Systems and methods for automated determination of network device transiting data attributes

US 9,866,467 B1
Filed: 07/31/2017
Issued: 01/09/2018
Est. Priority Date: 09/19/2016
Status: Active Grant

First Claim

Patent Images

1. A system for determining network device transiting data attributes, the system comprising:

one or more memory devices storing instructions; and

one or more processors configured to execute the instructions to;

run a first script on all static ports of a network, wherein the first script returns parameters for the static ports;

run a second script on all known ports of the network, wherein the second script returns parameters for the known ports;

parse the returned parameters for the static ports and the returned parameters for the known ports to identify one or more identified ports of the known ports;

run a third script on the one or more identified ports, wherein the third script forces one or more denials on the one or more ports; and

determine, based on the one or more denials, network device transiting data attributes comprising allowed protocols and directionality for each of the one or more identified ports.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for determining network device transiting data attributes includes one or more memory devices storing instructions, and one or more processors configured to execute the instructions to run a first script on all static ports of a network and run a second script on all known ports of the network. The system may parse the parameters returned from the first and second scripts to identify one or more identified ports of the known ports. The system may run a third script on the one or more identified ports to force one or more denials at the identified ports. Based on the one or more denials, the system may determine network device transiting data attributes including but not limited to allowed protocols and directionality for each of the one or more identified ports.

Citations

20 Claims

1. A system for determining network device transiting data attributes, the system comprising:
- one or more memory devices storing instructions; and
  
  one or more processors configured to execute the instructions to;
  
  run a first script on all static ports of a network, wherein the first script returns parameters for the static ports;
  
  run a second script on all known ports of the network, wherein the second script returns parameters for the known ports;
  
  parse the returned parameters for the static ports and the returned parameters for the known ports to identify one or more identified ports of the known ports;
  
  run a third script on the one or more identified ports, wherein the third script forces one or more denials on the one or more ports; and
  
  determine, based on the one or more denials, network device transiting data attributes comprising allowed protocols and directionality for each of the one or more identified ports.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the first script on all static ports returns path and destination addresses for all static ports of the network.
  - 3. The system of claim 1, wherein static ports include network destinations and firewall locations of the network.
  - 4. The system of claim 1, wherein the second script on all known ports returns path and destination addresses for all ports of the network and identifies temporarily allowed sessions for each of the known ports.
  - 5. The system of claim 1, wherein the known ports of the network comprise one or more of known active, virtual, and non-active ports of the network.
  - 6. The system of claim 1, wherein parameters returned by the first script and second script include one or more of an allowed state of a static port, protocol, input interface, source protocol, source mask, source port, output interface, destination protocol, destination mask and destination port.
  - 7. The system of claim 1, wherein, for each denial, the third script returns output providing an indication of the denied network path, identification of a network location of the denial, and identification of a denied application.
  - 8. The system of claim 1, wherein the one or more identified ports are identified based on protocol and device type to target one or more of network ports and network appliances.
  - 9. The system of claim 1, wherein the one or more processors are further configured to execute the instructions to:
    - schedule run time of the first script, the second script, and the third script for timed targeting.
  - 10. The system of claim 1, wherein the one or more processors are further configured to execute the instructions to:
    - capture the allowed protocols and directionality for each of the one or more identified ports; and
      
      generate a database comprising the at least a portion of the captured allowed protocols and directionality for each of the one or more identified ports.

11. A non-transitory computer-readable medium storing instructions that, when executed by one or more processors, cause a computing device to:
- run a first script on all static ports of a network, wherein the first script returns parameters for the static ports;
  
  run a second script on all known ports of the network, wherein the second script returns parameters for the known ports;
  
  parse the returned parameters for the static ports and the returned parameters for the known ports to identify one or more identified ports of the known ports;
  
  run a third script on the one or more identified ports, wherein the third script forces one or more denials on the one or more ports; and
  
  determine, based on the one or more denials, network device transiting data attributes comprising allowed protocols and directionality for each of the one or more identified ports.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The non-transitory computer-readable medium of claim 11, wherein the first script on all static ports returns path and destination addresses for all static ports of the network.
  - 13. The non-transitory computer-readable medium of claim 11, wherein static ports include network destinations and firewall locations of the network.
  - 14. The non-transitory computer-readable medium of claim 11, wherein the second script on all known ports returns path and destination addresses for all ports of the network and identifies temporarily allowed sessions for each of the known ports.
  - 15. The non-transitory computer-readable medium of claim 11, wherein the known ports of the network comprise one or more of known active, virtual, and non-active ports of the network.
  - 16. The non-transitory computer-readable medium of claim 11, wherein parameters returned by the first script and second script include one or more of an allowed state of a static port, protocol, input interface, source protocol, source mask, source port, output interface, destination protocol, destination mask and destination port.
  - 17. The non-transitory computer-readable medium of claim 11, wherein for each denial, the third script returns output providing an indication of the denied network path, identification of a network location of the denial, and identification of a denied application.
  - 18. The non-transitory computer-readable medium of claim 11, wherein the one or more identified ports are identified based on protocol and device type to target one or more of network ports and network appliances.
  - 19. The non-transitory computer-readable medium of claim 11, further storing instructions that, when executed by one or more processors, cause the computing device to:
    - capture the allowed protocols and directionality for each of the one or more identified ports; and
      
      generate a database comprising the at least a portion of the captured allowed protocols and directionality for each of the one or more identified ports.

20. A method for network testing, comprising:
- run, via a computing device of a network, a first script on all static ports of the network, wherein the first script returns parameters for the static ports;
  
  run, via the computing device, a second script on all known ports of the network, wherein the second script returns parameters for the known ports;
  
  parse, via the computing device, the returned parameters for the static ports and the returned parameters for the known ports to identify one or more identified ports of the known ports;
  
  run, via the computing device, a third script on the one or more identified ports, wherein the third script forces one or more denials on the one or more ports; and
  
  determine, via the computing device, based on the one or more denials, network device transiting data attributes comprising allowed protocols and directionality for each of the one or more identified ports.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Barnum, Eric, Banks, Terence
Primary Examiner(s)
Tiv, Backhean

Application Number

US15/664,635
Time in Patent Office

162 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 43/18   Protocol analysers

H04L 43/50   Testing arrangements

H04L 63/0236   Filtering by address, proto...

H04L 69/24   Negotiation of communicatio...

Systems and methods for automated determination of network device transiting data attributes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for automated determination of network device transiting data attributes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links