Methods, communication networks, and computer program products for monitoring, examining, and/or blocking traffic associated with a network element based on whether the network element can be trusted
First Claim
Patent Images
1. A method of operating a communication network, comprising:
- determining whether a network element can be trusted, wherein determining whether a network element can be trusted comprises;
generating a first hash value based on data associated with the network element wherein the first hash value is based on a configuration of the network element at a first time and the first hash value is an acceptable result for the configuration of the network element;
generating a second hash value based on the data associated with the network element wherein the second hash value is based on a configuration of the network element at a second time different than the first time;
comparing the first hash value with the second hash value to determine whether the network element can be trusted based on whether a change has occurred in the configuration of the network between the first time and the second time;
monitoring traffic associated with the network element based on whether the network element can be trusted; and
selecting some of the traffic that was monitored to be blocked based on the degree of trust for the network element;
wherein monitoring traffic comprises;
monitoring the traffic using rules to determine if the traffic contains unexpected information based on the degree of trust for the network element;
providing results with respect to whether the traffic contains unexpected information to a human expert interface based on the degree of trust for the network element;
selecting traffic for monitoring using rules that are based on network element trust information; and
selecting some of the traffic that was monitored for examination based on a degree of trust for the network element;
wherein monitoring traffic further comprises;
specifying the traffic to be monitored based on traffic classification;
examining the traffic that was monitored and was selected using rules using a level of examination selected from a plurality of levels of examination to determine whether the traffic contains unexpected information based on the degree of trust for the network element; and
providing results with respect to whether the traffic that was monitored and was selected using rules contains unexpected information to the human expert interface based on the degree of trust for the network element;
wherein the level of examination of the traffic that was monitored and was selected using rules is based on the degree of trust for the network element.
2 Assignments
0 Petitions
Accused Products
Abstract
A communication network is operated by determining whether a network element can be trusted and monitoring traffic associated with the network element based on whether the network element can be trusted. At least some of the monitored traffic may be selected for examination based on the degree of trust for the network element. At least some of the monitored and/or examined traffic is selected to be blocked based on the degree of trust for the network element.
20 Citations
15 Claims
-
1. A method of operating a communication network, comprising:
-
determining whether a network element can be trusted, wherein determining whether a network element can be trusted comprises; generating a first hash value based on data associated with the network element wherein the first hash value is based on a configuration of the network element at a first time and the first hash value is an acceptable result for the configuration of the network element; generating a second hash value based on the data associated with the network element wherein the second hash value is based on a configuration of the network element at a second time different than the first time; comparing the first hash value with the second hash value to determine whether the network element can be trusted based on whether a change has occurred in the configuration of the network between the first time and the second time; monitoring traffic associated with the network element based on whether the network element can be trusted; and selecting some of the traffic that was monitored to be blocked based on the degree of trust for the network element; wherein monitoring traffic comprises; monitoring the traffic using rules to determine if the traffic contains unexpected information based on the degree of trust for the network element; providing results with respect to whether the traffic contains unexpected information to a human expert interface based on the degree of trust for the network element; selecting traffic for monitoring using rules that are based on network element trust information; and selecting some of the traffic that was monitored for examination based on a degree of trust for the network element; wherein monitoring traffic further comprises; specifying the traffic to be monitored based on traffic classification; examining the traffic that was monitored and was selected using rules using a level of examination selected from a plurality of levels of examination to determine whether the traffic contains unexpected information based on the degree of trust for the network element; and providing results with respect to whether the traffic that was monitored and was selected using rules contains unexpected information to the human expert interface based on the degree of trust for the network element; wherein the level of examination of the traffic that was monitored and was selected using rules is based on the degree of trust for the network element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising:
-
a processor; and a memory coupled to the processor and comprising computer readable program code embodied in the memory that when executed by the processor causes the processor to perform operations comprising; generating a first hash value based on data associated with the network element wherein the first hash value is based on a configuration of the network element at a first time and the first hash value is an acceptable result for the configuration of the network element; generating a second hash value based on the data associated with the network element wherein the second hash value is based on a configuration of the network element at a second time different than the first time; comparing the first hash value with the second hash value to determine whether the network element can be trusted based on whether a change has occurred in the configuration of the network between the first time and the second time; monitoring traffic associated with the network element based on whether the network element can be trusted; and selecting some of the traffic that was monitored to be blocked based on the degree of trust for the network element; wherein monitoring traffic comprises; monitoring the traffic using rules to determine if the traffic contains unexpected information based on the degree of trust for the network element; providing results with respect to whether the traffic contains unexpected information to a human expert interface based on the degree of trust for the network element; selecting traffic for monitoring using rules that are based on network element trust information; and selecting some of the traffic that was monitored for examination based on a degree of trust for the network element; wherein monitoring traffic further comprises; specifying the traffic to be monitored based on traffic classification; examining the traffic that was monitored and was selected using rules using a level of examination selected from a plurality of levels of examination to determine whether the traffic contains unexpected information based on the degree of trust for the network element; and providing results with respect to whether the traffic that was monitored and was selected using rules contains unexpected information to the human expert interface based on the degree of trust for the network element; wherein the level of examination of the traffic that was monitored and was selected using rules is based on the degree of trust for the network element. - View Dependent Claims (12, 13, 14, 15)
-
Specification