Network security system having a device profiler communicatively coupled to a traffic monitor
First Claim
1. A computer-implemented system for protecting a host on a network, the system comprising:
- a device profiler having a hardware Input/Output module communicatively coupling the device profiler to the network, the device profiler for identifying characteristics of the host, accessing a vulnerability tree having nodes representative of the characteristics of the host and sets of vulnerabilities associated with the nodes, and determining one or more vulnerabilities of the host that could be exploited by network traffic; and
a module for configuring a firewall to prevent the determined vulnerabilities of the host from being exploited.
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attack signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.
30 Citations
18 Claims
-
1. A computer-implemented system for protecting a host on a network, the system comprising:
-
a device profiler having a hardware Input/Output module communicatively coupling the device profiler to the network, the device profiler for identifying characteristics of the host, accessing a vulnerability tree having nodes representative of the characteristics of the host and sets of vulnerabilities associated with the nodes, and determining one or more vulnerabilities of the host that could be exploited by network traffic; and a module for configuring a firewall to prevent the determined vulnerabilities of the host from being exploited. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium storing executable instructions for protecting a host on a network, the instructions comprising instructions for:
-
evaluating responses of the host to data packets sent over the network to determine characteristics of the host; accessing a vulnerability tree having nodes representative of the characteristics of the host and sets of vulnerabilities associated with the nodes; determining one or more vulnerabilities of the host described by the vulnerability tree that could be exploited by network traffic; and configuring a firewall to prevent the determined vulnerabilities of the host from being exploited. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for protecting a host on a network, the method comprising:
-
using a computer to perform steps comprising; evaluating responses of the host to data packets sent over the network to determine characteristics of the host; accessing a vulnerability tree having nodes representative of the characteristics of the host and sets of vulnerabilities associated with the nodes; determining one or more vulnerabilities of the host described by the vulnerability tree that could be exploited by network traffic; and configuring a firewall to prevent the determined vulnerabilities of the host from being exploited. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification