WO2001091363A1 - Network security system and method to proactively establish and maintain consistent security posture across all enterprise computing assets - Google Patents

Network security system and method to proactively establish and maintain consistent security posture across all enterprise computing assets Download PDF

Info

Publication number
WO2001091363A1
WO2001091363A1 PCT/US2001/015319 US0115319W WO0191363A1 WO 2001091363 A1 WO2001091363 A1 WO 2001091363A1 US 0115319 W US0115319 W US 0115319W WO 0191363 A1 WO0191363 A1 WO 0191363A1
Authority
WO
WIPO (PCT)
Prior art keywords
binary vector
steps
security
server process
network
Prior art date
Application number
PCT/US2001/015319
Other languages
French (fr)
Inventor
Bruce Victor Hartley
Anthony Darwin Locke
Original Assignee
E-Business Technology, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by E-Business Technology, Inc. filed Critical E-Business Technology, Inc.
Priority to AU2001264583A priority Critical patent/AU2001264583A1/en
Publication of WO2001091363A1 publication Critical patent/WO2001091363A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Definitions

  • the present invention relates generally to the field of computer networks and more particularly to a network security system and method.
  • Computer networks employ a variety of devices and systems to protect the network from unauthorized intrusion. Some of these devices and systems include firewalls, virtual private networks and access codes. However, it has been found that most computer networks can be penetrated due to a weak link in the network. Typically the weak link is not adhering to previously established security policies. Thus there exists a need for a network security system and method that proactively establishes and maintains a consistent security posture across all enterprise computing assets. Brief Description of the Drawings
  • FIG. 1 is a block diagram of a network security system in accordance with one embodiment of the invention
  • FIG. 2 is a block diagram of a network security system in accordance with one embodiment of the invention
  • FIG. 3 is a diagram of a binary vector packet in accordance with one embodiment of the invention
  • FIG. 3A is another diagram of the binary vector packet in accordance with one embodiment of the invention
  • FIG. 4 is a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention
  • FIG. 5 is a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention
  • FIGs. 6-8 are a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention.
  • a network security system has a plurality of agent processes installed on a plurality of network devices. Each of the plurality of agent processes generates a binary vector.
  • a server process receives the binary vector and compares the binary vector against a predefined binary vector.
  • a control panel is connected to the server process.
  • the binary vector defines the security state of the device on which the agent is installed. The server process is able to do a simple compare against the required security setup to determine if any device on the network is not complying with the security requirements .
  • FIG. 1 is a block diagram of a network security system 10 in accordance with one embodiment of the invention.
  • a plurality of agent processes 14 are installed on a plurality of network devices. Each of the plurality of agent processes 14 generate a binary vector 16.
  • a server process 18 receives the binary vectors 16 and compares the binary vector 16 to a predefined binary vector 20.
  • a control panel 22 is connected to the server process 18. The control panel 22 displays a user interface that shows errors (security lapses) and the general state of the network.
  • each of the plurality of agent processes queries a security state (configuration) of one of the plurality of network devices.
  • the predefined binary vector 20 is stored on a database having a set of predefined security policy templates that may be applied to specific network devices.
  • a user may customize a template and generate a superset of templates that can be applied to specific network devices.
  • the original policy templates may be read-only and are default policies. Policy templates are numbered and assigned to specific network devices.
  • FIG. 2 is a block diagram of a network security system 30 in accordance with one embodiment of the invention.
  • a node or device 32 runs an agent software component 34.
  • the agent software component 34 generates a binary vector that is encapsulated in TCP/IP (Transport Control Protocol/Internet Protocol) packet by a TCP/IP stack 36.
  • the binary vector is encrypted using the public key 38 of the control panel application.
  • the packet is transmitted over a network (local or wide area) 40 to the control panel 42.
  • a TCP/IP stack 44 of the control panel 42 removes the TCP/IP information.
  • the remaining binary vector is then decrypted using the control panel's private key.
  • the binary vector is passed to the server process 46.
  • the server process 46 talks with a common information model (repository) 48 that has standard binary vector appropriate for the particular agent. This allows the server process 46 to perform compares between the security standard and the actual security setup.
  • the server process also communicates with a control panel GUI (graphical User Interface) 50 and generates system reports 52.
  • the server process 46 is a rules driven software component and is highly configurable. For instance, if after masking the binary vectors there are discrepancies, a number of actions may occur, depending on the configuration of the server process. The actions may include generating a report, generating an alarm condition or just being stored in a time/date stamped results file for later review and analysis.
  • FIG. 3 is a diagram of a binary vector packet 60 in accordance with one embodiment of the invention.
  • the binary vector packet 60 includes an IP header 62 and an IP trailer 64. Enclosed in the header 62 and the trailer 64 is a complete binary vector 66 (IP data payload).
  • the complete binary vector 66 includes a binary vector header 68.
  • the binary vector header includes: a device ID 70; a customer ID 72; an address 74 and a header checksum 76.
  • the device ID 70 uniquely defines the target (agent) system.
  • the customer ID 72 uniquely defines a customer of enterprise. This allows the system to support multiple customers in a service bureau type environment.
  • the address 74 may be the device address, MAC (medium access control) address or other address component.
  • the checksum 76 is a standard checksum for the binary vector header. Outside of the binary vector header 68 is a policy number 78.
  • the policy number 78 contains a reference to a stored security policy template used for masking of binary vectors.
  • a time and date stamp field 80 is included in the binary vector.
  • a control field 82 is used to convey control information to a server or to an agent. For instance, the control field can be setup to let the agent know that the message contains a policy update or to request that the agent immediately compute and send a new binary vector message to the server.
  • a binary vector payload 84 carries the calculated an encoded information which represents the actual configuration of the device/node operating the agent system.
  • a CRC field 86 is used as an error checking device for the complete binary vector 66. The binary vector includes two data integrity checks, the header checksum 76 and the CRC 86. This ensures that no one has tampered with the binary vector.
  • FIG. 3A is another diagram of the binary vector packet (IP packet) 60 in accordance with one embodiment of the invention. This figure shows more of the details of the binary vector payload 84.
  • a portion 88 of the binary vector payload 84 deals with passwords.
  • a password enabled bit 89 shows whether the security state of the network device requires a password.
  • a minimum password bit 90 shows whether the security state of the network device requires a password of at least X characters in length.
  • a password history invoked bit 91 shows whether the network device logs the password history.
  • a password uniqueness bit 92 shows whether the security state of the network device requires the password be unique when a new password is required.
  • Another portion 93 of the binary vector payload 84 deals with audits 93.
  • FIG. 4 is a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention. The process starts, step 100, by periodically polling a security configuration of a network device to form a binary vector at step 102.
  • the binary vector is compared to a predefined binary vector at step 104.
  • an error message is generated which ends the process at step 108.
  • the error message is stored in a report.
  • a network device security status is stored in a report.
  • the server receives a new security policy and generates a control message to an agent process.
  • the control message is transmitted to the agent process on the network device.
  • the agent process generates a new binary vector and sends it to server process for analysis.
  • the agent process then updates a security configuration at the network device.
  • the server process generates a security configuration request message.
  • the agent process receives the message and determined a security configuration of a network device.
  • the agent process then generates a binary vector and transmits the binary vector to the server process.
  • the binary vector is encrypted at the agent process to form an encrypted binary vector.
  • the encrypted binary vector is transmitted to the server process.
  • a bit of the binary vector is set based on a minimum password length.
  • FIG. 5 is a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention.
  • the process starts, step 120, by receiving a plurality of binary vectors at a server process that are from a plurality of agent processes at step 122.
  • Each of the plurality of binary vectors are compared to a predefined binary vector to form a plurality of results at step 124.
  • a report is generated that contains the plurality of results which ends the process at step 128.
  • an alarm is sent to a user interface.
  • a security configuration of a network device is queried by one of the plurality of agent processes.
  • the agent process performs a plurality of test on the network device to determine the security state of the network device.
  • a binary vector payload is generated based on the security configuration.
  • a data integrity indicator is generated and inserted into one of the plurality of binary vectors.
  • the complete binary vector is encrypted to form an encrypted binary vector.
  • FIGs. 6-8 are a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention.
  • the process starts by an agent generating a binary vector at step 150.
  • An agent assembles a header and generates a header checksum at step 152.
  • the agent then appends the policy number and time/date stamp to the message at step 154.
  • the agent then calculates a CRC-32 value and appends it to the message at step 156.
  • the agent encrypts the message and passes the payload to communication process at step 158.
  • the communication process generates an IP message and inserts the binary vector payload at step 160.
  • the communication process transmits the IP message to a target host at step 162.
  • the host receives the message and validates the IP packet at step 164.
  • the host decrypts the payload using the private key at step 166. If the decrypt is good, the CRC-32 is recomputed and compared against the message at step 168. If the CRC-32 check is good, the header checksum is calculated and compared at step 170. If the checksum is good, the binary vector is extracted and masked against a standard at step 172. The results are evaluated and stored in a database. Events and reports are sent to the GUI (Graphical User Interface).
  • GUI Graphic User Interface

Abstract

A network security system (10) has a plurality of agent processes (14) installed on a plurality of network devices. Each of the plurality of agent processes (14) generates a binary vector (16). A server process (18) receives the binary vector (16) and compares the binary vector (16) against a predefined binary vector (20). A control panel (22) is connected to the server process (18).

Description

NETWORK SECURITY SYSTEM AND METHOD TO PROACTIVELY ESTABLISH AND MAINTAIN CONSISTENT SECURITY POSTURE ACROSS ALL ENTERPRISE COMPUTING ASSETS.
Field of the Invention
The present invention relates generally to the field of computer networks and more particularly to a network security system and method.
Background of the Invention
Computer networks employ a variety of devices and systems to protect the network from unauthorized intrusion. Some of these devices and systems include firewalls, virtual private networks and access codes. However, it has been found that most computer networks can be penetrated due to a weak link in the network. Typically the weak link is not adhering to previously established security policies. Thus there exists a need for a network security system and method that proactively establishes and maintains a consistent security posture across all enterprise computing assets. Brief Description of the Drawings
FIG. 1 is a block diagram of a network security system in accordance with one embodiment of the invention; FIG. 2 is a block diagram of a network security system in accordance with one embodiment of the invention; FIG. 3 is a diagram of a binary vector packet in accordance with one embodiment of the invention; FIG. 3A is another diagram of the binary vector packet in accordance with one embodiment of the invention; FIG. 4 is a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention; FIG. 5 is a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention; and FIGs. 6-8 are a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention.
Detailed Description of the Drawings
A network security system has a plurality of agent processes installed on a plurality of network devices. Each of the plurality of agent processes generates a binary vector. A server process receives the binary vector and compares the binary vector against a predefined binary vector. A control panel is connected to the server process. The binary vector defines the security state of the device on which the agent is installed. The server process is able to do a simple compare against the required security setup to determine if any device on the network is not complying with the security requirements . FIG. 1 is a block diagram of a network security system 10 in accordance with one embodiment of the invention. A plurality of agent processes 14 are installed on a plurality of network devices. Each of the plurality of agent processes 14 generate a binary vector 16. A server process 18 receives the binary vectors 16 and compares the binary vector 16 to a predefined binary vector 20. A control panel 22 is connected to the server process 18. The control panel 22 displays a user interface that shows errors (security lapses) and the general state of the network. In one embodiment each of the plurality of agent processes queries a security state (configuration) of one of the plurality of network devices. In one embodiment, the predefined binary vector 20 is stored on a database having a set of predefined security policy templates that may be applied to specific network devices. In addition, to this set of templates, a user may customize a template and generate a superset of templates that can be applied to specific network devices. The original policy templates may be read-only and are default policies. Policy templates are numbered and assigned to specific network devices. A specific policy template may be applied to multiple network devices. FIG. 2 is a block diagram of a network security system 30 in accordance with one embodiment of the invention. A node or device 32 runs an agent software component 34. The agent software component 34 generates a binary vector that is encapsulated in TCP/IP (Transport Control Protocol/Internet Protocol) packet by a TCP/IP stack 36. The binary vector is encrypted using the public key 38 of the control panel application. The packet is transmitted over a network (local or wide area) 40 to the control panel 42. A TCP/IP stack 44 of the control panel 42 removes the TCP/IP information. The remaining binary vector is then decrypted using the control panel's private key. The binary vector is passed to the server process 46. The server process 46 talks with a common information model (repository) 48 that has standard binary vector appropriate for the particular agent. This allows the server process 46 to perform compares between the security standard and the actual security setup. The server process also communicates with a control panel GUI (graphical User Interface) 50 and generates system reports 52. In one embodiment, the server process 46 is a rules driven software component and is highly configurable. For instance, if after masking the binary vectors there are discrepancies, a number of actions may occur, depending on the configuration of the server process. The actions may include generating a report, generating an alarm condition or just being stored in a time/date stamped results file for later review and analysis. FIG. 3 is a diagram of a binary vector packet 60 in accordance with one embodiment of the invention. The binary vector packet 60 includes an IP header 62 and an IP trailer 64. Enclosed in the header 62 and the trailer 64 is a complete binary vector 66 (IP data payload). The complete binary vector 66 includes a binary vector header 68. The binary vector header includes: a device ID 70; a customer ID 72; an address 74 and a header checksum 76. The device ID 70 uniquely defines the target (agent) system. The customer ID 72 uniquely defines a customer of enterprise. This allows the system to support multiple customers in a service bureau type environment. The address 74 may be the device address, MAC (medium access control) address or other address component. The checksum 76 is a standard checksum for the binary vector header. Outside of the binary vector header 68 is a policy number 78. The policy number 78 contains a reference to a stored security policy template used for masking of binary vectors. A time and date stamp field 80 is included in the binary vector. A control field 82 is used to convey control information to a server or to an agent. For instance, the control field can be setup to let the agent know that the message contains a policy update or to request that the agent immediately compute and send a new binary vector message to the server. A binary vector payload 84 carries the calculated an encoded information which represents the actual configuration of the device/node operating the agent system. A CRC field 86 is used as an error checking device for the complete binary vector 66. The binary vector includes two data integrity checks, the header checksum 76 and the CRC 86. This ensures that no one has tampered with the binary vector. In addition, the complete binary vector 66 is encrypted. FIG. 3A is another diagram of the binary vector packet (IP packet) 60 in accordance with one embodiment of the invention. This figure shows more of the details of the binary vector payload 84. A portion 88 of the binary vector payload 84 deals with passwords. A password enabled bit 89 shows whether the security state of the network device requires a password. A minimum password bit 90 shows whether the security state of the network device requires a password of at least X characters in length. A password history invoked bit 91 shows whether the network device logs the password history. A password uniqueness bit 92 shows whether the security state of the network device requires the password be unique when a new password is required. Another portion 93 of the binary vector payload 84 deals with audits 93. An audit log bit 94 shows whether the security state of the network device keeps a log of changes to the computer. A supervisor audit bit 95 shows whether the security state of the network device keeps a log of changes made by a supervisor. A file deletions bit 96 shows whether the security state of the network device keeps a log of all deleted files. Other bits may cover time and date stamps for logs, logging invalid log-in attempts and other security measures that are well know to those skilled in the art. FIG. 4 is a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention. The process starts, step 100, by periodically polling a security configuration of a network device to form a binary vector at step 102. The binary vector is compared to a predefined binary vector at step 104. When the binary vector is not equal to the predefined binary vector at step 106, an error message is generated which ends the process at step 108. The error message is stored in a report. When the binary vector is equal to the predefined binary vector, a network device security status is stored in a report. In one embodiment, the server receives a new security policy and generates a control message to an agent process. The control message is transmitted to the agent process on the network device. The agent process generates a new binary vector and sends it to server process for analysis. In one embodiment, the agent process then updates a security configuration at the network device. In another embodiment, the server process generates a security configuration request message. The agent process receives the message and determined a security configuration of a network device. The agent process then generates a binary vector and transmits the binary vector to the server process. In one embodiment, the binary vector is encrypted at the agent process to form an encrypted binary vector. The encrypted binary vector is transmitted to the server process. In one embodiment, a bit of the binary vector is set based on a minimum password length. FIG. 5 is a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention. The process starts, step 120, by receiving a plurality of binary vectors at a server process that are from a plurality of agent processes at step 122. Each of the plurality of binary vectors are compared to a predefined binary vector to form a plurality of results at step 124. At step 126 a report is generated that contains the plurality of results which ends the process at step 128. When one of the plurality of results is not equal, an alarm is sent to a user interface. In one embodiment, a security configuration of a network device is queried by one of the plurality of agent processes. In another embodiment, the agent process performs a plurality of test on the network device to determine the security state of the network device. A binary vector payload is generated based on the security configuration. In one embodiment, a data integrity indicator is generated and inserted into one of the plurality of binary vectors. In another embodiment, the complete binary vector is encrypted to form an encrypted binary vector. FIGs. 6-8 are a flow chart of the steps used in a method of operating a network security system in accordance with one embodiment of the invention. The process starts by an agent generating a binary vector at step 150. An agent assembles a header and generates a header checksum at step 152. The agent then appends the policy number and time/date stamp to the message at step 154. The agent then calculates a CRC-32 value and appends it to the message at step 156. The agent encrypts the message and passes the payload to communication process at step 158. The communication process generates an IP message and inserts the binary vector payload at step 160. The communication process transmits the IP message to a target host at step 162. The host receives the message and validates the IP packet at step 164. The host decrypts the payload using the private key at step 166. If the decrypt is good, the CRC-32 is recomputed and compared against the message at step 168. If the CRC-32 check is good, the header checksum is calculated and compared at step 170. If the checksum is good, the binary vector is extracted and masked against a standard at step 172. The results are evaluated and stored in a database. Events and reports are sent to the GUI (Graphical User Interface). Thus there has been described a system and method that proactively establishes and maintains a consistent security posture across all enterprise computing assets. This greatly reduces the chances of a security breach and simplifies the work of security system administrator. The methods described herein can be implemented as computer-readable instructions stored on a computer-readable storage medium that when executed by a computer will perform the methods described herein. While the invention has been described in conjunction with specific embodiments thereof, it is evident that many alterations, modifications, and variations will be apparent to those skilled in the art in light of the foregoing description. Accordingly, it is intended to embrace all such alterations, modifications, and variations in the appended claims.

Claims

ClaimsWhat is claimed is:
1. A network security system comprising:
a plurality of agent processes installed on a plurality of network devices, each of the plurality of agent processes generating a binary vector; a server process receiving the binary vector and comparing the binary vector against a predefined binary vector; and a control panel connected to the server process.
2. The system of claim 1, wherein each of the plurality of agent processes queries a security state of one of the plurality of network devices.
3. The system of claim 1, wherein each of the plurality of agent processes encrypts the binary vector.
4. The system of claim 1, wherein the server process sends an error message to a user interface when the binary vector does not equal the predefined binary vector.
5. The system of claim 1, wherein the binary vector includes a policy number.
6. The system of claim 5, wherein the server process selects the predefined vector based on the policy number.
7. The system of claim 1, wherein the binary vector is encapsulated in an internet protocol packet.
8. The system of claim 1, wherein the binary vector includes a time and date stamp.
9. A method of operating a network security system, comprising the steps of:
a) periodically polling a security configuration of a network device to form a binary vector; b) comparing the binary vector to a predefined binary vector; and c) when the binary vector is not equal to the predefined binary vector, generating an error message.
10. The method of claim 9, wherein step (a) further includes the steps of:
al) receiving a new security policy; a2) generating a control message at a server process; a3) transmitting the control message to an agent process on the network device; a4) updating a security configuration at the network device.
1 1. The method of claim 9, wherein step (a) further includes the steps of:
al) generating a security configuration request message at a server process; a2) receiving the security configuration request message at an agent process; a3) determining a security configuration of a network device; a4) generating the binary vector; a5) transmitting the binary vector to the server process.
12. The method of claim 9, wherein step (a) further includes the steps of:
al) encrypting the binary vector at an agent process to form an encrypted binary vector; a2) transmitting the encrypted binary vector to a server process.
13. The method of claim 9, further includes the steps of:
d) when the binary vector is equal to the predefined binary vector storing a network device security status in a report.
14. The method of claim 9, further includes the steps of:
d) storing the error message in a report.
15. The method of claim 9, wherein step (a) further includes the steps of:
al) setting a bit of a binary vector payload based on a minimum password length.
16. A method of operating a network security system, comprising the steps of:
a) receiving, at a server process, a plurality of binary vectors from a plurality of agent processes; b) comparing each of the plurality of binary vectors to a predefined binary vector to form a plurality of results; c) generating a report that contains the plurality of results.
17. The method of claim 16, wherein step (a) further includes the steps of:
al) querying a security configuration of a network device by one of the plurality of agent processes; a2) forming a binary vector payload based on the security configuration.
18. The method of claim 17, further including the steps of:
a3) generating a data integrity indicator; a4) inserting the data integrity indicator into one of the plurality of binary vectors.
19. The method of claim 18, further including the steps of:
a5) encrypting the binary vector to form an encrypted binary vector.
20. The method of claim 16, further including the steps of:
d) when one of the plurality of results is not equal, sending an alarm to a user interface.
PCT/US2001/015319 2000-05-19 2001-05-11 Network security system and method to proactively establish and maintain consistent security posture across all enterprise computing assets WO2001091363A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001264583A AU2001264583A1 (en) 2000-05-19 2001-05-11 Network security system and method to proactively establish and maintain consistent security posture across all enterprise computing assets

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US57585500A 2000-05-19 2000-05-19
US09/575,855 2000-05-19

Publications (1)

Publication Number Publication Date
WO2001091363A1 true WO2001091363A1 (en) 2001-11-29

Family

ID=24301970

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/015319 WO2001091363A1 (en) 2000-05-19 2001-05-11 Network security system and method to proactively establish and maintain consistent security posture across all enterprise computing assets

Country Status (2)

Country Link
AU (1) AU2001264583A1 (en)
WO (1) WO2001091363A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5557742A (en) * 1994-03-07 1996-09-17 Haystack Labs, Inc. Method and system for detecting intrusion into and misuse of a data processing system
US5644695A (en) * 1994-01-03 1997-07-01 International Business Machines Corporation Array combinatorial decoding with multiple error and erasure detection and location using cyclic equivalence testing
US5729425A (en) * 1995-05-22 1998-03-17 Tdk Corporation High voltage capacitor and magnetron having porcelain dielectric material
US6081899A (en) * 1998-01-09 2000-06-27 Netscape Communications Corporation Time stamp authority hierarchy protocol and associated validating system
US6212563B1 (en) * 1998-10-01 2001-04-03 3Com Corporation Method and system for setting and managing externally provided internet protocol addresses using the dynamic host configuration protocol

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5644695A (en) * 1994-01-03 1997-07-01 International Business Machines Corporation Array combinatorial decoding with multiple error and erasure detection and location using cyclic equivalence testing
US5557742A (en) * 1994-03-07 1996-09-17 Haystack Labs, Inc. Method and system for detecting intrusion into and misuse of a data processing system
US5729425A (en) * 1995-05-22 1998-03-17 Tdk Corporation High voltage capacitor and magnetron having porcelain dielectric material
US6081899A (en) * 1998-01-09 2000-06-27 Netscape Communications Corporation Time stamp authority hierarchy protocol and associated validating system
US6212563B1 (en) * 1998-10-01 2001-04-03 3Com Corporation Method and system for setting and managing externally provided internet protocol addresses using the dynamic host configuration protocol

Also Published As

Publication number Publication date
AU2001264583A1 (en) 2001-12-03

Similar Documents

Publication Publication Date Title
US6292790B1 (en) Apparatus for importing and exporting partially encrypted configuration data
US5440633A (en) Communication network access method and system
Blumenthal et al. User-based security model (USM) for version 3 of the simple network management protocol (SNMPv3)
US6044468A (en) Secure transmission using an ordinarily insecure network communication protocol such as SNMP
US6377691B1 (en) Challenge-response authentication and key exchange for a connectionless security protocol
KR100414238B1 (en) Secure network protocol system and method
EP0861541B1 (en) Root key compromise recovery
US7600255B1 (en) Preventing network denial of service attacks using an accumulated proof-of-work approach
Galvin et al. Security protocols for version 2 of the simple network management protocol (SNMPv2)
US6581093B1 (en) Policy validation in a LDAP directory
CN107122674B (en) Access method of oracle database applied to operation and maintenance auditing system
US7757276B1 (en) Method for verifying configuration changes of network devices using digital signatures
US9547860B2 (en) System for processing feedback entries received from software
CN113872940B (en) Access control method, device and equipment based on NC-Link
WO2002021283A1 (en) System and method for transmitting and storing sensitive data
CN112287312B (en) Method and system for logging in Windows operating system
CN109254893B (en) Service data auditing method, device, server and storage medium
US7386735B2 (en) Method for securing the authenticity of hardware and software in a networked system
CN112202773B (en) Computer network information security monitoring and protection system based on internet
CN113918977A (en) User information transmission device based on Internet of things and big data analysis
CN106954216B (en) Authentication method and system based on 802.1X protocol
CN109587134B (en) Method, apparatus, device and medium for secure authentication of interface bus
Hinterberger et al. Iot device identification and recognition (iotag)
WO2001091363A1 (en) Network security system and method to proactively establish and maintain consistent security posture across all enterprise computing assets
EP1396961B1 (en) Method, system and apparatus for providing authentication of data communication

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP