Method and apparatus providing unified compliant network audit
First Claim
1. A method of performing a network security audit based on information flows among network elements, comprising the machine-implemented steps of:
- obtaining a network inventory that identifies one or more network elements of a packet-switched network;
obtaining a list of ports;
determining, based at least in part on an examination of a running configuration of each of the one or more network elements, how information packets flow through each port in the list of ports for each of the one or more network elements;
determining a first threat level for each port in the list of ports for each of the network elements based at least in part on;
whether the running configuration indicates that the port is open or closed;
whether the running configuration indicates that the port, if open, has been configured with restrictions;
determining a second threat level for each of the one or more network elements based, at least in part, on the first threat levels associated with each port in the list of ports for that network element;
determining a third threat level for the network as a whole; and
providing a report of a network security audit based on the first, second and third threat levels;
wherein the method is performed by one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Information flow between network elements in a network enables a management system to capture a security knowledge base and to perform a static analysis of the network. In one embodiment, a method for performing a network security audit based on information flows among network elements comprises the machine-implemented steps of obtaining a network inventory that identifies one or more network elements of a packet-switched network; determining how information packets flow through the one or more network elements; determining a first threat level for each of the one or more network elements; determining a second threat level for the network as a whole; and providing a report of a network security audit based on the first and second threat levels.
82 Citations
40 Claims
-
1. A method of performing a network security audit based on information flows among network elements, comprising the machine-implemented steps of:
-
obtaining a network inventory that identifies one or more network elements of a packet-switched network; obtaining a list of ports; determining, based at least in part on an examination of a running configuration of each of the one or more network elements, how information packets flow through each port in the list of ports for each of the one or more network elements; determining a first threat level for each port in the list of ports for each of the network elements based at least in part on; whether the running configuration indicates that the port is open or closed; whether the running configuration indicates that the port, if open, has been configured with restrictions; determining a second threat level for each of the one or more network elements based, at least in part, on the first threat levels associated with each port in the list of ports for that network element; determining a third threat level for the network as a whole; and providing a report of a network security audit based on the first, second and third threat levels; wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable volatile or non-volatile medium for performing a network security audit based on information flows among network elements, comprising one or more sequences of computer program instructions, which instructions, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
obtaining a network inventory that identifies one or more network elements of a packet-switched network; obtaining a list of ports; determining, based at least in part on an examination of a running configuration of each of the one or more network elements, how information packets flow through each port in the list of ports for each of the one or more network elements; determining a first threat level for each port in the list of ports for each of the network elements based at least in part on; whether the running configuration indicates that the port is open or closed; and whether the running configuration indicates that the port, if open, has been configured with restrictions; determining a second threat level for each of the one or more network elements based, at least in part, on a status of one or more ports used by the one or more network elements and determining whether access to any port is restricted the first threat levels associated with each port in the list of ports for that network element; determining a third threat level for the network as a whole; and providing a report of a network security audit based on the first, second, and third threat levels. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus configured for performing a network security audit based on information flows among network elements, comprising:
-
security policy definition logic; a security policy database coupled to the security policy definition logic; security policy compliance logic coupled to the security policy database; and corrective action logic; wherein the security policy compliance logic comprises one or more computer program instructions for obtaining a network inventory that identifies one or more network elements of a packet-switched network;
obtaining a list of ports;
determining, based at least in part on an examination of a running configuration of each of the one or more network elements, how information packets flow through each port in the list of ports for each of the one or more network elements;
determining a first threat level for each port in the list of ports for each of the network elements based at least in part on;
whether the running configuration indicates that the port is open or closed;
whether the running configuration indicates that the port, if open, has been configured with restrictions;
determining a second threat level for each of the one or more network elements based, at least in part, on a the first threat levels associated with each port in the list of ports for that network element;
determining a third threat level for the network as a whole; and
providing a report of a network security audit based on the first second, and third threat levels. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. An apparatus configured for performing a network security audit based on information flows among network elements, comprising:
-
means for obtaining a network inventory that identifies one or more network elements of a packet-switched network; means for obtaining a list of ports; means for determining, based at least in part on an examination of a running configuration of each of the one or more network elements, how information packets flow through each port in the list of ports for each of the one or more network elements; means for determining a first threat level for each port in the list of ports for each of the network elements based at least in part on; whether the running configuration indicates that the port is open or closed; whether the running configuration indicates that the port, if open, has been configured with restrictions; means for determining a second threat level for each of the one or more network elements based, at least in part, on the first threat levels associated with each port in the list of ports for that network element; means for determining a third threat level for the network as a whole; and means for providing a report of a network security audit based on the first, second, and third threat levels. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification