Bank of America Corporation
Network device removal for access control and information security

Abstract:

A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in the device log file using the device identifier. The threat management server determines the number of times the device has failed authentication exceeds a first threshold value within a first time period and determines the number of times the device has passed authentication is less than a second threshold value within a second time period. The threat management engine determines the device does not have a lease for the port on the switch and blocks the device from accessing the network via the port on the switch in response to identifying the device for removal.