Method and system for scanning network devices

US 8,281,019 B1
Filed: 09/27/2007
Issued: 10/02/2012
Est. Priority Date: 10/10/2003
Status: Active Grant

First Claim

Patent Images

1. A method for scanning network devices connected to a network, comprising:

(a) detecting when a first network device connects to the network at the time that the first network device connects to the network by polling a database about connections to the network and identifying the connection of the first network device to the network in response to the polling of the database; and

(b) performing remote agentless scanning of the first network device in response to detecting when the first network device connects to the network by;

taking an inventory of software and/or settings on the first network device;

comparing the inventory to a security policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention includes a method and system for scanning network devices connected to a network by detecting connection of a first network device to the network and performing remote scanning of the first network device in response to detection of the first network device.

Citations

25 Claims

1. A method for scanning network devices connected to a network, comprising:
- (a) detecting when a first network device connects to the network at the time that the first network device connects to the network by polling a database about connections to the network and identifying the connection of the first network device to the network in response to the polling of the database; and
  
  (b) performing remote agentless scanning of the first network device in response to detecting when the first network device connects to the network by;
  
  taking an inventory of software and/or settings on the first network device;
  
  comparing the inventory to a security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein polling the database comprises continuously checking the database at an extremely high frequency so that a response to the polling indicating connection of the first network device indicates when the first network device connected.
  - 3. The method of claim 1, wherein polling the database about connections to the network comprises examining address resolution protocol tables.
  - 4. The method of claim 1, wherein polling the database about connections to the network comprises continuously monitoring event logs.
  - 5. The method of claim 1, wherein step (b) further comprises determining whether the first network device is plugged into a wall socket.
  - 6. The method of claim 1, wherein the detecting is enabled by the first network device registering with the database when the first network device connects to the network.
  - 7. The method of claim 1, wherein step (b) further comprises determining identity of the first network device by querying the database.
  - 8. The method of claim 7, wherein the determining of the identity of the first network device further comprises querying a database where the identity has been determined.
  - 9. The method of claim 1, wherein:
    - the database resides on a lightweight directory access protocol server;
      
      polling the database about connections to the network comprises transmitting a lightweight directory access protocol query.
  - 10. The method of claim 1, wherein:
    - the database resides on a lightweight directory access protocol server;
      
      polling the database about connections to the network comprises executing a persistent lightweight directory access protocol search.
  - 11. The method of claim 1, wherein detecting when the first network device connects to the network comprises:
    - the database being triggered by the activating of a Structured Query Language trigger;
      
      a detecting module communicating with the database in response to the database triggering.
  - 12. The method of claim 1, wherein comparing the inventory to the security policy comprises determining if the first network device is part of a WINDOWS domain.
  - 13. The method of claim 1, wherein polling the database about connections to the network comprises transmitting a domain name system query.
  - 14. The method of claim 1, further comprising:
    - identifying a virus on the first network device during the remote agentless scan;
      
      quarantining the virus.

15. An apparatus for remote agentless scanning of network devices on a network comprising:
- (a) a detecting module that detects when a first network device connects to the network at the time that the first network device connects to the network by polling a database about connections to the network and identifying the connection of the first network device to the network in response to the polling of the database; and
  
  (b) a scanning module that performs remote agentless scanning of the first network device in response to detecting when the first network device connects to the network by;
  
  taking an inventory of software and/or settings on the first network device;
  
  comparing the inventory to a security policy.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein:
    - detection of the first network device is enabled by the first network device registering with the database when the first network device connects to the network.
  - 17. The apparatus of claim 16, wherein the first network device registers with the database by sending a network address of the first network device to the database.
  - 18. The apparatus of claim 15, wherein polling the database comprises communicating with a browser service to detect when the first network device connects to the network.
  - 19. The apparatus of claim 15, wherein polling the database comprises performing an indirect query of the database.
  - 20. The apparatus of claim 15, wherein the detection module attempts to detect connection of the first network device by:
    - continuously broadcasting pings on the network;
      
      continuously examining address resolution protocol tables;
      
      continuously monitoring log events;
      
      transmitting a lightweight directory access protocol query; and
      
      transmitting a domain name system query.

21. A method for examining a first network device connected to a network, comprising:
- (a) querying a database for data representing connection of network devices to a network;
  
  (b) determining when a first network device connects to the network at the time that the first network device connects to the network by locating data about the first network device in the database in response to the querying of the database;
  
  (c) determining properties associated with the first network device to determine the identity of the first network device;
  
  (d) determining items to scan based on at least one of the properties; and
  
  (e) performing remote scanning of the first network device to take an inventory of software and/or settings on the first network device in response to the determination of the connection of the first network device to the network.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, wherein querying the database for data representing connection of network devices to a network comprises transmitting a lightweight directory access protocol query.
  - 23. The method of claim 21, wherein querying the database for data representing connection of network devices to a network comprises transmitting a domain name system query.
  - 24. The method of claim 21, wherein the determining is enabled by the first network device registering with the database when the first network device connects to the network.

25. A method for scanning network devices connected to a network, comprising:
- (a) detecting when a first network device connects to the network at the time that the first network device connects to the network by continuously polling a database about connections to the network and identifying the connection of the first network device to the network in response to the polling of the database; and
  
  (b) performing remote scanning of the first network device in response to detection of the first network device by;
  
  taking an inventory of software and/or settings on the first network device;
  
  comparing the inventory to a security policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Woodard, Keith, Trias, Fernando
Primary Examiner(s)
Bayard, Djenane

Application Number

US11/862,990
Time in Patent Office

1,832 Days
Field of Search

709/212, 709/218, 709/224, 709/229, 709/227, 709/220, 709/202, 709/232, 709/228
US Class Current

709/228
CPC Class Codes

H04L 67/125 involving control of end-de...

Method and system for scanning network devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for scanning network devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links