Method and system for updating anti-intrusion software
First Claim
1. A computer program product embodied on a computer readable medium that provides modified attack pattern information to an anti-intrusion monitor server on a computer network having anti-intrusion software, comprising:
- computer code that installs the modified attack pattern information onto a central anti-intrusion server;
computer code that transfers the modified attack pattern information from said central anti-intrusion server to a push administration computer connected to the Internet, said push administration computer being capable of transmitting attack pattern information to the anti-intrusion monitor server using push technology, said push administration computer also being capable of transmitting information other than attack pattern information to the anti-intrusion monitor server; and
computer code that transfers the modified attack pattern information from said push administration computer to the anti-intrusion monitor server over the Internet using push technology.
10 Assignments
0 Petitions
Accused Products
Abstract
A method and system for updating anti-intrusion software is provided. In a preferred embodiment, a computer program product updates anti-intrusion software on a computer network which has an anti-intrusion monitor server. The anti-intrusion monitor server recognizes attacks on the computer network in accordance with attack pattern information contained in the anti-intrusion software. The computer program product includes computer code that installs modified attack pattern information onto a central anti-intrusion server, and computer code that transfers the modified attack pattern information from the central anti-intrusion server to the anti-intrusion monitor server using push technology. The result is that newly discovered attack patterns are capable of being rapidly communicated from the central anti-intrusion server to the computer network.
285 Citations
28 Claims
-
1. A computer program product embodied on a computer readable medium that provides modified attack pattern information to an anti-intrusion monitor server on a computer network having anti-intrusion software, comprising:
-
computer code that installs the modified attack pattern information onto a central anti-intrusion server;
computer code that transfers the modified attack pattern information from said central anti-intrusion server to a push administration computer connected to the Internet, said push administration computer being capable of transmitting attack pattern information to the anti-intrusion monitor server using push technology, said push administration computer also being capable of transmitting information other than attack pattern information to the anti-intrusion monitor server; and
computer code that transfers the modified attack pattern information from said push administration computer to the anti-intrusion monitor server over the Internet using push technology. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
wherein only modified attack pattern information not shown in said attack pattern update database as having been transferred to the anti-intrusion monitor server is transferred from said push administration computer to the anti-intrusion monitor server over the Internet using push technology.
-
-
3. The computer program product of claim 1, further comprising:
-
computer code that transmits a first signal from the anti-intrusion monitor server to said push administration computer, said first signal including information identifying the anti-intrusion monitor server;
computer code that transmits a first query from said push administration computer to said central anti-intrusion server, said first query requesting an identity of modified attack pattern information appropriate for the anti-intrusion monitor server; and
computer code that transmits a first response from said central anti-intrusion server to said push administration computer identifying said appropriate modified attack pattern information;
wherein only said appropriate modified attack pattern information is transferred from said push administration computer to the anti-intrusion monitor server over the Internet using push technology.
-
-
4. The computer program product of claim 1, further comprising computer code that installs push agent software onto the anti-intrusion monitor server, said push agent software being capable of instructing the anti-intrusion monitor server to communicate over the Internet with said central anti-intrusion server when the anti-intrusion monitor server is connected to the Internet, said push agent software being capable of instructing the anti-intrusion monitor server to receive said modified attack pattern information from said central anti-intrusion server.
-
5. The computer program product of claim 4, further comprising computer code that establishes a connection between the anti-intrusion monitor server and the Internet, wherein said push agent software receives said modified attack pattern information in a background procedure which is substantially transparent to a system administrator of the computer network.
-
6. The computer program product of claim 5, wherein said modified attack pattern information is a self-extracting archive file, and wherein said push agent software is capable of executing said modified attack pattern information automatically upon receipt, whereby no affirmative user commands are required during a time period between said establishment of said Internet connection and a completed installation of said modified attack pattern information.
-
7. The computer program product of claim 6, further comprising computer code that notifies said system administrator that said installation of said modified attack pattern information is complete.
-
8. The computer program product of claim 6, wherein said modified attack pattern information includes a digital signature, and wherein said push agent software is capable of recognizing said digital signature as originating from said central anti-intrusion server, whereby said push agent software executes said modified attack pattern information automatically upon receipt if said push agent software verifies said digital signature as originating from said central anti-intrusion server.
-
9. The computer program product of claim 8, wherein said push agent software is capable of recognizing said digital signature as not originating from said central anti-intrusion server, and whereby said push agent software does not execute said modified attack pattern information automatically upon receipt if said push agent software verifies said digital signature as not originating from said central anti-intrusion server.
-
10. The computer program product of claim 1, further comprising computer code that establishes a news-based subscriber channel between said push administration computer and the anti-intrusion monitor server, thereby increasing the likelihood that the user will establish an anti-intrusion modification channel between said push administration computer and the anti-intrusion monitor server.
-
11. A computer program product embodied on a computer readable medium that provides modified attack pattern information to at least one network having a plurality of anti-intrusion monitor servers, the anti-intrusion monitor servers including a management anti-intrusion monitor server capable of remote management of other anti-intrusion monitor servers in accordance with predetermined management parameters, comprising:
-
computer code that installs the modified attack pattern information onto a central anti-intrusion server;
computer code that transfers the modified attack pattern information from said central anti-intrusion server to the management anti-intrusion monitor server using push technology; and
computer code that remotely installs the modified attack pattern information from the management anti-intrusion monitor server to other anti-intrusion monitor servers in accordance with the predetermined management parameters. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computer program product embodied on a computer readable medium that provides modified attack pattern information to one or more local area networks having corresponding local anti-intrusion monitor servers associated therewith, the local area networks being connected to a common network, the common network having a common anti-intrusion monitor server, the local anti-intrusion monitor servers configured to recognize intrusion attacks on the local area networks, the common anti-intrusion monitor server configured to recognize intrusion attacks on the common network, comprising:
-
computer code that installs the modified attack pattern information onto a central anti-intrusion server;
computer code that transfers the modified attack pattern information from said central anti-intrusion server to the common anti-intrusion monitor server using push technology; and
computer code that executes an installation script at said common anti-intrusion monitor server for installing modified attack pattern information on the local anti-intrusion monitor servers across the common network;
wherein the common anti-intrusion monitor server is configured to recognize a first set of intrusion attacks on the common network, said first set of intrusion attacks being selected according to the risk of occurrence at the common network level. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A computer program product embodied on a computer readable medium that modifies anti-intrusion software on a computer network having an anti-intrusion monitor server, the anti-intrusion monitor server for recognizing attacks on the computer network in accordance with attack pattern information contained in the anti-intrusion software, comprising:
-
computer code that installs modified attack pattern information onto a central anti-intrusion server; and
computer code that transfers said modified attack pattern information from said central anti-intrusion server to the anti-intrusion monitor server using push technology;
whereby newly discovered attack patterns are capable of being rapidly communicated from said central anti-intrusion server to the computer network;
computer code that installs push agent software onto the anti-intrusion monitor server, said push agent software being capable of instructing the anti-intrusion monitor server to communicate over the Internet with said central anti-intrusion server when the anti-intrusion monitor server is connected to the Internet, said push agent software being capable of instructing the anti-intrusion monitor server to receive said modified attack pattern information from said central anti-intrusion server;
computer code that establishes a connection between the anti-intrusion monitor server and the Internet, wherein said push agent software receives said modified attack pattern information in a background procedure which is substantially transparent to a system administrator of the computer network;
wherein said modified attack pattern information is a self-extracting archive file, and wherein said push agent software is capable of executing said modified attack pattern information automatically upon receipt, whereby no affirmative user commands are required during a time period between said establishment of said Internet connection and a completed installation of said modified attack pattern information;
computer code that notifies said system administrator that said installation of said modified attack pattern information is complete;
wherein said modified attack pattern information includes a digital signature, and wherein said push agent software is capable of recognizing said digital signature as originating from said central anti-intrusion server, whereby said push agent software executes said modified attack pattern information automatically upon receipt if said push agent software verifies said digital signature as originating from said central anti-intrusion server. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. A computer program product embodied on a computer readable medium that provides modified attack pattern information to one or more local area networks having corresponding local anti-intrusion monitor servers associated therewith, the local area networks being connected to a common network, the common network having a common anti-intrusion monitor server, the local anti-intrusion monitor servers configured to recognize intrusion attacks on the local area networks, the common anti-intrusion monitor server configured to recognize intrusion attacks on the common network, comprising:
-
computer code that installs the modified attack pattern information onto a central anti-intrusion server;
computer code that transfers the modified attack pattern information from said central anti-intrusion server to the common anti-intrusion monitor server using push technology;
computer code that executes an installation script at said common anti-intrusion monitor server for installing modified attack pattern information on the local anti-intrusion monitor servers across the common network;
computer code that transfers the modified attack pattern information from said central anti-intrusion server to a push administration computer connected to the Internet, said push administration computer being capable of transmitting attack pattern information to the common anti-intrusion monitor server using push technology, said push administration computer also being adapted for transmitting non-attack pattern information to the common anti-intrusion monitor server; and
computer code that transfers the modified attack pattern information from said push administration computer to the common anti-intrusion monitor server over the Internet using push technology.
-
Specification