System and method for applying a machine-processable policy rule to information gathered about a network

US 7,536,456 B2
Filed: 02/13/2004
Issued: 05/19/2009
Est. Priority Date: 02/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

maintaining in a data store, a natural language policy document for a network policy and one or more machine-processable policy rules;

associating at least a portion of the natural language policy document to at least one of the machine-processable policy rules;

applying the at least one of the machine-processable policy rules to information gathered about a network; and

determining, based on the application of the at least one of the machine-processable policy rules, compliance with the network policy;

wherein the information is gathered via a plurality of audit servers using heterogeneous information sources, the heterogeneous information sources including at least one of a scanner, a camera, and manually entered data;

wherein each of the plurality of audit servers include a scan harness that interoperates with the scanner;

wherein the audit servers are configured to allow enumeration of unique network devices, to allow correlation of characteristics associated with the unique network devices, and to filter network packets.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A prevention-based network auditing system includes a central compliance server storing both natural language policy documents and machine-processable policy rules in an audit repository. The compliance server provides a client-side user interface allowing a user to easily generate a machine-auditable policy by selecting/generating a natural language policy source document, and linking the applicable machine-processable policy rules to the applicable portions of the source document. The selected machine-processable policy rules are then applied to information gathered about the network during a scheduled network audit session for efficiently and systematically determining whether policy violations and/or vulnerabilities exist.

210 Citations

19 Claims

1. A method comprising:
- maintaining in a data store, a natural language policy document for a network policy and one or more machine-processable policy rules;
  
  associating at least a portion of the natural language policy document to at least one of the machine-processable policy rules;
  
  applying the at least one of the machine-processable policy rules to information gathered about a network; and
  
  determining, based on the application of the at least one of the machine-processable policy rules, compliance with the network policy;
  
  wherein the information is gathered via a plurality of audit servers using heterogeneous information sources, the heterogeneous information sources including at least one of a scanner, a camera, and manually entered data;
  
  wherein each of the plurality of audit servers include a scan harness that interoperates with the scanner;
  
  wherein the audit servers are configured to allow enumeration of unique network devices, to allow correlation of characteristics associated with the unique network devices, and to filter network packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising making a recommendation for modifying a network feature based on the compliance with the network policy.
  - 3. The method of claim 2, wherein the recommendation is associated with a change to the network policy.
  - 4. The method of claim 3, wherein the recommendation is adding a rule to the network policy.
  - 5. The method of claim 1, wherein the at least one of the machine-processable policy rules is uniformly applied to the gathered information without regard to an information source type.
  - 6. The method of claim 1, further comprising:
    - receiving a user selection of a first portion of the natural language policy document;
      
      receiving a user selection of a first policy rule from a list of machine-processable policy rules;
      
      receiving a user selection of a second portion of the natural language policy document;
      
      receiving a user selection of a second policy rule from the list of machine-processable policy rules; and
      
      associating the first portion of the natural language policy document to the first policy rule, and the second portion of the natural language policy document to the second policy rule.
  - 7. The method of claim 1, further comprising:
    - receiving a user selection of the network policy;
      
      associating the selected network policy to a network audit; and
      
      automatically applying the at least one of the machine-processable policy rules to the information gathered about the network during the network audit.
  - 8. The method of claim 1, wherein the at least one of the machine-processable policy rules is associated with a severity meter for violating the at least one of the machine-processable policy rules.
  - 9. The method of claim 1, wherein the information gathered about the network is historic audit information, and the method further comprises modeling an effect of applying the network policy on the network based on the historic audit information.
  - 10. The method of claim 1, wherein the gathered information is converted into a normalized data format and stored in an audit repository for access by a compliance server.
  - 11. The method of claim 1, wherein the scanner includes at least one of an open source scanner, a third party scanner, a special purpose scanner, and a customer scanner.

12. A server in a network auditing system, the server comprising:
- a data store storing a natural language policy document for a network policy and one or more machine-processable policy rules;
  
  a client-side user interface coupled to the data store, the user interface allowing a user to associate at least a portion of the natural language policy document to at least one of the machine-processable policy rules;
  
  means for applying the at least one of the machine-processable policy rules to information gathered about a network; and
  
  means for determining, based on the application of the at least one of the machine-processable policy rules, compliance with the network policy;
  
  wherein the information is gathered via a plurality of audit servers using heterogeneous information sources, the heterogeneous information sources including at least one of a scanner, a camera, and manually entered data;
  
  wherein each of the plurality of audit servers include a scan harness that interonerates with the scanner;
  
  wherein the audit servers are configured to allow enumeration of unique network devices, to allow correlation of characteristics associated with the unique network devices, and to filter network packets.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The server of claim 12, further comprising means for making a recommendation for modifying a network feature based on the compliance with the network policy.
  - 14. The server of claim 13, wherein the recommendation is associated with a change to the network policy.
  - 15. The server of claim 13, wherein the recommendation is adding a rule to the network policy.
  - 16. The server of claim 12, further comprising means for uniformly applying the at least one of the machine-processable policy rules to the gathered information without regard to an information source type.
  - 17. The server of claim 12, wherein the client-side user interface further comprises:
    - means for receiving a user selection of a first portion of the natural language policy document;
      
      means for receiving a user selection of a first policy rule from a list of machine-processable policy rules;
      
      means for receiving a user selection of a second portion of the natural language policy document;
      
      means for receiving a user selection of a second policy rule from the list of machine-processable policy rules; and
      
      means for associating the first portion of the natural language policy document to the first policy rule, and the second portion of the natural language policy document to the second policy rule.
  - 18. The server of claim 12, further comprising:
    - means for receiving a user selection of the network policy;
      
      means for associating the selected network policy to a network audit; and
      
      means for automatically applying the at least one of the machine-processable policy rules to information gathered about the network during the network audit.
  - 19. The server of claim 12, wherein the information gathered about the network is historic audit information, and the server comprises means for modeling an effect of applying the network policy on the network based on the historic audit information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
Preventsys, Inc. (McAfee, LLC)
Inventors
Costello, Brian, Payne, John, Pelly, John, Ritter, Stephen J., Rutherford, M. Celeste, Ravenel, John Patrick, Williams, John Leslie, Nakawatase, Ryan Tadashi
Primary Examiner(s)
Patel; Haresh N

Application Number

US10/778,836
Publication Number

US 20050010819A1
Time in Patent Office

1,922 Days
Field of Search

709217-228, 370/401, 726/4
US Class Current

709/224
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0856   by backing up or archiving ...

H04L 41/0859   by keeping history of diffe...

H04L 43/00   Arrangements for monitoring...

H04L 43/045   for graphical visualisation...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

System and method for applying a machine-processable policy rule to information gathered about a network

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

210 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for applying a machine-processable policy rule to information gathered about a network

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

210 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links