Network system having external/internal audit system for computer security

US 5,931,946 A
Filed: 02/06/1997
Issued: 08/03/1999
Est. Priority Date: 02/08/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A network system having a network, comprising:

at least one repeating unit connected to said network;

at least one computer connected to said network through said at least one repeating unit; and

a management unit connected to said network,wherein said management unit has distribution means for distributing an external audit program, by which said repeating unit audits vulnerability of said computer, from said management unit to said repeating unit through said network, andsaid repeating unit has audit control means for executing external audit processing with respect to vulnerability of said computer in accordance with the external audit program which has been distributed from said management unit to determine whether or not said computer has the vulnerability, and separating means for logically separating said computer having been determined to have the vulnerability from said network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network system includes: a plurality of repeating installations connected to the network; a plurality of computers connected to the network, each of the computers being connected to the network through a corresponding repeating installation; and a management unit connected to the network. The management unit includes distribution means for distributing at least one of an external audit program and an internal audit program for defining the processing procedure, by which the repeating installation audits vulnerability of at least one of the plurality of computers, from the management unit to the repeating installations through the network. The repeating installation includes audit control means for carrying out at least one of the external audit processing and the internal audit processing with respect to the vulnerability of the at least one computer in accordance with at least one of the external audit program and the internal audit program which have been distributed from the management unit to judge whether or not the at least one computer has the vulnerability.

214 Citations

22 Claims

1. A network system having a network, comprising:
- at least one repeating unit connected to said network;
  
  at least one computer connected to said network through said at least one repeating unit; and
  
  a management unit connected to said network,wherein said management unit has distribution means for distributing an external audit program, by which said repeating unit audits vulnerability of said computer, from said management unit to said repeating unit through said network, andsaid repeating unit has audit control means for executing external audit processing with respect to vulnerability of said computer in accordance with the external audit program which has been distributed from said management unit to determine whether or not said computer has the vulnerability, and separating means for logically separating said computer having been determined to have the vulnerability from said network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A network system according to claim 1, wherein said separating means, when the external audit processing executed by said audit control means determines that said computer has the vulnerability, stops repeating of communication to said computer which is transmitted on said network.
  - 3. A network system according to claim 1, wherein said repeating unit further includes means for sending, when the external audit processing executed by said audit control means determines that said computer has the vulnerability, information that said computer has the vulnerability to said management unit.
  - 4. A network system according to claim 3, wherein said repeating unit further includes means for stopping, when said management unit does not send a report indicating that measures have been taken for the vulnerability of said computer within a predetermined time period after having sent the information to said management unit, repeating of communication to said computer which is transmitted in said network.
  - 5. A network system according to claim 1, further comprising a log collector connected to said network,wherein said repeating unit further includes means for issuing an instruction instructing, when the external audit processing executed by said audit control means determines that said computer has the vulnerability, said log collector to start collection of logs to said computer which are transmitted on said network, andsaid log collector includes means for collecting, in response to the instruction issued from said repeating unit, the logs to said computer which are transmitted on said network.
  - 6. A network system according to claim 5, wherein said repeating unit further includes means for instructing, when said management unit sends a report indicating that measures have been taken for the vulnerability of said computer within a predetermined time period after having sent the information to said management unit, said log collector to stop collection of logs to said computer which are transmitted on said network, andsaid log collector includes means for stopping the collection of the logs to said computers which are transmitted on said network, in response to the instruction that the collection should be stopped, issued from said repeating unit.
  - 7. A network system according to claim 6, wherein the logs to said computer are stored in a log information packet which is transmitted on said network, andsaid log collector includes:
    - means for fetching all packets which are transmitted on said network, andmeans for collecting the logs within the log information packet in response to the instruction that the collection should be started which is issued from said repeating unit, when the packet thus fetched is in the log information packet.
  - 8. A network system according to claim 1, wherein the external audit program which is distributed from said management unit to said repeating unit has both a message to an application program of said computer as an object of the audit and a proper response of the application program responding to the message when said computer as an object of the audit has no vulnerability, andsaid audit control means of said repeating unit sends, in response to the external audit program which has been distributed from said management unit, a message to the application program of said computer, and compares a response of the application to the message from said computer with the proper response of the application program, thereby determining whether or not said computer has the vulnerability.
  - 9. A network system according to claim 1, wherein the vulnerability of said computer indicates a bug in an application program on said computer or that the setting information with respect to an application program of said computer, control information or data thereof is not proper.

10. A network system having a network, comprising:
- at least one repeating unit connected to said network;
  
  at least one computer connected to said network through said at least one repeating unit; and
  
  a management unit connected to said network,wherein said management unit includes distribution means for distributing an internal audit program, by which said computer itself audits the vulnerability of said computer, from said management unit to said computer through said network and said repeating installation,said computer includes means for executing internal audit processing with respect to the vulnerability of said computer in accordance with the internal audit program which has been distributed from said repeating unit, and informing said repeating unit of a result of the internal audit processing, andsaid repeating unit includes audit control means for determining, based on the result of the internal audit processing which has been informed from said computer, whether or not said computer has the vulnerability, and separating means for logically separating said computer having been determined to have the vulnerability from said network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. A network system according to claim 10, wherein said separating means, when the internal audit processing executed by said audit control means determines that said computer has the vulnerability, stops repeating of communication to said computer which is transmitted on said network.
  - 12. A network system according to claim 10, wherein said repeating unit further includes means for sending, when the external audit processing executed by said audit control means determines that said computer has the vulnerability, information that said computer has the vulnerability to said management unit.
  - 13. A network system according to claim 12, wherein said repeating unit further includes means for stopping, when said management unit has not sent a report indicating that measures have not been taken for the vulnerability of said computer within a predetermined time period after having sent the information to said management unit, repeating of communication to said computer which is transmitted in said network.
  - 14. A network system according to claim 10, further comprising a log collector connected to said network,wherein said repeating unit further includes means for issuing an instruction instructing, when the external audit processing executed by said audit control means determines that said computer has the vulnerability, said log collector to start collection of logs to said computer which are transmitted on said network, andsaid log collector includes means for collecting, in response to the instruction issued from said repeating unit, the logs to said computer which are transmitted on said network.
  - 15. A network system according to claim 14, wherein said repeating unit further includes means for instructing, when said management unit sends a report indicating that measures have been taken for the vulnerability of said computer within a predetermined time period after having sent the information to said management unit, said log collector to stop collection of logs to said computer which are transmitted on said network, andsaid log collector includes means for stopping the collection of the logs to said computers which are transmitted on said network, in response to the instruction that the collection should be stopped, issued from said repeating unit.
  - 16. A network system according to claim 15, wherein the logs to said computer are contained in a log information packet which has the logs and which is transmitted on said network, andsaid log collector includes:
    - means for fetching all packets which are transmitted on said network, andmeans for collecting the logs within the log information packet in response to the instruction that the collection should be started issued from said repeating unit, when the packet thus fetched is in the log information packet.
  - 17. A network system according to claim 10, wherein the internal audit program which is distributed from said management unit to said repeating installation has setting information, when said computer as an object of the audit has no vulnerability, in at least one of a program, control information and data of said computer as an object of the audit, andsaid audit control means of said repeating unit reads out, in response to the internal audit program which is distributed from said management unit, the setting information in at least one of the program, control information and data of said computer, from said computer and compares the setting information thus read out with the corresponding proper setting information which said internal audit program has determined whether or not said computer has the vulnerability.
  - 18. A network system according to claim 10, wherein the vulnerability of said computer indicates a bug in an application program on said computer or that the setting information with respect to an application program of said computer, control information or data thereof is not proper.

19. A network system having a network, comprising:
- a plurality of repeating units connected to said network for carrying out repeating of communication on said network;
  
  a plurality of computers connected to said network, each of said computers being connected to said network through only a corresponding one of said plurality of repeating units; and
  
  a management unit connected to said network,wherein said management unit includes distribution means for distributing at least one of an external audit program and an internal audit program, by which said repeating installation audits vulnerability of at least one of said plurality of computers, from said management unit to said repeating units through said network, andsaid repeating units include audit control means for carrying out at least one of the external audit processing and the internal audit processing with respect to the vulnerability of said at least one of said plurality of computers in accordance with at least one of the external audit program and the internal audit program which have been distributed from said management unit to determine whether or not said at least one computer has the vulnerability, and separating means for logically separating said computer having been determined to have the vulnerability from said network.
- View Dependent Claims (20, 21, 22)
- - 20. A network system according to claim 19, wherein said separating means, when the external audit processing or the internal audit processing executed by said audit control means determines that said at least one of said plurality of computers has the vulnerability, stops repeating of communication to said computer which is transmitted on said network.
  - 21. A network system according to claim 19, further comprising a log collector connected to said network,wherein said repeating unit further includes means for issuing an instruction instructing, when the internal audit processing or the external audit processing executed by said audit control means determines that said at least one of said plurality of coputers has the vulnerability, said log collector to start collection of logs to said at least one of said plurality of computers which are transmitted on said network, andsaid log collector includes means for collecting, in response to the instruction issued from said repeating instruction, the logs to said at least one computer which are transmitted on said network.
  - 22. A network system according to claim 19, wherein the vulnerability of said computer indicates a bug in an application program on said computer or that the setting information with respect to an application program of said computer, control information or data thereof is not proper.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Yoshida, Kenichi, Kayashima, Makoto, Terada, Masato
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Elmore, Stephen C.

Application Number

US08/796,567
Time in Patent Office

908 Days
Field of Search

395/187.01, 395/186, 395/180, 395/200.11, 395/200.54, 364/184, 364/222.5, 364/264, 364/267.4, 364/550, 364/286.4, 713/200, 713/201, 714/1, 709/224
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

Network system having external/internal audit system for computer security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

214 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Network system having external/internal audit system for computer security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

214 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links