METHOD AND PROCEDURE TO AUTOMATICALLY DETECT ROUTER SECURITY CONFIGURATION CHANGES AND OPTIONALLY APPLY CORRECTIONS BASED ON A TARGET CONFIGURATION
First Claim
Patent Images
1. A method of maintaining router security configuration files, comprising:
- generating a target-delta file having commands needed to make identified data blocks of a baseline file functionally equivalent to corresponding data blocks of a target file, wherein said identified data blocks are functionally different from said corresponding data blocks of said target file; and
changing a router security configuration field file by applying said target-delta file thereto.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for maintaining router security configuration files, a method for detecting unauthorized changes to router security configurations and a network controller. In one embodiment, the method for maintaining includes: (1) generating a target-delta file having commands needed to make identified data blocks of a baseline file functionally equivalent to corresponding data blocks of a target file, wherein the identified data blocks are functionally different from the corresponding data blocks of the target file and (2) changing a router security configuration field file by applying the target-delta file thereto.
19 Citations
21 Claims
-
1. A method of maintaining router security configuration files, comprising:
-
generating a target-delta file having commands needed to make identified data blocks of a baseline file functionally equivalent to corresponding data blocks of a target file, wherein said identified data blocks are functionally different from said corresponding data blocks of said target file; and changing a router security configuration field file by applying said target-delta file thereto. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. For use in a network having routers, a method of detecting unauthorized changes to router security configurations, comprising:
-
(a) generating a delta file having identified data blocks of a router security configuration field file, wherein said identified data blocks of said field file are functionally different from corresponding data blocks of a router security configuration baseline file; and (b) generating an alarm based on said identified data blocks in said delta file. - View Dependent Claims (15, 16, 17)
-
-
18. A network controller, comprising:
a configuration guardian, including; an intelligent delta tool operable to compare data blocks of a field configuration file with corresponding data blocks of a target configuration file and generate a target-delta file that represents functional differences between said data blocks; and a configuration monitor operable to modify said field configuration file based on said target-delta file to make said field configuration file functionally equivalent to said target configuration file. - View Dependent Claims (19, 20, 21)
Specification