High-assurance web-based configuration of secure network server
First Claim
Patent Images
1. A method of configuring a secure network server comprising the following steps:
- separating a disk of a network management secure network server into network management and user partitions;
creating an HTTP web server task group when an HTTP connection is initiated with said network management secure network server'"'"'s router address as an IP destination address, said HTTP web server task group being part of a non-trusted security functionality of said network management secure network server;
uploading a file containing modified configuration data from a remote computer to said network management secure network server, said HTTP web server task group receiving said uploaded file via an IP router interface that is within a trusted security functionality of said network management secure network server and storing said received file in said user partition of said network management secure network server;
copying said modified configuration data file from said user partition to said network management partition on said disk of said network management secure network server;
reviewing said modified configuration data in said modified configuration data file in said network management partition using a command line interface that is part of the trusted security functionality of said network management secure network server; and
configuring said network management secure network server or a second secure network server connected to said network management secure network server in accordance with said modified configuration data in response to the acceptance, via said command line interface, of said modified configuration data by an administrative user,wherein said copying step is performed by a file mover task group that is part of the trusted security functionality of said network management secure network server.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure network server having an embedded Hyper-Text Transfer Protocol (HTTP) server that is not within its trusted security functionality and that is used to configure the SNS security and networking features.
-
Citations
19 Claims
-
1. A method of configuring a secure network server comprising the following steps:
-
separating a disk of a network management secure network server into network management and user partitions; creating an HTTP web server task group when an HTTP connection is initiated with said network management secure network server'"'"'s router address as an IP destination address, said HTTP web server task group being part of a non-trusted security functionality of said network management secure network server; uploading a file containing modified configuration data from a remote computer to said network management secure network server, said HTTP web server task group receiving said uploaded file via an IP router interface that is within a trusted security functionality of said network management secure network server and storing said received file in said user partition of said network management secure network server; copying said modified configuration data file from said user partition to said network management partition on said disk of said network management secure network server; reviewing said modified configuration data in said modified configuration data file in said network management partition using a command line interface that is part of the trusted security functionality of said network management secure network server; and configuring said network management secure network server or a second secure network server connected to said network management secure network server in accordance with said modified configuration data in response to the acceptance, via said command line interface, of said modified configuration data by an administrative user, wherein said copying step is performed by a file mover task group that is part of the trusted security functionality of said network management secure network server. - View Dependent Claims (2, 3, 4, 14, 15, 16)
-
- 5. A secure network server having trusted security functionality and non-trusted security functionality, comprising a disk that has been separated into network management and user partitions, an HTTP web server task group that is within the non-trusted security functionality, a file mover task group that is within the trusted security interface, an IP router interface that is within the trusted security functionality and a command line interface that is within the trusted security functionality, wherein said HTTP web server task group stores configuration data in said user partition on said disk which said HTTP web server task group received via said IP router interface, and said HTTP web server task group causes said file mover task group to copy that configuration data from said user partition to said network management partition on said disk, the secure network server being programmed to configure itself or another secure network server connected thereto in accordance with said configuration data in response to acceptance, via said command line interface, of said configuration data by an administrative user.
- 10. A system comprising first and second secure network servers connected by a trunk line, and first and second networks connected via said second secure network server, said first and second networks operating at different security levels, wherein each of said first and second secure network servers has trusted security functionality and non-trusted security functionality, said first secure network server comprising a disk that has been separated into network management and user partitions, an HTTP web server task group that is within the non-trusted security functionality, a file mover task group that is within the trusted security functionality, an IP router interface that is within the trusted security functionality and a command line interface that is within the trusted security functionality, wherein said HTTP web server task group stores configuration data in said user partition on said disk which said HTTP web server task group received via said IP router interface, and said HTTP web server task group causes said file mover task group to copy that configuration data from said user partition to said network management partition on said disk, said first secure network server being programmed to configure itself or said second secure network server in accordance with said configuration data in response to acceptance, via said command line interface, of said configuration data by an administrative user.
-
17. A method of configuring a secure network server comprising the following steps:
-
separating a disk of a network management secure network server into network management and user partitions; uploading a file containing modified configuration data from a remote computer to said network management secure network server, wherein an HTTP web server task group that is within a non-trusted security functionality of said network management secure network server receives said uploaded file via an IP router interface that is within a trusted security functionality of said network management secure network server and stores said received file in said user partition of said network management secure network server; sending a file name of said modified configuration data file to a file mover task group through an executive mailbox, said file mover task group being part of the trusted security functionality of said network management secure network server, said sending step being performed by said HTTP web server task group; copying said modified configuration data file from said user partition to said network management partition on said disk of said network management secure network server, said copying step being performed by said file mover task group; reviewing said modified configuration data in said modified configuration data file in said network management partition using a command line interface that is part of the trusted security functionality of said network management secure network server; and configuring said network management secure network server or a second secure network server connected to said network management secure network server in accordance with said modified configuration data in response to the acceptance, via said command line interface, of said modified configuration data by an administrative user. - View Dependent Claims (18, 19)
-
Specification