Patent attributes
Systems and methods are disclosed that make security policy decisions based on a packet of a communication establishment handshake. The packet is intercepted and provided to a policy manger. If a security check fails, the communication session is not permitted to be established. In one example, the system includes network device (e.g., a network address translator) and a policy manager. The network address translator can receive Transmission Control Protocol (TCP) communication session establishment handshake packets and redirect each packet that is part of the TCP handshake to the policy manager rather than to the computing node targeted by the packet. The policy manager prevents the redirected packet from being forwarded to a targeted computing node in the provider network to thereby disallow the communication session from being established based on a comparison of at least information in a header of the packet to a set of security policies.
