IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8898734 B1

PDFFull Text
Date of Patent:
Nov. 25, 2014

Filed:

Aug. 16, 2006

Analyzing security compliance within a network

Applicants:

Pradeep K. Singh, Arlington, VA (US);

Ankit Agarwal, Bethesda, MD (US);

Alain J. Cohen, Washington, DC (US);

Venuprakash Barathan, Chevy Chase, MD (US);

Vinod Jeyachandran, Rockville, MD (US);

Inventors:

Pradeep K. Singh, Arlington, VA (US);

Ankit Agarwal, Bethesda, MD (US);

Alain J. Cohen, Washington, DC (US);

Venuprakash Barathan, Chevy Chase, MD (US);

Vinod Jeyachandran, Rockville, MD (US);

Assignee:

Riverbed Technology, Inc., San Francisco, CA (US);

Attorney:

Park, Vaughan, Fleming & Dowler LLP

Primary Examiner:

Eleni Shiferaw

Assistant Examiner:

Paul Callahan

Int. Cl.
CPC ...
H04L 29/06 (2006.01); H04L 12/26 (2006.01); H04L 12/24 (2006.01);
U.S. Cl.
CPC ...
H04L 41/28 (2013.01); H04L 63/1433 (2013.01); H04L 12/2697 (2013.01); H04L 63/20 (2013.01); H04L 41/22 (2013.01); H04L 43/50 (2013.01); H04L 41/0893 (2013.01); H04L 41/0866 (2013.01); H04L 41/145 (2013.01);
Abstract

A security policy database identifies the intended security policies within a network, a traffic generator provides test traffic that is configured to test each defined security policy, and a simulator simulates the propagation of this traffic on a model of the network. The model of the network includes the configuration data associated with each device, and thus, if devices are properly configured to enforce the intended security policies, the success/failure of the simulated test traffic will conform to the intended permit/deny policy of each connection. Differences between the simulated message propagation and the intended security policies are reported to the user, and diagnostic tools are provided to facilitate identification of the device configuration data that accounts for the observed difference. Additionally, if a network's current security policy is unknown, test traffic is generated to reveal the actual policy in effect, to construct a baseline intended security policy.

Find Patent Forward Citations

Loading…