Field
Embodiments of the present invention generally relate to the field of computer networks. In particular, systems and methods of the present disclosure relate to implementation of application layer security by identifying end users and implementing security rules based on application layer information.
Description of the Related Art
With users becoming more active on the Internet, concerns relating to network security have grown significantly, not only from traffic originating from outside an enterprise network, but also for traffic originating from within an organization's network. Multiple network appliances, such as routers, firewalls, network intrusion detection systems, among other access control mechanisms, have been implemented to determine the type and characteristics of traffic that are valid and allowed to be forwarded into or out of a protected network. Network appliances are configured to define and use one or more security rules that indicate actions to be performed by the network appliance when network packets are received by them, wherein each security rule can include a matching criteria, which when met, specifies a desired action to be performed. For instance, a security rule can be: “every week day, after 7 PM to 6 AM” all traffic from external interfaces to internal interfaces should be handled in a particular manner (e.g., blocked, disallowed or dropped). Security rules therefore define actions (such as block, allow or other advanced operations, such as scan traffic or bypass traffic) to be performed when corresponding criteria are met.
Most existing network appliances define security rules based on network layer (layer 3) information, such as source Internet Protocol (IP) address, destination IP address, source port, destination port, among other such information, wherein such security rules are configured to allow, block, rate limit, or perform any other defined function on received packets. Some network appliances also implement security rules based on an application type with which the received packet is associated. Such security rules are limited in that they lack user-level granularity, thereby not providing customized security rule settings that can distinguish among end users of an organization, for instance. While there are network security appliances that provide extraordinary flexibility by allowing scripts to be written for processing packets, the price of this flexibility is increased complexity and burden on the network administrator. Therefore, there is a need for systems and methods that allow for implementation of application layer security based on end users and permit the end users to achieve single sign on for network transactions.