.
In example 5, the subject matter of example 1 optionally includes: wherein the instructions further comprise instructions that when executed cause a routing device to disable a guest network based on the indication of the secure mode.
In example 6, the subject matter of example 1 optionally includes: wherein receiving the indication of the secure mode comprises receiving, from a mobile device, a user selection of the secure mode from a plurality of secure modes.
In example 7, the subject matter of example 1 optionally includes: wherein the instructions further comprise instructions that when executed cause the routing device to prevent joining of a new device to the local network based on the indicated security mode.
Example 8 is a method for enhanced security mode for preventing network access of a set of devices, the method comprising: receiving, from a user, a first indication of a first security mode selected from a plurality of security modes; selecting a first predetermined set of networking devices based on the first security mode; direct blocking of network access by the first predetermined set of networking devices; directing a prevention of joining a new device to a local network based on the first security mode.
In example 9, the subject matter of example 8 can optionally include: receiving, from the user, a second indication of a second security mode selected from the plurality of security modes; selecting a second predetermined set of networking devices based on the second security mode; blocking network access of the second predetermined set of networking devices.
In example 10, the subject matter of example 8 can optionally include: receiving, from the user, a selection of one or more devices from a plurality of devices connected to the network; assigning the selection of the one or more devices to the first predetermined set of networking devices.
In example 11, the subject matter of example 10 optionally includes: disabling at least the step of preventing the joining of the new device to the network based on a third indication that the first security mode is disabled; determining that the new device is connected to the network; displaying a fourth indication to the user that the new device is connected to the network and the plurality of security modes to the user; receiving a selection of the first security mode from the user; and assigning the new device to the first predetermined set of networking devices.
In example 12, the subject matter of example 8 can optionally include: wherein the step of blocking network access comprises blocking internet and intranet access.
In example 13, the subject matter of example 12 optionally includes: wherein the first indication of the first security mode is received from a user equipment over a network separate from the local network.
In example 14, the subject matter of example 12 optionally includes: wherein the first predetermined set of networking devices is a subset of all networking devices on the network.
In example 15, the subject matter of example 8 can optionally include: the method also includes directing another device to take one or more actions based on the indicated first security mode.
Example 16 is an apparatus for an enhanced security mode for preventing network access of a set of devices, the apparatus comprising: a memory to store instructions to enhance a security mode; one or more network interfaces operatively coupled to one or more networking devices; a processor operatively coupled to the memory and one or more network interfaces and adapted to execute the instructions stored in the memory, the instructions causing the processor to: receiving an indication of a secure mode; receiving an indication of a secure mode; selecting a set of networking devices based on the indication of the secure mode; preventing network access of the set of networked devices; and preventing joining of the new device to the local network based on the indicated security mode.
In example 17, the subject matter of example 16 optionally includes: wherein blocking network access comprises blocking internet and intranet access.
In example 18, the subject matter of example 17 can optionally include: wherein blocking network access further comprises one of: dropping data packets sent to and from the blocked device or forwarding the data packets for further security processing.
In example 19, the subject matter of example 16 optionally includes: wherein the set of networking devices is a subset of all networking devices on the network.
In example 20, the subject matter of example 16 optionally includes: wherein the instructions stored in the memory further cause the processor to disable a guest network based on the indicated security mode.
It is to be understood that the above description is intended to be illustrative, and not restrictive. For example, the above embodiments may be used in combination with each other. Many other embodiments will be apparent to those of skill in the art upon reading the above description. The scope of the invention should, therefore, be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:用于支持V2X业务的控制信道结构设计