Network management

US 8,463,890 B2
Filed: 02/17/2011
Issued: 06/11/2013
Est. Priority Date: 12/07/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A network management tool configured to operate on a first computer that includes a processor and a memory, which includes a non-transitory computer readable medium, the network management tool comprising:

a network management services module configured to be provisioned into a personal computer serviced by a common gateway shared by a plurality of end user devices in a home networking environment, wherein the network management services module includes an intruder detection module configured to implement a policy for a new device discovered on a local network, wherein the discovery process is at least partially based upon a dynamic host configuration protocol (DHCP), wherein the common gateway is identified by using a request for a hyptertext transfer protocol page with intentionally incorrect security credential information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A tool for managing a computer network includes a gateway service module that identifies a gateway for a network and a network information service module. The network information service module identifies devices in the network, determines at least one property for each of the identified devices, and creates a network information data structure for storing device properties. A communication agent service module transmits at least one determined device property to other agent service modules associated with the network, receives at least one device property from another agent service module associated with the network, and provides the received at least one property device to the network information service module. A method of monitoring a computer network is also provided. The method includes identifying devices in a network, determining at least one property for each of the identified devices, receiving at least one determined device property from another device the network, and creating a network information data structure for storing the determined device properties.

Citations

20 Claims

1. A network management tool configured to operate on a first computer that includes a processor and a memory, which includes a non-transitory computer readable medium, the network management tool comprising:
- a network management services module configured to be provisioned into a personal computer serviced by a common gateway shared by a plurality of end user devices in a home networking environment, wherein the network management services module includes an intruder detection module configured to implement a policy for a new device discovered on a local network, wherein the discovery process is at least partially based upon a dynamic host configuration protocol (DHCP), wherein the common gateway is identified by using a request for a hyptertext transfer protocol page with intentionally incorrect security credential information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The network management tool of claim 1, wherein the policy designates a level of trust associated with the new device being identified as an intruder.
  - 3. The network management tool of claim 1, wherein the network management tool is further configured to provide a user interface enabling a user to classify the end user devices as intruders or trusted devices.
  - 4. The network management tool of claim 1, wherein the network management tool is further configured to generate a notification for the personal computer indicating that an intruder has joined the local network.
  - 5. The network management tool of claim 1, wherein the policy designates displaying the new device on a user interface with a different graphic if the new device is labeled as an intruder.
  - 6. The network management tool of claim 5, wherein the user interface displays a set of additional services that are used to manage the intruder.
  - 7. The network management tool of claim 1, wherein file sharing for particular devices sharing the common gateway is disabled when the new device is labeled as an intruder.
  - 8. The network management tool of claim 1, wherein networking services are disabled for the new device if it is labeled as an intruder, and wherein the networking services are enabled once a trusted device sharing the common gateway labels the intruder as trusted.
  - 9. The network management tool of claim 8, wherein disabling the network services includes denying access to network resources based on a media access control (MAC) address of the new device.
  - 10. The network management tool of claim 9, wherein the intruder detection module is further configured to configure the common gateway to deny access for the new device based on the MAC address.
  - 11. The network management tool of claim 1, wherein the common gateway includes a list of authorized MAC addresses associated with the end user devices such that if the new device is labeled as an intruder, it is denied access to networking services.

12. A method, comprising:
- discovering a new device on a local network via a network management tool to be provisioned in a personal computer serviced by a common gateway shared by a plurality of end user devices in a home networking environment, wherein the discovery process is at least partially based upon a dynamic host configuration protocol (DHCP), wherein the common gateway is identified by using a request for a hyptertext transfer protocol page with intentionally incorrect security credential information; and
  
  implementing a policy for the new device based on whether the new device is identified as an intruder.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, further comprising:
    - providing a user interface to enable a user to classify the end user devices as intruders or trusted devices; and
      
      generating a notification for the personal computer indicating that the new device has joined the local network.
  - 14. The method of claim 12, wherein the policy designates displaying the new device on a user interface with a different graphic if the new device is labeled as an intruder, and wherein the user interface displays a set of additional services that are used to manage the intruder.
  - 15. The method of claim 12, wherein file sharing for particular devices sharing the common gateway is disabled when the new device is labeled as an intruder.
  - 16. The method of claim 12, wherein networking services are disabled for the new device if it is labeled as an intruder, and wherein the networking services are enabled once a trusted device sharing the common gateway labels the intruder as trusted, and wherein disabling the network services includes denying access to network resources based on a media access control (MAC) address of the new device.

17. Logic encoded in non-transitory media that includes code for execution and when executed by a processor operable to perform operations comprising:
- discovering a new device on a local network via a network management tool to be provisioned in a personal computer serviced by a common gateway shared by a plurality of end user devices in a home networking environment, wherein the discovery process is at least partially based upon a dynamic host configuration protocol (DHCP), wherein the common gateway is identified by using a request for a hyptertext transfer protocol page with intentionally incorrect security credential information; and
  
  implementing a policy for the new device based on whether the new device is identified as an intruder.
- View Dependent Claims (18, 19, 20)
- - 18. The logic of claim 17, the operations further comprising:
    - providing a user interface to enable a user to classify the end user devices as intruders or trusted devices; and
      
      generating a notification for the personal computer indicating that the new device has joined the local network.
  - 19. The logic of claim 17, wherein the policy designates displaying the new device on a user interface with a different graphic if the new device is labeled as an intruder, and wherein the user interface displays a set of additional services that are used to manage the intruder.
  - 20. The logic of claim 17, wherein networking services are disabled for the new device if it is labeled as an intruder, and wherein the networking services are enabled once a trusted device sharing the common gateway labels the intruder as trusted, and wherein disabling the network services includes denying access to network resources based on a media access control (MAC) address of the new device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Pure Networks, LLC (Cisco Systems, Inc.)
Inventors
Bush, Steven M., Butcher, Thomas C., Tebbs, Matthew, Ferrari, Justin, Marl, Brett, Gery, Ron, Acker, Kristin, Hinds, Joshua
Primary Examiner(s)
SHAW, PELING ANDREW

Application Number

US13/029,335
Publication Number

US 20110167141A1
Time in Patent Office

845 Days
Field of Search

None
US Class Current

709/223
CPC Class Codes

H04L 12/2807   Exchanging configuration in...

H04L 41/0233   Object-oriented techniques,...

H04L 41/046   comprising network manageme...

H04L 41/0853   by actively collecting conf...

H04L 41/0893   Assignment of logical group...

H04L 41/20   Network management software...

H04L 41/22   comprising specially adapte...

H04L 41/26   using dedicated tools for L...

H04L 43/0811   by checking connectivity

Network management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links