Domain mapping method and system

US 6,415,321 B1
Filed: 12/29/1998
Issued: 07/02/2002
Est. Priority Date: 12/29/1998
Status: Expired due to Term

First Claim

Patent Images

1. A system for mapping a network domain, the system comprising:

plural network devices interfaced with the network, each network device having network information; and

a domain mapping device interfaced with the network, the domain mapping device operable to;

receive and store the network information from one or more network devices, provide the network information to an intrusion detection system upon receiving a query, analyze the stored network information, generate a network map based on the analysis and the stored network information, determine a potential vulnerability based on the analysis, and configure the intrusion detection system based on the network map and the potential vulnerability.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for mapping a network domain provides a centralized repository for network information to support network devices, including an intrusion detection system. A domain mapping device includes an acquisition engine for acquiring network information, hypercube storage for storing network information, and a query engine for responding to queries from network devices for network information. The acquisition engine acquires network information by active scanning of network devices, passive scanning of network devices, polling of network devices, or receiving network information pushed from network devices. The network information includes device type, operating system, service and vulnerability information. The query engine provides network information in response to queries from network devices, such as intrusion detection devices that use the data to detect attacks on the vulnerabilities of the network.

254 Citations

20 Claims

1. A system for mapping a network domain, the system comprising:
- plural network devices interfaced with the network, each network device having network information; and
  
  a domain mapping device interfaced with the network, the domain mapping device operable to;
  
  receive and store the network information from one or more network devices, provide the network information to an intrusion detection system upon receiving a query, analyze the stored network information, generate a network map based on the analysis and the stored network information, determine a potential vulnerability based on the analysis, and configure the intrusion detection system based on the network map and the potential vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein the domain mapping device further comprises an acquisition engine operable to acquire network information.
  - 3. The system of claim 2 wherein the acquisition engine acquires network information with active capture of the network information from one or more network devices.
  - 4. The system of claim 2 wherein the acquisition engine acquires network information with passive capture of the network information from one or more network devices.
  - 5. The system of claim 2 wherein the acquisition engine polls the one or more network devices to acquire network information from the one or more network devices.
  - 6. The system of claim 2 wherein the acquisition engine receives network information pushed from one or more network devices.
  - 7. The system of claim 1 wherein the network information comprises vulnerabilities of the one or more network devices.
  - 8. The system of claim 7 wherein the network information further comprises device type, services and operating system information of the one or more network devices.
  - 9. The system of claim 1 wherein the domain mapping device further comprises hypercube storage operable to store network information.
  - 10. The system of claim 1 wherein the domain mapping device further comprises a query engine operable to respond to queries from one or more network devices for network information.

11. A method for mapping a network domain comprising the steps of:
- acquiring network information for one or more network devices associated with the network domain;
  
  storing the network information;
  
  interfacing the stored network information with the network;
  
  querying the stored network information with an intrusion detection system;
  
  analyzing the stored network information;
  
  generating a network map based on the analysis and the stored network information;
  
  determining a potential vulnerability based on the analysis; and
  
  configuring the intrusion detection system based on the network map and the potential vulnerability.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11 wherein the acquiring step comprises active capture of network information from one or more of the network devices.
  - 13. The method of claim 11 wherein the acquiring step comprises passive capture of network information from one or more of the network devices.
  - 14. The method of claim 11 wherein the acquiring step comprises polling network devices for network information.
  - 15. The method of claim 11 wherein the acquiring step comprises pushing network information from one or more network devices for storage on a centralized repository.
  - 16. The method of claim 11 wherein the network information comprises identification of one or more services associated with one or more of the network devices.
  - 17. The method of claim 11 wherein the network information comprises identification of one or more operating systems associated with one or more of the network devices.
  - 18. The method of claim 11 wherein the network information comprises identification of the device type of one or more network devices.
  - 19. The method of claim 11 wherein the network information comprises vulnerabilities of one or more of the network devices.
  - 20. The method according to claim 11 wherein the storing step comprises hypercube storage of the network information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Systems, Inc.
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Waddell, Scott V., Lathem, Gerald S, Gleichauf, Robert E.
Primary Examiner(s)
Harrell, Robert B.

Application Number

US09/223,072
Time in Patent Office

1,281 Days
Field of Search

709/200, 709/220, 709/223, 709/224, 709/225, 709/226
US Class Current

709/224
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 63/0263   Rule management

H04L 63/1433   Vulnerability analysis

Domain mapping method and system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

254 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Domain mapping method and system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

254 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others