System and method for generating machine auditable network policies

US 20050010819A1
Filed: 02/13/2004
Published: 01/13/2005
Est. Priority Date: 02/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method for generating and applying a network policy in a network auditing system, the method comprising:

maintaining in a data store, a natural language policy document for the network policy and one or more machine-processable policy rules;

associating at least a portion of the natural language policy document to at least one of the machine-processable policy rules;

applying the at least one of the machine-processable policy rules to information gathered about the network; and

determining, based on the application, compliance with the network policy.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A prevention-based network auditing system includes a central compliance server storing both natural language policy documents and machine-processable policy rules in an audit repository. The compliance server provides a client-side user interface allowing a user to easily generate a machine-auditable policy by selecting/generating a natural language policy source document, and linking the applicable machine-processable policy rules to the applicable portions of the source document. The selected machine-processable policy rules are then applied to information gathered about the network during a scheduled network audit session for efficiently and systematically determining whether policy violations and/or vulnerabilities exist.

201 Citations

17 Claims

1. A method for generating and applying a network policy in a network auditing system, the method comprising:
- maintaining in a data store, a natural language policy document for the network policy and one or more machine-processable policy rules;
  
  associating at least a portion of the natural language policy document to at least one of the machine-processable policy rules;
  
  applying the at least one of the machine-processable policy rules to information gathered about the network; and
  
  determining, based on the application, compliance with the network policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 16, 17)
- - 2. The method of claim 1 further comprising making a recommendation for modifying a network feature based on the compliance with the network policy.
  - 3. The method of claim 2, wherein the recommendation is associated with a change to the network policy.
  - 4. The method of claim 3, wherein the recommendation is adding a rule to the network policy.
  - 5. The method of claim 1, wherein the at least one of the machine-processable policy rules is uniformly applied to the gathered information without regard to an information source type.
  - 6. The method of claim 1 further comprising:
    - receiving a user selection of a first portion of the natural language policy document;
      
      receiving a user selection of a first policy rule from a list of machine-processable policy rules;
      
      receiving a user selection of a second portion of the natural language policy document;
      
      receiving a user selection of a second policy rule from a list of machine-processable policy rules; and
      
      associating the first portion of the natural language policy document to the first policy rule, and the second portion of the natural language policy document to the second policy rule.
  - 7. The method of claim 1 further comprising:
    - receiving a user selection of the network policy;
      
      associating the selected network policy to a network audit; and
      
      automatically applying the at least one of the machine-processable policy rules to information gathered about the network during the network audit.
  - 8. The method of claim 1, wherein the machine-processable policy rule is associated with a severity meter for violating the rule.
  - 9. The method of claim 1, wherein the information gathered about the network is historic audit information, and the method further comprises modeling an effect of applying the network policy on the network based on the historic audit information.
  - 14. The server of claim 9 further comprising means for uniformly applying the at least one of the machine-processable policy rules to the gathered information without regard to an information source type.
  - 15. The server of claim 9, wherein the client-side user interface further comprises:
    - means for receiving a user selection of a first portion of the natural language policy document;
      
      means for receiving a user selection of a first policy rule from a list of machine-processable policy rules;
      
      means for receiving a user selection of a second portion of the natural language policy document;
      
      means for receiving a user selection of a second policy rule from a list of machine-processable policy rules; and
      
      means for associating the first portion of the natural language policy document to the first policy rule, and the second portion of the natural language policy document to the second policy rule.
  - 16. The server of claim 9 further comprising:
    - means for receiving a user selection of the network policy;
      
      means for associating the selected network policy to a network audit; and
      
      means for automatically applying the at least one of the machine-processable policy rules to information gathered about the network during the network audit.
  - 17. The server of claim 9, wherein the information gathered about the network is historic audit information, and the server comprises means for modeling an effect of applying the network policy on the network based on the historic audit information.

10. A server in a network auditing system, the server comprising:
- a data store storing a natural language policy document for the network policy and one or more machine-processable policy rules;
  
  a client-side user interface coupled to the data store, the user interface allowing a user to associate at least a portion of the natural language policy document to at least one of the machine-processable policy rules;
  
  means for applying the at least one of the machine-processable policy rules to information gathered about the network; and
  
  means for determining, based on the application, compliance with the network policy.
- View Dependent Claims (11, 13)
- - 11. The server of claim 10 further comprising means for making a recommendation for modifying a network feature based on the compliance with the network policy.
  - 13. The server of claim 11, wherein the recommendation is adding a rule to the network policy.

12. The server of claim 12, wherein the recommendation is associated with a change to the network policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
Preventsys, Inc. (McAfee, LLC)
Inventors
Costello, Brian, Payne, John, Pelly, John, Ritter, Stephen J., Rutherford, M. Celeste, Ravenel, John Patrick, Williams, John Leslie, Nakawatase, Ryan Tadashi

Granted Patent

US 7,536,456 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0856   by backing up or archiving ...

H04L 41/0859   by keeping history of diffe...

H04L 43/00   Arrangements for monitoring...

H04L 43/045   for graphical visualisation...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

System and method for generating machine auditable network policies

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

201 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for generating machine auditable network policies

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

201 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links