Systems and methods for determining characteristics of a network and enforcing policy
First Claim
1. A method for passively and automatically enforcing a network configuration and usage policy on a network, comprising:
- predefining the network configuration and usage policy for an operating system;
passively determining, at a processor disposed between a source device and a destination device, in response to plural protocol fields in one packet transmitted on the network from the source device to the destination device, that a network device on the network is using the operating system by reading, decoding, and analyzing the packet transmitted on the network, to determine the operating system being used by the network device, by comparing the plural protocol fields in the one packet to an operating system identifying structure, wherein the packet is in traffic passively moving across the network; and
performing an action at the processor, the action being identified by the network configuration and usage policy as being for the operating system that was passively determined from the packet, the action being different for different operating systems,the protocol fields being network, transport, and application protocol fields.
3 Assignments
0 Petitions
Accused Products
Abstract
A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.
173 Citations
9 Claims
-
1. A method for passively and automatically enforcing a network configuration and usage policy on a network, comprising:
-
predefining the network configuration and usage policy for an operating system; passively determining, at a processor disposed between a source device and a destination device, in response to plural protocol fields in one packet transmitted on the network from the source device to the destination device, that a network device on the network is using the operating system by reading, decoding, and analyzing the packet transmitted on the network, to determine the operating system being used by the network device, by comparing the plural protocol fields in the one packet to an operating system identifying structure, wherein the packet is in traffic passively moving across the network; and performing an action at the processor, the action being identified by the network configuration and usage policy as being for the operating system that was passively determined from the packet, the action being different for different operating systems, the protocol fields being network, transport, and application protocol fields. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification