阅读说明：本技术 用于增强的网络安全性的安全模式 (Security model for enhanced network security ) 是由 N·甘地 于 2018-12-20 设计创作，主要内容包括：公开了与用于保护网络的增强安全模式有关的技术。这些技术包括机器可读介质,所述机器可读介质上存储有指令,所述指令包括在被执行时使设备执行以下操作的指令：接收多个安全模式中的安全模式的指示,该安全模式包括与连接到本地网络的多个连网设备中的连网设备集合相关联的安全设置集合,并且其中,所述安全设置集合包括至少阻止所述连网设备集合的网络访问；基于所指示的安全模式来选择所述连网设备集合；以及引导将所述安全设置集合应用到所选择的连网设备集合。(Techniques related to enhanced security modes for protecting networks are disclosed. These techniques include a machine-readable medium having instructions stored thereon, the instructions including instructions that when executed cause an apparatus to: receiving an indication of a security mode of a plurality of security modes, the security mode comprising a set of security settings associated with a set of networking devices of a plurality of networking devices connected to a local network, and wherein the set of security settings comprises at least preventing network access by the set of networking devices; selecting the set of networking devices based on the indicated security mode; and directing application of the set of security settings to the selected set of networked devices.)

1. A machine-readable medium having instructions stored thereon for an enhanced security mode for blocking network access for a set of devices, the instructions comprising instructions that when executed cause a programmable device to:

receiving an indication of a security mode of a plurality of security modes, the security mode comprising a set of security settings associated with a set of networking devices of a plurality of networking devices connected to a local network, wherein each security mode of the plurality of security modes is associated with a different set of security settings, and wherein the set of security settings comprises at least blocking network access by the set of networking devices;

selecting the set of networking devices based on the indicated security mode; and

direct application of the set of security settings to the selected set of networked devices.

2. The machine-readable medium of claim 1, wherein blocking network access comprises blocking internet and intranet access.

3. The machine-readable medium of claim 2, wherein the indication of the security mode is received from a user equipment over a network separate from the local network.

4. The machine-readable medium of claim 1, wherein the set of security settings associated with the security mode is different from another set of security settings associated with another security mode of the set of security modes.

5. The machine readable medium of claim 1, wherein the instructions further comprise instructions that when executed cause a routing device to disable a guest network based on the indication of the secure mode.

6. The machine-readable medium of claim 1, wherein receiving the indication of the secure mode comprises receiving a user selection of the secure mode from a plurality of secure modes from a mobile device.

7. The machine readable medium of claim 1, wherein the instructions further comprise instructions that when executed cause a routing device to block joining a new device to the local network based on the indicated security mode.

8. A method for enhancing security mode for preventing network access of a set of devices, the method comprising the steps of:

receiving, from a user, a first indication of a first security mode selected from a plurality of security modes;

selecting a first predetermined set of networking devices based on the first security mode;

direct blocking of network access by the first predetermined set of networking devices; and

directing a prevention of joining a new device to a local network based on the first security mode.

9. The method of claim 8, further comprising:

receiving, from the user, a second indication of a second security mode selected from the plurality of security modes;

selecting a second predetermined set of networking devices based on the second security mode; and

blocking network access of the second predetermined set of networking devices.

10. The method of claim 8, further comprising:

receiving, from the user, a selection of one or more devices from a plurality of devices connected to the network; and

assigning the selection of the one or more devices to the first predetermined set of networking devices.

11. The method of claim 10, further comprising:

disabling at least the step of preventing the joining of the new device to the network based on a third indication that the first security mode is disabled;

determining that the new device is connected to the network;

displaying a fourth indication to the user that the new device is connected to the network and the plurality of security modes to the user;

receiving a selection of the first security mode from the user; and

assigning the new device to the first predetermined set of networking devices.

12. The method of claim 8, wherein the step of blocking network access comprises blocking internet and intranet access.

13. The method of claim 12, wherein the first indication of the first security mode is received from a user equipment over a network separate from the local network.

14. The method of claim 12, wherein the first predetermined set of networking devices is a subset of all networking devices on the network.

15. The method of claim 8, further comprising: directing another device to take one or more actions based on the indicated first security mode.

16. An apparatus for an enhanced security mode for preventing network access of a set of devices, the apparatus comprising:

a memory to store instructions to enhance a security mode;

one or more network interfaces operatively coupled to one or more networking devices; and

a processor operatively coupled to the memory and one or more network interfaces and adapted to execute the instructions stored in the memory, the instructions causing the processor to:

receiving an indication of a secure mode;

selecting a set of networking devices based on the indication of the secure mode;

preventing network access of the set of networked devices; and

preventing joining of the new device to the local network based on the indicated security mode.

17. The apparatus of claim 16, wherein blocking network access comprises blocking internet and intranet access.

18. The apparatus of claim 17, wherein blocking network access further comprises one of: dropping data packets sent to and from the blocked device or forwarding the data packets for further security processing.

19. The apparatus of claim 16, wherein the set of networking devices is a subset of all networking devices on the network.

20. The apparatus of claim 16, wherein the instructions stored in the memory further cause the processor to disable a guest network based on the indicated security mode.

Technical Field

Embodiments described herein relate generally to network security and privacy, and more particularly to a security mode for enhanced network security by preventing network access of a set of devices.

Background

The field of network security is becoming increasingly important and complex in today's society. The network environment is actually configured for each home, business, or organization, which typically has multiple interconnected computers (e.g., end user computers, laptops, servers, printing devices, internet of things (IoT) devices, etc.). In many enterprises, Information Technology (IT) administrators may be responsible for maintaining and controlling the network environment, including executable software files (e.g., web application files) on hosts, servers, and other network computers. At home, often inexperienced end users may handle such tasks with various devices operating in a network environment that is often less controlled. As the number of executable software files in a network environment increases, the ability to effectively control, maintain, and repair these files may become more difficult. Furthermore, today's computer and communication networks encompass mobile devices such as smartphones, tablet computers, and the like that allow users to quickly download and install applications on these devices with minimal supervision. Accordingly, innovative tools are needed to assist home users and IT administrators in effectively controlling and managing applications and devices running within their communication network environments. Such tools may include tools for a security mode of enhanced network security.

Such tools may run on a routing device such as a router. Routing devices are commonly used to forward data packets, such as Internet Protocol (IP) data packets, between devices on one network, such as the internet, and another network, such as a local network, sometimes referred to as an intranet, or Local Area Network (LAN). The routing device may interconnect any number of networks together, typically one network interface per network, as long as sufficient network interfaces are provided. For example, a typical home router may include network interfaces for the internet, wired networks, and wireless networks. A routing device may combine multiple networks into a single logical network such that devices on the logical network appear to be on the same network, such as combining a wired network and a wireless network together to form a single local network. The local network may also include multiple routing devices working together.

The routing device may also include an integrated switching device. Switching devices are commonly used to direct network traffic to a particular network port. For example, a switching device may maintain a record of the Media Access Control (MAC) addresses of all devices connected to the switching device, the record being associated with the particular network port to which the respective device is connected. The switching device may then direct the network traffic directly to the appropriate network port, rather than, for example, broadcasting the network traffic to all network ports.

Since the local network is interconnected with the internet using routing devices, some routing devices (such as configured with

(McAfee is a registered trademark owned by McAfee, LLC) a router of a Secure Home Platform (SHP) may be configured with security tools, such as tools that prevent or suspend internet access to certain devices.

According to certain aspects of the present disclosure, blocking functionality may be extended in the context of network security. For example, malware requires a connection between two devices to propagate. This connection may be between a device located on the external network and another device on the internal network, or may be between two devices connected to the internal network. Preventing network access by local devices to internal networks and other devices on the internet at the router helps to improve security by preventing typical connections through which malware may propagate. Additionally, as the number and complexity of internet-connected devices (e.g., video streaming media players, internet of things (IoT) devices, etc.) added to a network increases, in certain situations, such as at night, it may be desirable to disable internet connections associated with a group of these devices or alter other router security settings to help improve privacy, improve data usage efficiency, and prevent unauthorized access.

Drawings

Fig. 1 is a block diagram illustrating a system of security modes for enhanced network security in accordance with aspects of the present disclosure.

Fig. 2 is a block diagram illustrating a router configured with a secure mode in accordance with aspects of the present disclosure.

FIG. 3 illustrates a UI for device selection for secure mode in accordance with aspects of the present disclosure.

FIG. 4 illustrates a UI for security setting configuration in accordance with aspects of the present disclosure.

FIG. 5 illustrates a UI for controlling a security mode in accordance with aspects of the present disclosure.

Fig. 6 is a flow diagram illustrating a method of security mode for enhanced network security in accordance with aspects of the present disclosure.

FIG. 7 is a block diagram illustrating a programmable device according to one embodiment.

FIG. 8 is a block diagram illustrating a programmable device according to one embodiment.

Detailed Description

In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances, structures and devices are shown in block diagram form in order to avoid obscuring the invention. References to numbers without a subscript or suffix should be understood to refer to all instances of the subscript and suffix that correspond to the referenced number. Moreover, the language used in the present disclosure has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter, but rather may be resort to the claims being necessary to determine such inventive subject matter. Reference in the specification to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least one embodiment of the invention, and multiple references to "one embodiment" or "an embodiment" should not be understood as necessarily all referring to the same embodiment.

As used herein, the term "programmable device" may refer to a single programmable device or a plurality of programmable devices that work together to perform the functions described as being performed on or by a programmable device. Similarly, a "machine-readable medium" may refer to a single physical medium or to multiple media that may collectively store the material described as being stored on the machine-readable medium.

As used herein, the term "computer system" may refer to a single computer or a plurality of computers working together to perform the functions described as being performed on or by the computer system.

As used herein, the terms "media" and "memory" refer to one or more non-transitory physical media that together store content described as being stored thereon. Implementations may include non-volatile secondary memory, Read Only Memory (ROM), and/or Random Access Memory (RAM).

A routing device may be configured to adjust internet connectivity and security settings for a group of devices connected to the routing device. For example, based on a request received from a user, network access for a group of devices may be disabled, the ability to add new devices to the local network may be disabled, and the guest network may be disabled.

Referring now to fig. 1, fig. 1 is a block diagram illustrating a system 100 for a security mode for enhanced network security in accordance with aspects of the present invention. System 100 includes a local network 102 connected to a data center 104 via a network 106, such as the internet. The local network 102 includes a plurality of devices, including wireless devices 108 (such as IoT devices, security cameras, streaming devices, etc.), portable devices 110 (such as laptop computers, handheld devices, tablets, etc.), and wired devices 112 (such as personal computers). These devices may be connected to network 106 via router 114. Further, one or more of devices 108-112 and router 114 may be connected via network 106 to a server 120, which server 120 operates in data center 104 and is connected to a database 122.

As an example, router 114 may be configured to run a client management and security platform that implements a security mode to help secure local network 102. The client platform may be controlled by, or configured in conjunction with, a client application, such as an app running on a mobile device, a web application within a browser on a user device or some other device. The client application may communicate directly through local network 102 with the client platform on router 114.

In some cases, the client application may communicate with the server 120, and then the server 120 communicates with the client platform on the router 114. For example, the mobile app may receive a request from a user to perform an action via input of the mobile app UI. The mobile app may interface with server 120 and send an indication to server 120 to cause router 114 to perform an action. After server 120 receives the request, server 120 may relay, reformat, or otherwise send an indication to router 114 to direct router 114 to perform the action. By communicating the request directly with server 120, the user is able to adjust the security mode not only when connected to local network 102, but also remotely when not connected to local network 102 (such as when on a cellular network). The server 120 may also include logic to prevent blocking network access by user devices running mobile apps.

Referring to fig. 2, fig. 2 is a block diagram illustrating a router 200 configured with a secure mode in accordance with aspects of the present disclosure. The router 200 includes a number of network interfaces, including a Wide Area Network (WAN) interface 202 for connecting to external networks, such as the internet, as well as a wireless Local Area Network (LAN) interface 204 and a wired LAN interface 206. Router 200 may also be configured to run software stored in storage 208. The software may include a number of modules, such as a User Interface (UI)210 and a security module 212. The security module 212 may include code configured to implement a secure mode. The UI 210 may include code and resources for implementing a UI, such as icons and other UI elements. The storage 208 may also hold routing information 214 and security configuration information 216. The security settings and security modes may be stored as part of the security configuration information 216. The routing information 214 may include routing tables for routing packets between WAN devices and LAN devices.

In some cases, server 120 may store or track configuration and security information for router 114. For example, server 120 may include security module 212 and maintain security configuration information 216 for router 114, such as device lists and security settings associated with various security modes. When a change is made, server 120 may send an indication to router 114. The indication may, for example, direct router 114 to update or change routing information 214 stored on router 114.

When the functionality of certain devices is not utilized, it may be desirable to have enhanced network security by restricting network access of those devices. In such a case, it may be advantageous to disable network access for those devices, allow for reduced attack surface (attack), and reduce the use of network resources. For example, when audio/video (AV) streaming devices or smart tv functionality is not required (such as no one there or late at night), network access for those devices may be limited. There are many scenarios where the functionality of the device may not be required, and different network security modes may be applicable for these scenarios. For example, if no human presence is expected for a longer period of time, the ability to add a new device to the network may be securely disabled. For example, at night, when someone may still add a device, it may not be desirable to disable the addition of a new device. Multiple security modes may be defined based on, for example, common situations where certain device functionality may not be required. For example, in the case of a home user, security modes may be defined for these scenarios: the user is away from home or the user is at home but expects not to use certain devices (such as at night).

Different security modes may be associated with different sets of devices to allow adaptation of the security modes to different scenarios. For example, a first security mode (such as a night mode) may be associated with a different set of devices connected to the LAN than a second security mode (such as a leave mode). Fig. 3 illustrates a UI 300 for device selection of a secure mode according to aspects of the present disclosure. In some cases, UI 300, UI 400, and UI 500 may be displayed as part of an app running on a mobile device. In this case, the app may generate UI 300 using information provided by the router. For example, a router may provide data from the router, such as information about LAN connected devices. The app may provide UI components (such as layouts, icons, buttons, and other UI elements) and may use these UI components based on data from the router. In other cases, UI 300, UI 400, and UI 500 may be provided by a router, for example, as a Web application. The UI elements in fig. 3, 4, and 5 are illustrative, and one of ordinary skill in the art will appreciate that other UI elements, layouts, and formats may be used. After receiving an indication to display devices associated with a given security mode, UI 300 may be displayed.

A UI 300 may be provided to allow a user to select a device from the LAN that is associated with a certain security mode. The router may obtain information from devices connected to the LAN, such as from the wireless device 302, the wired device 304, and the mobile device 306. This information may be obtained, for example, using the universal plug and play (UPnP) protocol, and may include device information such as device name, description, MAC address, and IP address. As indicated by the security mode identifier element 310, the user may select one or more devices for inclusion in the security mode using a selection element 308 (such as a button, toggle, switch, etc.).

Each security mode may be associated with a separate set of devices. The set of devices may be selected by the user, for example, during a security mode setting, after a device has connected to the LAN, or after a new device is added to the LAN. In some cases, a device may be automatically added to one or more security modes. For example, during setup or if a new device is added, the profile (e.g., device fingerprint) for a given device may be derived based on information obtained from the device, such as UPnP information. The device profile may be compared to a database (such as a local database or an online database) and added to one or more security models based on the comparison. For example, a newly added device may be automatically added to a secure mode when the device has a device profile that is consistent with the device profile that most other users have added to the secure mode.

The multiple security modes allow the security modes to be further adapted to different scenarios. For example, a router may include one or more predefined security modes, such as a night security mode and/or an away security mode. User-defined security modes may also be configured. Each security mode may be configured to include a set of security settings that are enabled when the security mode is in an active state. The set of security settings may be configured, for example, by a user for each security mode.

Fig. 4 illustrates a UI 400 for security setting configuration in accordance with aspects of the present disclosure. After receiving an indication to display security settings for a given security mode, UI 400 may be displayed. UI 400 includes a security mode identifier element 410, the security mode identifier element 410 identifying a security mode: security settings may be adjusted for the security mode. One or more UI elements may be provided that may enable or disable security settings for the security mode. For example, the away mode UI element 402 indicates that the away mode is configured to block all network access of devices associated with the away mode, the guest network UI element 404 indicates that the away mode is configured to disable a configured guest network, and the block new device UI element 406 indicates that the away mode is configured to block addition of new devices to the LAN. Other security settings may also be provided, such as, but not limited to, preventing internet access while allowing intranet access, re-enabling scheduled times for network access, limiting internet access only to predefined sites, or other such settings. Some security settings may modify other security settings. For example, security settings that only block internet access may modify security settings that disable network access. Security settings that modify other security settings may be displayed as a subset of the security settings they modify. The security setting settings may also be user defined or customizable.

Security settings may be implemented, for example, by adjusting the appropriate router configuration. For example, blocking all network access may be achieved by: the routing table is adjusted to drop (e.g., discard) all packets sent to or received from the blocked device or forward the packets to another security module for further inspection or processing. As an example of forwarding, a data packet sent to or received from a blocked device may be forwarded to another security module, such as a mode-recognition enabled security module, which checks whether the data packet conforms to a data packet mode of a similar device. This forwarding may be internal to the routing device, across multiple devices, or across a network. Likewise, the blocking new device may drop or forward all packets sent or received by any device not previously connected to the router. In some cases, security settings may adjust or configure features that are not traditionally associated with router functions. For example, activating the security mode may improve the alertness of network monitoring, such as by SHP. Such increased alertness may, for example, adjust a sensitivity level of an alarm that may be notified to a user, adjust a content filter, and/or the like. For the safe mode, some or a minimum number of safety settings may also be required. For example, each security mode may be required to prevent network access by an associated set of devices, or each security mode must have at least one associated security setting.

Fig. 5 illustrates a UI 500 for controlling a security mode according to aspects of the present disclosure. To facilitate the use of the security mode, different security modes can be easily activated. For example, UI 500 illustrates a router configured with two security modes controlled by a away mode button 502 and a night mode button 504, respectively. UI 500 may indicate which security mode is currently activated, such as by showing night mode button 504 as pressed or otherwise activated and along with a textual indication. Although shown as buttons, any suitable UI element may be used to activate or deactivate the security mode. In some cases, a single security mode may be activated at a time unless otherwise configured, and when the security mode is not activated, the router may operate in a normal mode without the restrictions associated with the security mode.

In some cases, the secure mode may also be activated without a conventionally displayed UI. For example, the security schema may be bound to IoT sensors or devices. For example, the security mode may be based on an indication from an IoT sensor or device (such as a security keypad), that no person is detected within a set period of time. The secure mode may also be used to adjust the configuration of the device. For example, an instruction may be transmitted to a device, such as a remote door lock, that deactivates the remote door lock based on the security mode or activates the home security system based on the indicated security mode. In some cases, security modes may be planned, for example, activating or deactivating particular security modes based on a schedule or geofence location.

FIG. 6 is a flow diagram illustrating a method 600 of security mode for enhanced network security in accordance with an aspect of the present invention. At block 602, an indication of a security mode of a plurality of security modes is received. The indication may be received, for example, from an app running on the mobile device. The app may then interface directly with the router, or the app may interface with a server, which may then relay the indication to the router or direct the router to implement the indicated security mode. In other cases, the indication may be received from a web application executing in a browser on the client device, for example. In other cases, the indication may be received from an IoT device, such as a sensor, keypad, or remote button. A plurality of security modes may be predefined, for example, on a router to include a set of security settings for each security mode and a set of devices connected to the router through a local network. Based on the indicated security mode, a set of networking devices (network connected devices) is selected at block 604, and security settings are applied to the selected set of networking devices and network access is blocked for the selected set of networking devices at block 606.

Referring now to fig. 7, a block diagram illustrates a programmable device 700 that may be used to implement the techniques described herein, according to one embodiment. Programmable device 700 shown in fig. 7 is a multi-processor programmable device that includes a first processing element 770 and a second processing element 780. Although two processing elements 770 and 780 are shown, an embodiment of programmable device 700 may include only one such processing element.

Programmable device 700 is illustrated as a point-to-point interconnect system in which a first processing element 770 and a second processing element 780 are coupled via a point-to-point interconnect 750. Any or all of the interconnects shown in fig. 7 may be implemented as multi-drop buses rather than point-to-point interconnects.

As shown in fig. 7, respective processing elements 770 and 780 may be multicore processors, including first and second processor cores (i.e., processor cores 774a and 774b and processor cores 784a and 784 b). Such cores 774a, 774b, 784a, 784b may be configured to execute instruction code. However, other embodiments may use the processing element as a single core processor, as desired. In embodiments with multiple processing elements 770, 780, the various processing elements may be implemented with different numbers of cores as desired.

Each processing element 770, 780 may include at least one shared cache 746. The shared caches 746a, 746b may store data (e.g., instructions) that are utilized by one or more components of the processing element, such as the cores 774a, 774b and 784a, 784b, respectively. For example, the shared cache may locally cache data stored in memories 732, 734 for faster access by components of processing elements 770, 780. In one or more embodiments, the shared caches 746a, 746b may include one or more intermediate levels of cache (such as a level 2 (L2), level 3 (L3), level 4 (L4), or other levels of cache), Last Level Cache (LLC), or a combination thereof.

Although fig. 7 illustrates a programmable device having two processing elements 770, 780 for clarity, the scope of the invention is not so limited and any number of processing elements may be present. Alternatively, one or more of the processing elements 770, 780 may be an element other than a processor, such as a Graphics Processing Unit (GPU), a Digital Signal Processing (DSP) unit, a field programmable gate array, or any other programmable processing element. Processing element 780 may be heterogeneous or asymmetric with processing element 770. Various differences between the processing elements 770, 780 may exist in terms of metrics that include a range of metrics for architectural, microarchitectural, thermal, power consumption characteristics, etc. These differences may effectively exhibit their own asymmetry and heterogeneity amongst the processing elements 770, 780. In some embodiments, the various processing elements 770, 780 may reside in the same die package.

First processing element 770 may also include memory controller logic (MC)772 and point-to-point (P-P) interconnects 776 and 778. Similarly, second processing element 780 may include MC 782 and P-P interconnects 786 and 788. As shown in fig. 7, MC772 and 782 couple processing elements 770, 780 to respective memories, namely a memory 732 and a memory 734, which may be portions of main memory locally attached to the respective processors. Although MC logic 772 and 782 are illustrated as being integrated into processing elements 770, 780, in some embodiments memory controller logic may be discrete logic external to processing elements 770, 780 rather than integrated therein.

Processing element 770 and processing element 780 may be coupled to I/O subsystem 790 through links 752 and 754 via respective P-P interconnects 776 and 786. As shown in FIG. 7, I/O subsystem 790 includes P-P interconnects 794 and 798. In addition, the I/O subsystem 790 includes an interface 792 to couple the I/O subsystem 790 with a high performance graphics engine 738. In one embodiment, a bus (not shown) may be used to couple graphics engine 738 to I/O subsystem 790. Alternatively, point-to-point interconnect 739 may couple these components.

In turn, the I/O subsystem 790 may be coupled to a first link 716 via an interface 796. In one embodiment, first link 716 may be a Peripheral Component Interconnect (PCI) bus, or a bus such as a PCI Express bus or another I/O interconnect bus, although the scope of the present invention is not so limited.

As shown in fig. 7, various I/O devices 714, 724 may be coupled to the first link 716 along with a bridge 718, which bridge 718 may couple the first link 716 to the second link 710. In one embodiment, second link 710 may be a Low Pin Count (LPC) bus. In one embodiment, various devices may be coupled to the second link 720 including, for example, a keyboard/mouse 712, communication devices 726 (which may in turn be in communication with the network 703), and a data storage unit 728 (such as a disk drive or other mass storage device), which data storage unit 728 may include code 730. Code 730 may include instructions for performing implementations of one or more of the techniques described above. Further, an audio I/O724 may be coupled to the second link 710.

Note that other embodiments are contemplated. For example, instead of the point-to-point architecture of fig. 7, a system may implement a multi-drop bus or another such communication topology. Although links 716 and 720 are shown in fig. 7 as buses, any desired type of link may be used. Additionally, more or fewer integrated chips than shown in FIG. 7 may alternatively be used to divide the elements of FIG. 7.

Referring now to fig. 8, a block diagram illustrates a programmable device 800 in accordance with another embodiment. To avoid obscuring other aspects of fig. 8, certain aspects of fig. 8 have been omitted from fig. 8.

FIG. 8 illustrates that processing elements 870, 880 may include integrated memory and I/O control logic ("CL") 872 and 882, respectively. 872, 882 may include memory control logic (MC) such as described above in connection with fig. 7 in some embodiments. Additionally, the CL 872, 882 may also include I/O control logic. Fig. 8 illustrates that not only can the memories 832, 834 be coupled to the CL 872, 882, but also that the I/O devices 844 can be coupled to the control logic 872, 882. Legacy I/O devices 815 may be coupled to I/O subsystem 890 through interface 896. Each processing element 870, 880 may include multiple processor cores, illustrated in fig. 8 as processor cores 874A, 874B, 884A, and 884B. As shown in FIG. 8, I/O subsystem 890 includes point-to-point (P-P) interconnects 894 and 898, which are connected to P-P interconnects 876 and 886 of processing elements 870 and 880 using links 852 and 854. Processing elements 870 and 880 may also be interconnected by links 850 and interconnects 878 and 888, respectively.

The programmable devices depicted in fig. 7 and 8 are schematic illustrations of embodiments of programmable devices that can be used to implement the various embodiments discussed herein. The various components of the programmable devices depicted in fig. 7 and 8 may be combined in a system on chip (SoC) architecture.

The following examples relate to other embodiments.

Example 1 is a machine-readable medium having instructions stored thereon for an enhanced security mode for blocking network access for a set of devices, the instructions comprising instructions that when executed cause a programmable device to: receiving an indication of a security mode of a plurality of security modes, the security mode comprising a set of security settings associated with a set of networking devices of a plurality of networking devices connected to a local network, wherein each security mode of the plurality of security modes is associated with a different set of security settings, and wherein the set of security settings comprises at least blocking network access by the set of networking devices; selecting the set of networking devices based on the indicated security mode; and directing application of the set of security settings to the selected set of networked devices.

In example 2, the subject matter of example 1 optionally includes: wherein blocking network access comprises blocking internet and intranet access.

In example 3, the subject matter of example 2 optionally includes: wherein the indication of the security mode is received from a user equipment over a network separate from the local network.

In example 4, the subject matter of example 1 optionally includes: wherein the set of security settings associated with the security mode is different from another set of security settings associated with another security mode of the set of security modes.

In example 5, the subject matter of example 1 optionally includes: wherein the instructions further comprise instructions that when executed cause a routing device to disable a guest network based on the indication of the secure mode.

In example 6, the subject matter of example 1 optionally includes: wherein receiving the indication of the secure mode comprises receiving, from a mobile device, a user selection of the secure mode from a plurality of secure modes.

In example 7, the subject matter of example 1 optionally includes: wherein the instructions further comprise instructions that when executed cause the routing device to prevent joining of a new device to the local network based on the indicated security mode.

Example 8 is a method for enhanced security mode for preventing network access of a set of devices, the method comprising: receiving, from a user, a first indication of a first security mode selected from a plurality of security modes; selecting a first predetermined set of networking devices based on the first security mode; direct blocking of network access by the first predetermined set of networking devices; directing a prevention of joining a new device to a local network based on the first security mode.

In example 9, the subject matter of example 8 can optionally include: receiving, from the user, a second indication of a second security mode selected from the plurality of security modes; selecting a second predetermined set of networking devices based on the second security mode; blocking network access of the second predetermined set of networking devices.

In example 10, the subject matter of example 8 can optionally include: receiving, from the user, a selection of one or more devices from a plurality of devices connected to the network; assigning the selection of the one or more devices to the first predetermined set of networking devices.

In example 11, the subject matter of example 10 optionally includes: disabling at least the step of preventing the joining of the new device to the network based on a third indication that the first security mode is disabled; determining that the new device is connected to the network; displaying a fourth indication to the user that the new device is connected to the network and the plurality of security modes to the user; receiving a selection of the first security mode from the user; and assigning the new device to the first predetermined set of networking devices.

In example 12, the subject matter of example 8 can optionally include: wherein the step of blocking network access comprises blocking internet and intranet access.

In example 13, the subject matter of example 12 optionally includes: wherein the first indication of the first security mode is received from a user equipment over a network separate from the local network.

In example 14, the subject matter of example 12 optionally includes: wherein the first predetermined set of networking devices is a subset of all networking devices on the network.

In example 15, the subject matter of example 8 can optionally include: the method also includes directing another device to take one or more actions based on the indicated first security mode.

Example 16 is an apparatus for an enhanced security mode for preventing network access of a set of devices, the apparatus comprising: a memory to store instructions to enhance a security mode; one or more network interfaces operatively coupled to one or more networking devices; a processor operatively coupled to the memory and one or more network interfaces and adapted to execute the instructions stored in the memory, the instructions causing the processor to: receiving an indication of a secure mode; receiving an indication of a secure mode; selecting a set of networking devices based on the indication of the secure mode; preventing network access of the set of networked devices; and preventing joining of the new device to the local network based on the indicated security mode.

In example 17, the subject matter of example 16 optionally includes: wherein blocking network access comprises blocking internet and intranet access.

In example 18, the subject matter of example 17 can optionally include: wherein blocking network access further comprises one of: dropping data packets sent to and from the blocked device or forwarding the data packets for further security processing.

In example 19, the subject matter of example 16 optionally includes: wherein the set of networking devices is a subset of all networking devices on the network.

In example 20, the subject matter of example 16 optionally includes: wherein the instructions stored in the memory further cause the processor to disable a guest network based on the indicated security mode.

It is to be understood that the above description is intended to be illustrative, and not restrictive. For example, the above embodiments may be used in combination with each other. Many other embodiments will be apparent to those of skill in the art upon reading the above description. The scope of the invention should, therefore, be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.