Network audit and policy assurance system

US 7,627,891 B2
Filed: 02/13/2004
Issued: 12/01/2009
Est. Priority Date: 02/14/2003
Status: Active Grant

First Claim

Patent Images

1. A network auditing system for auditing a data communications network, the system comprising:

a first server configuring policies and audits of the data communications network;

one or more second servers coupled to the first server, the one or more second servers gathering information about the network in response to the configured audits and transmitting the gathered information to the first server; and

a data store coupled to the first server, the data store storing the gathered information transmitted by the one or more second servers, wherein the first server determines compliance with one of the configured network policies and independently makes a recommendation, in response to the determination, for modifying a network feature;

wherein the recommendation is a task associated with the network feature;

wherein a status of the recommended task is monitored;

wherein completion of the recommended task is verified;

wherein the first server provides, in response to the determination, a graphical representation of a security of the data communications network;

wherein the recommendation is associated with a change to one of the configured network policies and logics for modeling an effect of the change to one of the configured network policies.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A prevention-based network auditing system includes a central compliance server generating network policies and configuring audits of the data communications network. The compliance server presents a graphical user interface (GUI) to describe the specific data gathering parameters, policies to be analyzed, and the schedule of analysis. One or more audit servers strategically deployed around the network employ heterogeneous data-gathering tools to gather information about the network in response to the configured audits, and transmit the gathered information to the compliance server. An audit repository stores the gathered information for use by the compliance server for security and regulatory policy assessment, network vulnerability analysis, report generation, and security improvement recommendations.

266 Citations

21 Claims

1. A network auditing system for auditing a data communications network, the system comprising:
- a first server configuring policies and audits of the data communications network;
  
  one or more second servers coupled to the first server, the one or more second servers gathering information about the network in response to the configured audits and transmitting the gathered information to the first server; and
  
  a data store coupled to the first server, the data store storing the gathered information transmitted by the one or more second servers, wherein the first server determines compliance with one of the configured network policies and independently makes a recommendation, in response to the determination, for modifying a network feature;
  
  wherein the recommendation is a task associated with the network feature;
  
  wherein a status of the recommended task is monitored;
  
  wherein completion of the recommended task is verified;
  
  wherein the first server provides, in response to the determination, a graphical representation of a security of the data communications network;
  
  wherein the recommendation is associated with a change to one of the configured network policies and logics for modeling an effect of the change to one of the configured network policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 17, 18, 19, 20, 21)
- - 2. The network auditing system of claim 1 further comprising a user interface allowing a user to generate a natural language policy document for the network policy and associate one or more machine-processable rules to the natural language policy document for allowing the network policy to be machine executable.
  - 3. The network auditing system of claim 1 further comprising a plurality of heterogeneous information sources coupled to the one or more second servers, wherein the one or more second servers each include:
    - means for receiving information gathered by the heterogeneous information sources; and
      
      means for converting the received information into a normalized data format.
  - 4. The network auditing system of claim 3, wherein the normalized data format is a machine-processable language format.
  - 5. The network auditing system of claim 1 further comprising an interface operating between a plurality of heterogeneous information sources and the one or more second servers, the interface providing a uniform communications platform for uniformly communicating with the heterogeneous information sources.
  - 6. The network auditing system of claim 1 further comprising:
    - means for identifying active network devices associated with an audit;
      
      means for tracking the network devices over time; and
      
      means for correlating information associated with the network devices.
  - 7. The network auditing system of claim 1, wherein the one or more second servers are coupled to one or more dynamically configurable packet filters.
  - 8. The network auditing system of claim 7, wherein the packet filters may be dynamically configured to forward packets during an audit session.
  - 9. The network auditing system of claim 1 further comprising means for determining whether address filtering for a wireless access point is functional.
  - 10. The network auditing system of claim 1 further comprising means for tracing a location of a wireless access point.
  - 11. The network auditing system of claim 1 wherein the first server comprises a semantic normalization module identifying equivalencies among information generated by heterogeneous information sources.
  - 12. The network auditing system of claim 11, wherein a network policy includes one or more rules that are applied to the information generated by the heterogeneous information sources independently of a source type.
  - 13. The network auditing system of claim 1 further comprising means for generating a report providing consolidated visibility into the security of the data communications network.
  - 14. The network auditing system of claim 1, wherein the network feature is a network security feature.
  - 17. The network auditing system of claim 1, wherein the determination of compliance with the one of the configured network policies is performed by a policy and vulnerability engine incorporated into a plurality of processors residing in the first server.
  - 18. The network auditing system of claim 1, wherein the first server includes a common interface that allows the first server to uniformly communicate with a plurality of heterogeneous scanners.
  - 19. The network auditing system of claim 1, wherein the recommended task is a remediation task for a configured network policy violation, and information on the remediation task indicates a name of a configured network policy, an address of a host of the data communications network in which was the configured network policy violation was determined, and the date in which the configured network policy violation was determined.
  - 20. The network auditing system of claim 1, wherein the recommended task is assigned to a particular person or entity.
  - 21. The network auditing system of claim 1, wherein the status is tracked and made available in a report.

15. A method, comprising:
- configuring policies and audits of a data communications network, utilizing a first server;
  
  gathering information about the network in response to the configured audits and transmitting the gathered information to the first server, utilizing one or more second servers coupled to the first server; and
  
  storing the gathered information transmitted by the one or more second servers utilizing a data store coupled to the first server, wherein the first server determines compliance with one of the configured network policies and independently makes a recommendation, in response to the determination, for modifying a network feature;
  
  wherein the recommendation is a task associated with the network feature;
  
  wherein a status of the recommended task is monitored;
  
  wherein completion of the recommended task is verified;
  
  wherein the first server provides, in response to the determination, a graphical representation of a security of the data communications network;
  
  wherein the recommendation is associated with a change to one of the configured network policies and logics for modeling an effect of the change to one of the configured network policies.

16. A computer program product embodied on a tangible computer readable medium, comprising:
- computer code for configuring policies and audits of a data communications network, utilizing a first server;
  
  computer code for gathering information about the network in response to the configured audits and transmitting the gathered information to the first server, utilizing one or more second servers coupled to the first server; and
  
  computer code for storing the gathered information transmitted by the one or more second servers utilizing a data store coupled to the first server, wherein the first server determines compliance with one of the configured network policies and independently makes a recommendation, in response to the determination, for modifying a network feature;
  
  wherein the recommendation is a task associated with the network feature;
  
  wherein a status of the recommended task is monitored;
  
  wherein completion of the recommended task is verified;
  
  wherein the first server provides, in response to the determination, a graphical representation of a security of the data communications network;
  
  wherein the recommendation is associated with a change to one of the configured network policies and logics for modeling an effect of the change to one of the configured network policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
Preventsys, Inc. (McAfee, LLC)
Inventors
Costello, Brian, Payne, John, Pelly, John, Walpole, Thomas Paul, Ritter, Stephen J., Rutherford, M. Celeste, Ravenel, John Patrick, Williams, John Leslie, Nakawatase, Ryan Tadashi
Primary Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US10/779,190
Publication Number

US 20050257267A1
Time in Patent Office

2,118 Days
Field of Search

726/3, 726 11- 14, 726/25, 726/1, 713151-153, 709/217, 709223-224
US Class Current

726/1
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/1408 by monitoring network traff...

Network audit and policy assurance system

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

266 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Network audit and policy assurance system

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

266 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links