Detection and management of cascade vulnerability security breaches when connecting computers having different security levels

摘要

A computer 110A operable to connect to a further computer 110B comprising: authorisation means 130A to process a request for a connection to a further computer, and to issue a provisional authorisation if the connection is permissible; means 140A to forward a connection request to the further computer on the basis of a provisional authorisation, the connection request describing the computer to enable the further computer to further authorise the connection; cascade vulnerability checking means 130A operable, upon receipt of the further authorisation, to carry out a cascade vulnerability check on the connection; means for receiving a result of a corresponding cascade vulnerability check run on the further computer; means to, upon establishing a cascade vulnerability does not exist, issue a connection implementation message to the further computer; and update means operable to send, to other computers connected to the computer information describing the connection to the further computer.