System and method for maintaining server data integrity
First Claim
1. A system comprising:
- a repository interface operative to make a copy of an original object and to store the object copy in a safe object storage;
a monitor agent configured to operate in a detection mode selected from a group consisting of real time detection, mixed mode detection, and polling interval detection;
the monitor agent further configured to monitor the original object to detect a change in real time, by comparing a physical attribute of the original object and a digital signature of the original object, with a physical attribute of the object copy and a digital signature of the object copy;
the monitor agent further configured to send a notification to the repository interface when the change is detected; and
wherein said repository interface is further operative to receive the notification from the monitor agent interface, determine that the change to the original object was unauthorized, quarantine in real time the changed original object for prospective analysis, and restore the object copy from the safe object storage in real time.
1 Assignment
0 Petitions
Accused Products
Abstract
The System Integrity Guardian can protect any type of object and repairs and restores the system back to its original state of integrity. The Client component is the user interface for administering the System Integrity Guardian environment. An administrator can determine which servers to protect, which objects to protect, and what actions will be taken when an event that breaches integrity occurs. The Monitor Agent component is the watchdog of the System Integrity Guardian that captures and addresses any event that occurs on any object being protected. The Server component includes the server and the Protected Object Central Repository. The authoritative copies are maintained, digital signatures are created and stored, objects are validated, and communication between the three units is performed.
15 Citations
20 Claims
-
1. A system comprising:
-
a repository interface operative to make a copy of an original object and to store the object copy in a safe object storage; a monitor agent configured to operate in a detection mode selected from a group consisting of real time detection, mixed mode detection, and polling interval detection; the monitor agent further configured to monitor the original object to detect a change in real time, by comparing a physical attribute of the original object and a digital signature of the original object, with a physical attribute of the object copy and a digital signature of the object copy; the monitor agent further configured to send a notification to the repository interface when the change is detected; and wherein said repository interface is further operative to receive the notification from the monitor agent interface, determine that the change to the original object was unauthorized, quarantine in real time the changed original object for prospective analysis, and restore the object copy from the safe object storage in real time. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
receiving a selection of at least one object to be protected; generating a baseline copy of the object and storing the baseline copy in a safe object storage; monitoring the object, using a monitoring method selected from a group consisting of real time detection, mixed mode detection, and polling interval detection; detecting an unauthorized modification to the object in real time, by comparing a physical attribute of the original object and a digital signature of the original object, with a physical attribute of the baseline copy and a digital signature of the baseline copy; quarantining, in real time, the modified object for prospective analysis; retrieving the baseline copy of the object from the safe object storage when the unauthorized modification is detected; and replacing the modified object with the baseline copy of the object in real time. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
storing in a safe object storage a copy of a plurality of objects from at least one directory to be protected; detecting a modification to the directory using a detection method selected from a group consisting of real time detection, mixed mode detection, and polling interval detection; the modification being a change in a physical attribute of the each of the plurality of objects and a digital signature of the each of the plurality of objects, compared with a physical attribute of the corresponding safe object copy and a digital signature of the corresponding safe object copy; quarantining, in real time, each of the plurality of modified objects, for prospective analysis; determining if the modification was made to one of the objects stored in the safe object storage, and if so, restoring the copy of the corresponding object from the safe object storage in real time; and determining if the modification included adding a new file to the directory that is not stored in the safe object storage, and if so, deleting the added file from the directory. - View Dependent Claims (19, 20)
-
Specification