Distributed network monitoring system and method
First Claim
1. In a computer network having a server and a plurality of network devices connected to the server, a method for protecting the computer network against unauthorized access, the method comprising:
- providing each authorized device authorized to use the network with an agent configured to report information including;
1) self reported address information about the device to which the agent corresponds;
2) a unique agent identifier (AID) which identifies the device to which the agent corresponds; and
3) neighboring device address information about all neighboring devices connected to a same switch as the device to which the agent corresponds;
reporting the information to a security program on the server; and
correlating with the security program the reported information to determine if any unauthorized network devices are connected to the network comprising;
compiling from the self reported address information reported by the agents a first list containing “
self reported”
addresses;
compiling from the neighboring device address information reported by the agents a second list containing “
neighboring”
device addresses; and
comparing the first list to the second list to determine if there are any discrepancies between the two lists, wherein in the event of a discrepancy, an alert is triggered.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for protecting the computer network against unauthorized access are disclosed. Information is reported about each network device connected to the network and/or one or more corresponding users. The reported information is correlated to determine if any unauthorized devices are connected to the network. To report the desired information, each device authorized to use the network may be provided with an agent configured to report information about the device to which it corresponds and information about one or more neighboring devices. A “reporting your neighbor” method may be used wherein each network device report its address and the address of its neighbors may be used to determine if any device is not reporting its address. Alternatively, each agent may report information about its device'"'"'s physical location, e.g., by global positioning satellite (GPS). A door badge system may be used to provide user location information.
-
Citations
24 Claims
-
1. In a computer network having a server and a plurality of network devices connected to the server, a method for protecting the computer network against unauthorized access, the method comprising:
-
providing each authorized device authorized to use the network with an agent configured to report information including; 1) self reported address information about the device to which the agent corresponds; 2) a unique agent identifier (AID) which identifies the device to which the agent corresponds; and 3) neighboring device address information about all neighboring devices connected to a same switch as the device to which the agent corresponds; reporting the information to a security program on the server; and correlating with the security program the reported information to determine if any unauthorized network devices are connected to the network comprising; compiling from the self reported address information reported by the agents a first list containing “
self reported”
addresses;compiling from the neighboring device address information reported by the agents a second list containing “
neighboring”
device addresses; andcomparing the first list to the second list to determine if there are any discrepancies between the two lists, wherein in the event of a discrepancy, an alert is triggered. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. In a computer network having a server and a plurality of network devices connected to the server, a system for protecting the computer network against unauthorized access, the system comprising:
-
means for reporting information comprising an agent provided to each authorized device authorized to use the network configured to report information about the corresponding device including; 1) self reported address information about the device to which the agent corresponds; 2) a unique agent identifier (AID) which identifies the device to which the agent corresponds; and 3) neighboring device address information about all neighboring devices connected to a same switch as the device to which the agent corresponds; means for correlating the information to determine if any unauthorized devices are connected to the network, wherein the means for correlating information is configured to; compile from the self reported address information reported by the agents a first list containing “
self reported”
addresses;compile from the neighboring device address information reported by the agents a second list containing “
neighboring”
device addresses; andcompare the first list to the second list to determine if there are any discrepancies between the two lists, wherein in the event of discrepancy, an alert is triggered. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification