Client compliancy with self-policing clients

US 7,836,501 B2
Filed: 01/04/2006
Issued: 11/16/2010
Est. Priority Date: 11/27/2002
Status: Active Grant

First Claim

Patent Images

1. A method for enforcing client compliance on a network, comprising:

transmitting, over the network, a query from a software agent executing on a target device to a non-compliance database that stores identifiers of non-compliant devices on the network, the query requesting compliance status of the target device and including an identifier of the target device;

receiving, over the network, by the software agent executing on the target device a response to the query indicating the compliance status of the target device, the compliance status indicating whether or not the identifier of the target device is present in the database of non-compliant devices on the network; and

in response to the compliance status indicating that the identifier of the target device is present in the database of non-compliant devices, initiating, by the software agent executing on the target device, a remedial action to put the target device in compliance with network security policies.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security sensor data from intrusion detection system (IDS) sensors, vulnerability assessment (VA) sensors, and/or other security sensors is used to enhance the compliancy determination in a client compliancy system. A database is used to store the security sensor data. In one particular embodiment, a list of device compliance statuses indexed by corresponding identifiers (e.g., IP/MAC addresses) combined from IDS, VA, and/or other security sensing technologies is made available as a non-compliance database for query, so that clients and other compliancy authentication elements can tell that a particular client appears to be out of compliance. A client-side self-policing compliance system is enabled, and can be used in conjunction with automated endpoint compliance policy configuration to reduce system administrator burden.

85 Citations

View as Search Results

20 Claims

1. A method for enforcing client compliance on a network, comprising:
- transmitting, over the network, a query from a software agent executing on a target device to a non-compliance database that stores identifiers of non-compliant devices on the network, the query requesting compliance status of the target device and including an identifier of the target device;
  
  receiving, over the network, by the software agent executing on the target device a response to the query indicating the compliance status of the target device, the compliance status indicating whether or not the identifier of the target device is present in the database of non-compliant devices on the network; and
  
  in response to the compliance status indicating that the identifier of the target device is present in the database of non-compliant devices, initiating, by the software agent executing on the target device, a remedial action to put the target device in compliance with network security policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein security sensors including at least one of an intrusion detection system (IDS) sensor and a vulnerability assessment (VA) sensor detect the non-compliant devices on the network and provide corresponding identifiers of the non-compliant devices to the database.
  - 3. The method of claim 1 wherein the remedial action initiated by the target device includes at least one of requesting a new network lease, triggering a security software update procedure, and triggering security processing.
  - 4. The method of claim 3 wherein requesting the new network lease causes a proxy to assign the target device to a quarantine network.
  - 5. The method of claim 1 wherein the identifier of the target device is removed from the database responsive to the software agent transmitting the query.
  - 6. The method of claim 5 wherein in response to non-compliance of the target device subsequently being detected, the target device'"'"'s identifier is re-admitted to the database.
  - 7. The method of claim 5 wherein a self-query is distinguished from a proxy-based query by matching an IP address being queried with an IP address from which the query is issued;
    - andwherein a query from a proxy does not result in removal of the target device'"'"'s identifier from the non-compliance database.
  - 8. The method of claim 1 wherein the identifiers of non-compliant devices are network addresses including at least one of MAC and IP addresses, and the software agent is used in conjunction with an automated endpoint compliance policy configuration.

9. A machine-readable storage medium encoded with instructions, that when executed by a processor, cause the processor to carry out a process for enforcing client compliance on a network, the process comprising:
- transmitting, over the network, a query from a software agent executing on a target device to a non-compliance database that stores identifiers of non-compliant devices on the network, the query requesting compliance status of the target device and including an identifier of the target device;
  
  receiving, over the network, by the software agent executing on the target device a response to the query indicating the compliance status of the target device, the compliance status indicating whether or not the identifier of the target device is present in the database of non-compliant devices on the network; and
  
  in response to the compliance status indicating that the identifier of the target device is present in the database of non-compliant devices, initiating, by the software agent executing on the target device, a remedial action to put the target device in compliance with network security policies.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The machine-readable storage medium of claim 9 wherein the remedial action initiated by the target device includes at least one of requesting a new network lease, triggering a security software update procedure, and triggering security processing.
  - 11. The machine-readable storage medium of claim 10 wherein requesting the new network lease causes a proxy to assign the target device to a quarantine network.
  - 12. The machine-readable storage medium of claim 9 wherein the identifier of the target device is removed from the database responsive to the software agent transmitting the query.
  - 13. The machine-readable storage medium of claim 12 wherein in response to non-compliance of the target device subsequently being detected, the target device'"'"'s identifier is re-admitted to the database.
  - 14. The machine-readable storage medium of claim 12 wherein a self-query is distinguished from a proxy-based query by matching an IP address being queried with an IP address from which the query is issued;
    - andwherein a query from a proxy does not result in removal of the target device'"'"'s identifier from the non-compliance database.
  - 15. The machine-readable storage medium of claim 9 wherein security sensors including at least one of an intrusion detection system (IDS) sensor and a vulnerability assessment (VA) sensor detect the non-compliant devices on the network and provide corresponding identifiers of the non-compliant devices to the database.

16. A system for enforcing client compliance on a network, comprising:
- a self-policing target device that initiates a remedial action to put itself in compliance with network security policies responsive to receiving a compliance status indicating that an identifier of the self-policing target device is present in a database of non-compliant devices on the network; and
  
  a compliance verification component executing on the target device, the compliance verification component for transmitting, over the network, a query to the database of non-compliant devices on the network, the query requesting the compliance status of the target device and including the identifier of the target device, and for receiving, over the network, a response to the query indicating the compliance status of the target device, the compliance status indicating whether or not the identifier of the target device is present in the database of non-compliant devices on the network.
- View Dependent Claims (17, 18)
- - 17. The system claim 16 wherein the identifier of the target device is removed from the database responsive to the compliance verification component transmitting the query.
  - 18. The system of claim 17 further comprising the database of non-compliant devices and a compliance registration manager that is communicatively coupled with the database, the compliance registration manager configured for distinguishing a self-query from a proxy-based query by matching an IP address being queried with an IP address from which the query is issued.

19. A system for enforcing client compliance on a network, comprising:
- a processor; and
  
  a computer readable storage medium storing computer-executable program instructions that when executed cause a processor to perform steps including;
  
  transmitting, over the network, a query from a target device to a database storing identifiers of non-compliant devices on the network, the query requesting compliance status of the target device and including an identifier of the target device;
  
  receiving, over the network, by the target device a response to the query indicating the compliance status of the target device, the compliance status indicating whether or not the identifier of the target device is present in the database of non-compliant devices on the network; and
  
  initiating by the target device in response to, the compliance status indicating that the identifier of the target device is present in the database of non-compliant devices, a remedial action to put the target device in compliance with network security policies.
- View Dependent Claims (20)
- - 20. The system of claim 19 further including program instructions for:
    - distinguishing a self-query from a proxy-based query by matching an IP address being queried with an IP address from which the query is issued.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sobel, William E., McCorkendale, Bruce
Primary Examiner(s)
COLIN, CARL G

Application Number

US11/325,762
Publication Number

US 20060130139A1
Time in Patent Office

1,777 Days
Field of Search

726 22- 25
US Class Current

726/22
CPC Class Codes

H04L 63/105   Multiple levels of security

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Client compliancy with self-policing clients

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Client compliancy with self-policing clients

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links