Automatic client responses to worm or hacker attacks
First Claim
1. A method of responding to a suspected attack of a computing device on a network, the method comprising:
- responsive to receiving notification information indicative of the suspected attack, automatically evaluating the notification information;
selecting at least one response based upon the evaluation; and
executing at least one of the selected responses to reduce consequences of the attack
2 Assignments
0 Petitions
Accused Products
Abstract
A system in which a networked device automatically evaluates hacker attack notification information and, based thereon, selects and executes responses to the attack. The notification may include information such as the address of the infected system, identification of the specific worm, and a list of vulnerable applications and operating systems. The evaluation is based on factors including criticality and vulnerability of applications running on the system and connectivity of the device. A variety of automatic responses can be selected, including notification of network administration, shutdown of the device or services running on the device, updating and activation of anti-virus software, and selective handling of data sent from the address of the suspect network device. The selection of responses can occur automatically based on rules input during setup or by intervention of network administration.
-
Citations
28 Claims
-
1. A method of responding to a suspected attack of a computing device on a network, the method comprising:
-
responsive to receiving notification information indicative of the suspected attack, automatically evaluating the notification information;
selecting at least one response based upon the evaluation; and
executing at least one of the selected responses to reduce consequences of the attack - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer program stored on a storage medium for storing computer executable management agent program code, capable of invoking an automatic client response to worm and hacker attacks within a local area network, comprising:
-
program code means for evaluating a notification of a worm or hacker attack;
program code means for selecting an automatic client response to reduce the vulnerability of the network device to the worm or hacker attack; and
program code means for executing selected automatic responses by the network device. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer network, comprising one or more network devices wherein at least one of said network devices, comprises:
-
means for evaluating attack notification information received from another device on the network;
means for selecting an automatic client response to reduce or eliminate the device'"'"'s vulnerability to the attack; and
means for executing the selected automatic response. - View Dependent Claims (21, 22, 24, 25, 26, 27, 28)
-
Specification