SYSTEMS AND METHODS FOR AUTOMATED DETERMINATION OF NETWORK DEVICE TRANSITING DATA ATTRIBUTES

US 20200136954A1
Filed: 12/31/2019
Published: 04/30/2020
Est. Priority Date: 09/19/2016
Status: Active Grant

First Claim

Patent Images

1. A system for determining network device transiting data attributes, the system comprising:

one or more processors; and

memory storing instructions that, when executed, cause the one or more processors to;

run a first script on a first port of a network, wherein the first script returns one or more parameters for the first port;

run a second script on second port of the network, wherein the second script returns one or more parameters for the second port;

parse the returned one or more parameters for the first port and the returned one or more parameters for the second port to designate one or more identified ports for additional analysis; and

produce a report for the one or more identified ports indicating a first variance in an established control mechanism of the network, the first variance identifying where the established control mechanism is predicted to fail.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for determining network device transiting data attributes includes one or more memory devices storing instructions, and one or more processors configured to execute the instructions to run a first script on all static ports of a network and run a second script on all known ports of the network. The system may parse the parameters returned from the first and second scripts to identify one or more identified ports of the known ports. The system may run a third script on the one or more identified ports to force one or more denials at the identified ports. Based on the one or more denials, the system may determine network device transiting data attributes including but not limited to allowed protocols and directionality for each of the one or more identified ports.

0 Citations

20 Claims

1. A system for determining network device transiting data attributes, the system comprising:
- one or more processors; and
  
  memory storing instructions that, when executed, cause the one or more processors to;
  
  run a first script on a first port of a network, wherein the first script returns one or more parameters for the first port;
  
  run a second script on second port of the network, wherein the second script returns one or more parameters for the second port;
  
  parse the returned one or more parameters for the first port and the returned one or more parameters for the second port to designate one or more identified ports for additional analysis; and
  
  produce a report for the one or more identified ports indicating a first variance in an established control mechanism of the network, the first variance identifying where the established control mechanism is predicted to fail.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the instructions further cause the one or more processors to:
    - identify one or more shadow assets by comparing differences between the returned one or more parameters for the first port and the returned one or more parameters for the second port.
  - 3. The system of claim 2, wherein the one or more shadow assets comprise one or more inactive shadow assets.
  - 4. The system of claim 1, wherein the instructions further cause the one or more processors to:
    - identify one or more network anti-patterns by comparing of a first output from running the first script and a second output from running the second script.
  - 5. The system of claim 1, wherein:
    - the report is a target/hit view report,the report further indicates a second variance in the established control mechanism,the second variance indicating where the established control mechanism has failed, and the established control mechanism comprises one or more of a policy or a rule of the network.
  - 6. The system of claim 1, wherein the first script on the first port returns a path and a destination address for the first port of the network, and wherein the first port is one or more static port and the second port is one or more known port.
  - 7. The system of claim 1, wherein the first port comprises a network destination and firewall location of the network.
  - 8. The system of claim 1, wherein the second script on the second port returns a path and a destination address for the second port of the network and identifies a temporarily allowed session for the second port.
  - 9. The system of claim 1, wherein the first port of the network comprises one or more of known active, virtual, and non-active ports of the network.
  - 10. The system of claim 1, wherein the parameters returned by the first script and the second script comprises an allowed state of a first port, a protocol, a input interface, a source protocol, a source mask, a source port, a output interface, a destination protocol, a destination mask, a destination port, or combinations thereof.
  - 11. The system of claim 1, wherein a first identified port of the one or more identified ports is designated based on a protocol and a device type to target one or more of network ports and one or more network appliances.
  - 12. The system of claim 11, wherein the instructions further cause the one or more processors to:
    - capture the data attributes and directionality for the first identified port; and
      
      generate a database comprising at least a portion of the data attributes and the directionality for the first identified port.
  - 13. The system of claim 1, wherein the instructions further cause the one or more processors to:
    - schedule run time for the first script and run rime for the second script for timed targeting.

14. A method for network testing, comprising:
- running, via a computing device of a network, a first script on a first port of the network to return one or more parameters for the first port;
  
  running, via the computing device, a second script on a second port to return one or more parameters for the second port;
  
  parsing, via the computing device, the returned one or more parameters for the first port and the returned one or more parameters for the second port to designate at least a first identified port of one or more identified ports; and
  
  determining, via the computing device, one or more variances that indicate that an established control mechanism of the network has failed or is predicted to fail for at least the first port.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising:
    - identifying one or more shadow assets operating in the network based on the one or more variances and by comparing differences between the returned parameters for the first ports and the returned parameters for the second ports.
  - 16. The method of claim 15, wherein the one or more shadow assets comprise one or more inactive shadow assets.
  - 17. The method of claim 14, wherein at least the first identified port of the one or more identified ports is designated based on a protocol and a device type to target one or more of network ports and one or more network appliances.
  - 18. The method of claim 17, further comprising:
    - capturing data attributes and directionality for at least the first identified port; and
      
      generating a database comprising at least a portion of the data attributes and the directionality for the first identified port.
  - 19. The method of claim 14, further comprising identifying one or more network anti-patterns by comparing of a first output from running the first script and a second output from running the second script.
  - 20. The method of claim 14, wherein the established control mechanism comprises one or more of a policy or a rule of the network, and wherein the first port is one or more static ports and the second port is one or more known ports.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Barnum, Eric, Banks, Terence

Granted Patent

US 10,965,580 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 43/18   Protocol analysers

H04L 43/50   Testing arrangements

H04L 63/0236   Filtering by address, proto...

H04L 69/24   Negotiation of communicatio...

SYSTEMS AND METHODS FOR AUTOMATED DETERMINATION OF NETWORK DEVICE TRANSITING DATA ATTRIBUTES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

0 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR AUTOMATED DETERMINATION OF NETWORK DEVICE TRANSITING DATA ATTRIBUTES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links