专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070282981A1 AGGREGATING POLICY CRITERIA PARAMETERS INTO RANGES FOR EFFICIENT NETWORK ANALYSIS 有权
标题翻译：将政策标准参数纳入有效网络分析范围
公开(公告)号：US20070282981A1
公开(公告)日：2007-12-06
申请号：US11735474
申请日：2007-04-15
申请人： Alain J. Cohen , Pradeep K. Singh , Ankit Agarwal , Venuprakash Barathan
发明人： Alain J. Cohen , Pradeep K. Singh , Ankit Agarwal , Venuprakash Barathan
IPC分类号： G06F15/16
CPC分类号： H04L47/10 , H04L41/0853 , H04L41/0893 , H04L41/5003 , H04L43/50 , H04L47/127 , H04L47/20 , H04L47/2441
摘要： A network configuration is processed to identify each policy and the criteria associated with each policy. The criteria of the policies are processed to identify a non-overlapping set of ranges of the criteria parameter, each range being associated with a particular policy or set of policies. In a preferred embodiment, the criteria include the protocol, the source and destination IP addresses, and the source and destination ports, and a default range is defined for each criteria parameter.
摘要翻译：处理网络配置以识别每个策略和与每个策略相关联的标准。处理策略的标准以识别标准参数的不重叠的范围集合，每个范围与特定策略或策略集相关联。在优选实施例中，标准包括协议，源和目的地IP地址以及源端口和目的端口，并且为每个标准参数定义默认范围。

2. 发明授权

US08898734B2 Analyzing security compliance within a network 有权
标题翻译：分析网络中的安全合规性
公开(公告)号：US08898734B2
公开(公告)日：2014-11-25
申请号：US11505171
申请日：2006-08-16
申请人： Pradeep K. Singh , Ankit Agarwal , Alain J. Cohen , Venuprakash Barathan , Vinod Jeyachandran
发明人： Pradeep K. Singh , Ankit Agarwal , Alain J. Cohen , Venuprakash Barathan , Vinod Jeyachandran
IPC分类号： H04L29/06 , H04L12/26 , H04L12/24
CPC分类号： H04L41/28 , H04L12/2697 , H04L41/0866 , H04L41/0893 , H04L41/145 , H04L41/22 , H04L43/50 , H04L63/1433 , H04L63/20
摘要： A security policy database identifies the intended security policies within a network, a traffic generator provides test traffic that is configured to test each defined security policy, and a simulator simulates the propagation of this traffic on a model of the network. The model of the network includes the configuration data associated with each device, and thus, if devices are properly configured to enforce the intended security policies, the success/failure of the simulated test traffic will conform to the intended permit/deny policy of each connection. Differences between the simulated message propagation and the intended security policies are reported to the user, and diagnostic tools are provided to facilitate identification of the device configuration data that accounts for the observed difference. Additionally, if a network's current security policy is unknown, test traffic is generated to reveal the actual policy in effect, to construct a baseline intended security policy.
摘要翻译：安全策略数据库标识网络中的预期安全策略，流量生成器提供被配置为测试每个定义的安全策略的测试流量，并且模拟器模拟该流量在网络模型上的传播。网络模型包括与每个设备相关联的配置数据，因此，如果设备被正确配置以实施预期的安全策略，则模拟测试流量的成功/失败将符合每个连接的预期允许/拒绝策略。向用户报告模拟消息传播与预期安全策略之间的差异，并提供诊断工具以便于识别出所观察到的差异的设备配置数据。此外，如果网络当前的安全策略未知，则生成测试流量以显示实际的实际策略，以构建基准预期的安全策略。

3. 发明授权

US08005945B2 Aggregating policy criteria parameters into ranges for efficient network analysis 有权
标题翻译：将策略标准参数聚合到有效网络分析的范围内
公开(公告)号：US08005945B2
公开(公告)日：2011-08-23
申请号：US11735474
申请日：2007-04-15
申请人： Alain J. Cohen , Pradeep K. Singh , Ankit Agarwal , Venuprakash Barathan
发明人： Alain J. Cohen , Pradeep K. Singh , Ankit Agarwal , Venuprakash Barathan
IPC分类号： G06F15/173 , G06F15/177
CPC分类号： H04L47/10 , H04L41/0853 , H04L41/0893 , H04L41/5003 , H04L43/50 , H04L47/127 , H04L47/20 , H04L47/2441
摘要： A network configuration is processed to identify each policy and the criteria associated with each policy. The criteria of the policies are processed to identify a non-overlapping set of ranges of the criteria parameter, each range being associated with a particular policy or set of policies. In a preferred embodiment, the criteria include the protocol, the source and destination IP addresses, and the source and destination ports, and a default range is defined for each criteria parameter.
摘要翻译：处理网络配置以识别每个策略和与每个策略相关联的标准。处理策略的标准以识别标准参数的不重叠的范围集合，每个范围与特定策略或一组策略相关联。在优选实施例中，标准包括协议，源和目的地IP地址以及源和目的地端口，并且为每个标准参数定义默认范围。

4. 发明授权

US08743742B2 System and method for modeling a system that comprises networks connected across a third party external network based on incomplete configuration data 有权
标题翻译：用于对包括基于不完整配置数据跨第三方外部网络连接的网络的系统进行建模的系统和方法
公开(公告)号：US08743742B2
公开(公告)日：2014-06-03
申请号：US13448389
申请日：2012-04-16
申请人： Pradeep K. Singh , Venuprakash Barathan
发明人： Pradeep K. Singh , Venuprakash Barathan
IPC分类号： H04L12/28 , G06F15/177
CPC分类号： H04L41/12 , H04L41/0853 , H04L41/145 , H04L41/22
摘要： The present system includes a system, method and device for inferring connectivity between network devices across a third party network. Configuration data related to the network devices is examined and configuration data about the network is inferred. The inferred configuration data may be related to a communication protocol, network bandwidth, and the like. A model representing the network is then created to indicate inferred interfaces and connections through the external network between network devices. The representation may be rendered in various forms, such as a display or data exported to another system. Various studies may also be performed using the model, such as traffic, routing, or planning studies.
摘要翻译：本系统包括用于推断跨第三方网络的网络设备之间的连接性的系统，方法和设备。检查与网络设备相关的配置数据，并推断有关网络的配置数据。所推断的配置数据可以与通信协议，网络带宽等相关。然后创建表示网络的模型，以指示通过网络设备之间的外部网络的推断的接口和连接。该表示可以以各种形式呈现，例如显示或导出到另一系统的数据。还可以使用模型进行各种研究，例如交通，路线或规划研究。

5. 发明授权

US08159971B2 System and method for inferring connectivity among network segments in the absence of configuration information 有权
标题翻译：在没有配置信息的情况下，推断网段之间的连通性的系统和方法
公开(公告)号：US08159971B2
公开(公告)日：2012-04-17
申请号：US11844765
申请日：2007-08-24
申请人： Pradeep K. Singh , Venuprakash Barathan
发明人： Pradeep K. Singh , Venuprakash Barathan
IPC分类号： H04L12/28 , G06F15/173
CPC分类号： H04L41/12 , H04L41/0853 , H04L41/145 , H04L41/22
摘要： The present system includes a system, method and device for inferring connectivity between unconnected network segments. In operation, unconnected network segments are identified. Configuration data related to the unconnected network segments may be examined to facilitate inferring configuration data for an external network connected between the unconnected network segments. The inferred configuration data may be rendered, such as exported or visualized. The inferred configuration data may be related to a communication protocol and/or may be related to network bandwidth. The examined configuration data may be captured directly from one or more of the unconnected network segments and/or may be retrieved from a configuration data file, such as a network configuration model.
摘要翻译：本系统包括用于推断未连接网段之间的连接的系统，方法和设备。在操作中，识别出未连接的网段。可以检查与未连接的网段相关的配置数据，以便于推断连接在未连接的网段之间的外部网络的配置数据。可以呈现推断的配置数据，例如导出或可视化。推断的配置数据可以与通信协议相关和/或可以与网络带宽相关。所检查的配置数据可以直接从一个或多个未连接的网段获取和/或可以从诸如网络配置模型的配置数据文件中检索。

6. 发明申请

US20080049645A1 SYSTEM AND METHOD FOR INFERRING CONNECTIVITY AMONG NETWORK SEGMENTS IN THE ABSENCE OF CONFIGURATION INFORMATION 有权
标题翻译：在配置信息不足的情况下，网络部分之间传播连接的系统和方法
公开(公告)号：US20080049645A1
公开(公告)日：2008-02-28
申请号：US11844765
申请日：2007-08-24
申请人： Pradeep K. Singh , Venuprakash Barathan
发明人： Pradeep K. Singh , Venuprakash Barathan
IPC分类号： H04L12/28
CPC分类号： H04L41/12 , H04L41/0853 , H04L41/145 , H04L41/22
摘要： The present system includes a system, method and device for inferring connectivity between unconnected network segments. In operation, unconnected network segments are identified. Configuration data related to the unconnected network segments may be examined to facilitate inferring configuration data for an external network connected between the unconnected network segments. The inferred configuration data may be rendered, such as exported or visualized. The inferred configuration data may be related to a communication protocol and/or may be related to network bandwidth. The examined configuration data may be captured directly from one or more of the unconnected network segments and/or may be retrieved from a configuration data file, such as a network configuration model.
摘要翻译：本系统包括用于推断未连接网段之间的连接的系统，方法和设备。在操作中，识别出未连接的网段。可以检查与未连接的网段相关的配置数据，以便于推断连接在未连接的网段之间的外部网络的配置数据。可以呈现推断的配置数据，例如导出或可视化。推断的配置数据可以与通信协议相关和/或可以与网络带宽相关。所检查的配置数据可以直接从一个或多个未连接的网段获取和/或可以从诸如网络配置模型的配置数据文件中检索。

7. 发明申请

US20070157286A1 Analyzing security compliance within a network 有权
标题翻译：分析网络中的安全合规性
公开(公告)号：US20070157286A1
公开(公告)日：2007-07-05
申请号：US11505171
申请日：2006-08-16
申请人： Pradeep Singh , Ankit Agarwal , Alain Cohen , Venuprakash Barathan , Vinod Jeyachandran
发明人： Pradeep Singh , Ankit Agarwal , Alain Cohen , Venuprakash Barathan , Vinod Jeyachandran
IPC分类号： H04L9/00
CPC分类号： H04L41/28 , H04L12/2697 , H04L41/0866 , H04L41/0893 , H04L41/145 , H04L41/22 , H04L43/50 , H04L63/1433 , H04L63/20
摘要： A security policy database identifies the intended security policies within a network, a traffic generator provides test traffic that is configured to test each defined security policy, and a simulator simulates the propagation of this traffic on a model of the network. The model of the network includes the configuration data associated with each device, and thus, if devices are properly configured to enforce the intended security policies, the success/failure of the simulated test traffic will conform to the intended permit/deny policy of each connection. Differences between the simulated message propagation and the intended security policies are reported to the user, and diagnostic tools are provided to facilitate identification of the device configuration data that accounts for the observed difference. Additionally, if a network's current security policy is unknown, test traffic is generated to reveal the actual policy in effect, to construct a baseline intended security policy.
摘要翻译：安全策略数据库标识网络中的预期安全策略，流量生成器提供被配置为测试每个定义的安全策略的测试流量，并且模拟器模拟该流量在网络模型上的传播。网络模型包括与每个设备相关联的配置数据，因此，如果设备被正确配置以实施预期的安全策略，则模拟测试流量的成功/失败将符合每个连接的预期允许/拒绝策略。向用户报告模拟消息传播与预期安全策略之间的差异，并提供诊断工具以便于识别出所观察到的差异的设备配置数据。此外，如果网络当前的安全策略未知，则生成测试流量以显示实际的实际策略，以构建基准预期的安全策略。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式