Distributed network monitoring system and method

US 7,370,356 B1
Filed: 01/22/2003
Issued: 05/06/2008
Est. Priority Date: 01/23/2002
Status: Active Grant

First Claim

Patent Images

1. In a computer network having a server and a plurality of network devices connected to the server, a method for protecting the computer network against unauthorized access, the method comprising:

providing each authorized device authorized to use the network with an agent configured to report information including;

1) self reported address information about the device to which the agent corresponds;

2) a unique agent identifier (AID) which identifies the device to which the agent corresponds; and

3) neighboring device address information about all neighboring devices connected to a same switch as the device to which the agent corresponds;

reporting the information to a security program on the server; and

correlating with the security program the reported information to determine if any unauthorized network devices are connected to the network comprising;

compiling from the self reported address information reported by the agents a first list containing “

self reported”

addresses;

compiling from the neighboring device address information reported by the agents a second list containing “

neighboring”

device addresses; and

comparing the first list to the second list to determine if there are any discrepancies between the two lists, wherein in the event of a discrepancy, an alert is triggered.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for protecting the computer network against unauthorized access are disclosed. Information is reported about each network device connected to the network and/or one or more corresponding users. The reported information is correlated to determine if any unauthorized devices are connected to the network. To report the desired information, each device authorized to use the network may be provided with an agent configured to report information about the device to which it corresponds and information about one or more neighboring devices. A “reporting your neighbor” method may be used wherein each network device report its address and the address of its neighbors may be used to determine if any device is not reporting its address. Alternatively, each agent may report information about its device'"'"'s physical location, e.g., by global positioning satellite (GPS). A door badge system may be used to provide user location information.

111 Citations

View as Search Results

24 Claims

1. In a computer network having a server and a plurality of network devices connected to the server, a method for protecting the computer network against unauthorized access, the method comprising:
- providing each authorized device authorized to use the network with an agent configured to report information including;
  
  1) self reported address information about the device to which the agent corresponds;
  
  2) a unique agent identifier (AID) which identifies the device to which the agent corresponds; and
  
  3) neighboring device address information about all neighboring devices connected to a same switch as the device to which the agent corresponds;
  
  reporting the information to a security program on the server; and
  
  correlating with the security program the reported information to determine if any unauthorized network devices are connected to the network comprising;
  
  compiling from the self reported address information reported by the agents a first list containing “
  
  self reported”
  
  addresses;
  
  compiling from the neighboring device address information reported by the agents a second list containing “
  
  neighboring”
  
  device addresses; and
  
  comparing the first list to the second list to determine if there are any discrepancies between the two lists, wherein in the event of a discrepancy, an alert is triggered.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1 wherein the information further includes one or more of the following:
    - information about a physical location of one or more devices, or information about a physical location of one or more users associated with one or more particular devices.
  - 3. The method of claim 2, further comprising triggering an alert if the correlated information indicates that one or more unauthorized devices are connected to the network.
  - 4. The method of claim 1 wherein the information includes one or more IP addresses and one or more MAC addresses, one or more IP addresses, or one or more MAC addresses.
  - 5. The method of claim 1 wherein each agent reports information about a physical location of the device corresponding to that agent.
  - 6. The method of claim 5, wherein the information about the physical location includes global positioning satellite (GPS) information.
  - 7. The method of claim 5, further comprising obtaining information about a location of a user associated with the device corresponding to the agent.
  - 8. The method of claim 7, wherein information about the location of the user includes the use of a door badge and door badger reader, wherein the door badge reader is connected to the network.
  - 9. The method of claim 1 wherein each agent provides one or more biometric identifiers associated with a person using the particular device associated with the corresponding agent.
  - 10. The method of claim 9 further comprising correlating the one or more biometric identifiers provided by the agent with one or more stored biometric identifiers associated with one or more known authorized users of the particular device associated with that agent to determine whether the person using the particular device is an authorized user.
  - 11. The method of claim 9 wherein the one or more biometric identifiers include fingerprints, retinal scans, or images of the corresponding user'"'"'s face.
  - 12. The method of claim 1 wherein the comparing the first list to the second list comprises determining that an address of a device is on the second list but not on the first list.
  - 13. The method of claim 1 wherein, upon determining that an address of a device is on the second list but not on the first list, there is a discrepancy between the first list and the second list.
  - 14. The method of claim 1 wherein, upon determining that a MAC and IP address combination is invalid, there is a discrepancy between the first list and the second list.
  - 15. The method of claim 1 wherein, upon determining that two different devices have the same MAC address, the same IP address, or the same MAC address and IP address, there is a discrepancy between the first list and the second list.
  - 16. The method of claim 1 wherein upon determining that a MAC address, IP address, and unique agent identifier (AID) combination is invalid, an alert is triggered.

17. In a computer network having a server and a plurality of network devices connected to the server, a system for protecting the computer network against unauthorized access, the system comprising:
- means for reporting information comprising an agent provided to each authorized device authorized to use the network configured to report information about the corresponding device including;
  
  1) self reported address information about the device to which the agent corresponds;
  
  2) a unique agent identifier (AID) which identifies the device to which the agent corresponds; and
  
  3) neighboring device address information about all neighboring devices connected to a same switch as the device to which the agent corresponds;
  
  means for correlating the information to determine if any unauthorized devices are connected to the network, wherein the means for correlating information is configured to;
  
  compile from the self reported address information reported by the agents a first list containing “
  
  self reported”
  
  addresses;
  
  compile from the neighboring device address information reported by the agents a second list containing “
  
  neighboring”
  
  device addresses; and
  
  compare the first list to the second list to determine if there are any discrepancies between the two lists, wherein in the event of discrepancy, an alert is triggered.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17 wherein the information further includes one or more of the following:
    - information about a physical location of one or more devices, or information about a physical location of one or more users associated with one or more particular devices.
  - 19. The system of claim 17 wherein each agent is configured to report information about a physical location of the device corresponding to that agent.
  - 20. The system of claim 19 wherein the information about the physical location includes global positioning satellite (GPS).
  - 21. The system of claim 19, wherein the means for reporting information includes one or more door badge readers, wherein the door badge reader is connected to the network.
  - 22. The system of claim 17 wherein each agent is configured to provide one or more biometric identifiers associated with a person using the particular device associated with that agent.
  - 23. The system of claim 22 wherein the one or more biometric identifiers include fingerprints, retinal scans, or images of the corresponding user'"'"'s face.
  - 24. The system of claim 23 wherein the means for correlating the information or the agent is configured to compare the biometric identifier associated with the person using the particular device with one or more stored biometric identifiers associated with the known authorized users of the particular device to determine whether the person using the particular device is an authorized user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Guo, Yi
Primary Examiner(s)
GERGISO, TECHANE

Application Number

US10/350,172
Time in Patent Office

1,931 Days
Field of Search

713/201, 713/153, 713/172, 709/224, 726/22, 370/254, 705/78
US Class Current

726/22
CPC Class Codes

G06Q 20/0855   involving a third party

H04L 63/0861   using biometrical features,...

H04L 63/101   Access control lists [ACL]

Distributed network monitoring system and method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

111 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed network monitoring system and method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links