Automatic Client Responses To Worm Or Hacker Attacks
0 Assignments
0 Petitions
Accused Products
Abstract
A system in which a networked device automatically evaluates hacker attack notification information and, based thereon, selects and executes responses to the attack. The notification may include information such as the address of the infected system, identification of the specific worm, and a list of vulnerable applications and operating systems. The evaluation is based on factors including criticality and vulnerability of applications running on the system and connectivity of the device. A variety of automatic responses can be selected, including notification of network administration, shutdown of the device or services running on the device, updating and activation of anti-virus software, and selective handling of data sent from the address of the suspect network device. The selection of responses can occur automatically based on rules input during setup or by intervention of network administration.
-
Citations
28 Claims
-
1-11. -11. (canceled)
-
12. A computer program stored on a storage medium for storing computer executable management agent program code, capable of invoking an automatic client response to worm and hacker attacks within a local area network, comprising:
-
program code means for evaluating a notification of a worm or hacker attack, wherein the code means for evaluating the notification is based at least in part b factors selected from the group of; a criticality of the applications running on the evaluating device; vulnerability of the applications running on the individual device to a given type of attack; connectivity of the device to the network and other individual devices; and the operating system of the individual network device; program code means for selecting an automatic client response to reduce the vulnerability of the network device to the worm or hacker attack, wherein the code means for selecting one or more automatic client responses include program code means selected from; program code means for notifying of network administration; program code means for immediately shutting down said device; program code means for staged shutdown of said device; program code means for shutdown of selected services running on said device; program code means for updating anti-virus software on said device; program code means for activation of anti-virus software; and program code means for selective handling of data sent from an address of a network device identified as compromised; code means for selective handling of data sent from an address of the network device identified as compromised includes code means selected from; code means for removing data sent from the address of the device identified as compromised; code means for quarantining data sent from the address of the device identified as compromised; and code means for filtering data sent from the address of the device identified as compromised; and program code means for executing selected automatic responses by the network device. - View Dependent Claims (13, 17, 19)
-
-
14. (canceled)
- 15. (canceled)
-
18. (canceled)
-
20. A computer network, comprising one or more network devices wherein at least one of said network devices, comprises:
-
means for evaluating attack notification information received from another device on the network, wherein the network device evaluates the notification based at least in part on factors selected from; a criticality of the applications running on the evaluating device; vulnerability of the applications running on the individual device to a given type of attack; connectivity of the device to the network and other individual devices; and the operating system of the individual network device; means for selecting an automatic client response to reduce or eliminate the device'"'"'s vulnerability to the attack, wherein the automatic responses selected by the network device comprise actions selected from the group comprising; notifying network administration; immediately shutting down said device; stated shutdown of said device; shutdown of selected services running on said device; updating of anti-virus software; activation of anti-virus software; and selective handling of data sent from an address associated with the network device identified as compromised; selective handling by the network device of data sent from the address of the network device identified as compromised is an action selected from a list comprised of; removing data sent from the address of the device identified as compromised; quarantining data sent from the address of the device identified as compromised; and filtering data sent from the address of the device identified as compromised; and means for executing the selected automatic response. - View Dependent Claims (21, 25, 26, 27)
-
-
22. (canceled)
-
24. (canceled)
-
28. (canceled)
Specification