Systems and methods for determining characteristics of a network and enforcing policy

US 7,949,732 B1
Filed: 05/12/2004
Issued: 05/24/2011
Est. Priority Date: 05/12/2003
Status: Active Grant

First Claim

Patent Images

1. A method for passively and automatically enforcing a network configuration and usage policy on a network, comprising:

predefining the network configuration and usage policy for an operating system;

passively determining, at a processor disposed between a source device and a destination device, in response to plural protocol fields in one packet transmitted on the network from the source device to the destination device, that a network device on the network is using the operating system by reading, decoding, and analyzing the packet transmitted on the network, to determine the operating system being used by the network device, by comparing the plural protocol fields in the one packet to an operating system identifying structure, wherein the packet is in traffic passively moving across the network; and

performing an action at the processor, the action being identified by the network configuration and usage policy as being for the operating system that was passively determined from the packet, the action being different for different operating systems,the protocol fields being network, transport, and application protocol fields.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.

173 Citations

9 Claims

1. A method for passively and automatically enforcing a network configuration and usage policy on a network, comprising:
- predefining the network configuration and usage policy for an operating system;
  
  passively determining, at a processor disposed between a source device and a destination device, in response to plural protocol fields in one packet transmitted on the network from the source device to the destination device, that a network device on the network is using the operating system by reading, decoding, and analyzing the packet transmitted on the network, to determine the operating system being used by the network device, by comparing the plural protocol fields in the one packet to an operating system identifying structure, wherein the packet is in traffic passively moving across the network; and
  
  performing an action at the processor, the action being identified by the network configuration and usage policy as being for the operating system that was passively determined from the packet, the action being different for different operating systems,the protocol fields being network, transport, and application protocol fields.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein predefining the network configuration and usage policy for the operating system comprises reading a list of rules configured by a user.
  - 3. The method of claim 2, wherein the list of rules configured by the user is grouped by operating system.
  - 4. The method of claim 1, wherein the network configuration and usage policy for the operating system comprises preventing the use of the operating system on the network.
  - 5. The method of claim 1, wherein the action comprises one of logging information to a file, storing information in a database, performing a simple network management trap, sending a message to the network device, controlling the network device, and changing a priority of an intrusion detection system event.
  - 6. The method of claim 5, wherein controlling the network device comprises one or more of invoking a firewall rule and disabling a network switch.
  - 7. The method of claim 1, further comprisingidentifying a service for the network device by reading, decoding, and analyzing one or more packets transmitted on the network andwherein the action identified by the network configuration and usage policy as being for the operating system further is for the identified service for the network device, when the operating system is identified and the service is identified.
  - 8. The method of claim 7, further comprisingidentifying a logical location for the network device by reading, decoding, and analyzing a plurality of packets transmitted on the network, andwherein the action identified by the network configuration and usage policy as being for the operating system further is for the identified logical location for the network device, when the operating system is identified and the logical location is identified.
  - 9. The method of claim 1, wherein the network configuration and usage policy for the operating system comprises preventing the use of the operating system on the network during prohibited times.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Sourcefire Incorporated (Cisco Systems, Inc.)
Inventors
Gustafson, Eric, Baker, Andrew, Roesch, Martin, Dempster, Ronald A.
Primary Examiner(s)
Serrao; Ranodhi N

Application Number

US10/843,459
Time in Patent Office

2,568 Days
Field of Search

709/223, 709/224, 709/220, 370/254
US Class Current

709/220
CPC Class Codes

H04L 63/1433 Vulnerability analysis

H04L 67/125 involving control of end-de...

Systems and methods for determining characteristics of a network and enforcing policy

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

173 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for determining characteristics of a network and enforcing policy

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

173 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links