Network management system for detecting and displaying a security hole
First Claim
Patent Images
1. A network management system for managing and operating a network having a plurality of network devices containing a computer connected therewith, comprising:
- a database for storing information relating to a physical arrangement of said network devices and a relationship of connection thereof;
a display device for displaying a drawing of a network configuration;
first detection means for detecting a security hole of the network, said security hole being selected from the group consisting of an access point with an external network, a condition of allowing access to an external network, a deviation of contents of a communication traveling on the network, network occupancy by a particularly defined user, program, or command, a security level or user right for a program or group of commands operated by a user employing a network device connected in the network, a condition of allowing access to a network device other than a computer connected in the network, a condition of allowing access to a program or command subject to a privileged user right defined by the network device, a condition of allowing access of the network device to information for setting an access condition, a security level or a user right for a program or a group of commands being operated in the network, an activation of a program or a command with a privileged user right, and an internal logical network separate from the overall network system management;
means for displaying the security hole, detected by said first detection means, on the display device, on one of a drawing of a logical network configuration and a drawing of a physical network configuration on the basis of the information stored in said database, in a display state suitable for showing contents of the security hole or an extent of significance of the security hole; and
processing means for taking a necessary measure against the security hole by consulting a security measures table.
1 Assignment
0 Petitions
Accused Products
Abstract
A network management system can detect a security hole on the network and take necessary measures against such a security hole. When the security hole is detected on the network, the security hole is displayed on a drawing of the network configuration. Further, the network management system displays the status of connection from the outside network, the contents of accesses to the computer and the network device, the status of access to the network environment maintenance file, and the status of login procedures executed with the privileged user.
103 Citations
8 Claims
-
1. A network management system for managing and operating a network having a plurality of network devices containing a computer connected therewith, comprising:
-
a database for storing information relating to a physical arrangement of said network devices and a relationship of connection thereof; a display device for displaying a drawing of a network configuration; first detection means for detecting a security hole of the network, said security hole being selected from the group consisting of an access point with an external network, a condition of allowing access to an external network, a deviation of contents of a communication traveling on the network, network occupancy by a particularly defined user, program, or command, a security level or user right for a program or group of commands operated by a user employing a network device connected in the network, a condition of allowing access to a network device other than a computer connected in the network, a condition of allowing access to a program or command subject to a privileged user right defined by the network device, a condition of allowing access of the network device to information for setting an access condition, a security level or a user right for a program or a group of commands being operated in the network, an activation of a program or a command with a privileged user right, and an internal logical network separate from the overall network system management; means for displaying the security hole, detected by said first detection means, on the display device, on one of a drawing of a logical network configuration and a drawing of a physical network configuration on the basis of the information stored in said database, in a display state suitable for showing contents of the security hole or an extent of significance of the security hole; and processing means for taking a necessary measure against the security hole by consulting a security measures table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification