Systems and methods for modifying network map attributes

US 8,289,882 B2
Filed: 01/15/2010
Issued: 10/16/2012
Est. Priority Date: 11/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for assigning a vulnerability parameter to a device on a network, comprising:

passively determining, responsive to a passively read packet, a vulnerability parameter for an operating system or service;

storing, responsive to the vulnerability parameter being passively determined, the vulnerability parameter in a host map associated with a network device;

modifying the vulnerability parameter which was passively determined; and

storing the modified vulnerability parameter in the host map, wherein the vulnerability parameter is invalid or valid,when the vulnerability is invalid and a pre-defined change in the operating system or service occurs on the network device, a new vulnerability lookup is performed for the changed operating system or service and the vulnerability parameter is remapped from invalid to valid based on the new vulnerability lookup for the changed operating system or service,wherein the vulnerability parameter is associated with a universal unique identifier to distinguish between locally and remotely generated vulnerability parameters and is synchronized to a high availability peer, the vulnerability parameter being propagated from the host map to the high availability peer,when the vulnerability parameter is modified at the high availability peer, the modified vulnerability parameter is propagated from the high availability peer back to the host map.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed systems and methods provide a user interface for modifying host configuration data that has been automatically and passively determined and for adding or modifying other parameters associated with a host. A host data table can store various parameters descriptive of a host including the applicability of specific vulnerabilities. If it is determined that one or more hosts should not be identified as associated with a specific vulnerability, a graphical user interface can be used to modify the vulnerability parameter.

217 Citations

12 Claims

1. A method for assigning a vulnerability parameter to a device on a network, comprising:
- passively determining, responsive to a passively read packet, a vulnerability parameter for an operating system or service;
  
  storing, responsive to the vulnerability parameter being passively determined, the vulnerability parameter in a host map associated with a network device;
  
  modifying the vulnerability parameter which was passively determined; and
  
  storing the modified vulnerability parameter in the host map, wherein the vulnerability parameter is invalid or valid,when the vulnerability is invalid and a pre-defined change in the operating system or service occurs on the network device, a new vulnerability lookup is performed for the changed operating system or service and the vulnerability parameter is remapped from invalid to valid based on the new vulnerability lookup for the changed operating system or service,wherein the vulnerability parameter is associated with a universal unique identifier to distinguish between locally and remotely generated vulnerability parameters and is synchronized to a high availability peer, the vulnerability parameter being propagated from the host map to the high availability peer,when the vulnerability parameter is modified at the high availability peer, the modified vulnerability parameter is propagated from the high availability peer back to the host map.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein a graphical user interface is provided through an application program interface.
  - 3. The method of claim 1, wherein a graphical user interface provides a function for setting the vulnerability parameter for a plurality of selected hosts or services.
  - 4. The method of claim 1, wherein a graphical user interface provides a function for deleting a host from a network map.

5. A method for assigning a vulnerability parameter to a device on a network, comprising:
- passively determining, responsive to a passively read packet, a vulnerability parameter for an operating system or service, wherein the vulnerability parameter is associated with a universal unique identifier to distinguish between locally and remotely generated vulnerability parameters;
  
  storing, responsive to the vulnerability parameter being passively determined, the vulnerability parameter in a host map associated with a network device;
  
  modifying the vulnerability parameter which was passively determined; and
  
  storing the modified vulnerability parameter in the host map, whereinthe vulnerability parameter is invalid or valid,when the vulnerability is invalid and a pre-defined change in the operating system or service occurs on the network device, a new vulnerability lookup is performed for the changed operating system or service and the vulnerability parameter is remapped from invalid to valid based on the new vulnerability lookup for the changed operating system or service,wherein the vulnerability parameter is propagated from the host map to the high availability peer,when the vulnerability parameter is modified at the high availability peer, the modified vulnerability parameter is propagated from the high availability peer back to the host map.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein a graphical user interface is provided through an application program interface.
  - 7. The method of claim 5, wherein a graphical user interface provides a function for setting the vulnerability parameter for a plurality of selected hosts or services.
  - 8. The method of claim 5, wherein a graphical user interface provides a function for deleting a host from a network map.

9. A method for assigning a vulnerability parameter to a device on a network, comprising:
- passively determining, responsive to a passively read packet, a vulnerability parameter for an operating system or service;
  
  storing, responsive to the vulnerability parameter being passively determined, the vulnerability parameter in a host map associated with a network device;
  
  modifying the vulnerability parameter which was passively determined; and
  
  storing the modified vulnerability parameter in the host map, whereinthe vulnerability parameter is invalid or valid,when the vulnerability is invalid and a pre-defined change in the operating system or service occurs on the network device, a new vulnerability lookup is performed for the changed operating system or service and the vulnerability parameter is remapped from invalid to valid based on the new vulnerability lookup for the changed operating system or service,wherein the vulnerability parameter is associated with a universal unique identifier to distinguish between locally and remotely generated vulnerability parameters and is synchronized to a peer, the vulnerability parameter being propagated from the host map to the peer,when the vulnerability parameter is modified at the peer, the modified vulnerability parameter is propagated from the peer back to the host map.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein a graphical user interface is provided through an application program interface.
  - 11. The method of claim 9, wherein a graphical user interface provides a function for setting the vulnerability parameter for a plurality of selected hosts or services.
  - 12. The method of claim 9, wherein a graphical user interface provides a function for deleting a host from a network map.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Sourcefire Incorporated (Cisco Systems, Inc.)
Inventors
Vogel, William Andrew III, Bruzek, Dina L.
Primary Examiner(s)
Hamza, Faruk
Assistant Examiner(s)
CRUTCHFIELD, CHRISTOPHER M

Application Number

US12/688,400
Publication Number

US 20100205675A1
Time in Patent Office

1,005 Days
Field of Search

None
US Class Current

370/254
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/1433 Vulnerability analysis

Systems and methods for modifying network map attributes

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

217 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for modifying network map attributes

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

217 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links