公开(公告)号：US08433790B2

公开(公告)日：2013-04-30

申请号：US12813859

申请日：2010-06-11

申请人： Jonathan Polley ,  William Andrew Vogel, III

发明人： Jonathan Polley ,  William Andrew Vogel, III

IPC分类号： G06F15/173

CPC分类号： G06F11/3006 ,  H04L41/0893 ,  H04L41/12

摘要： A system includes a processor device. The processor device is configured to detect a physical topology of a network comprising hosts and sensors in the network. The processor device is also configured to generate a sensor policy for assignment of the sensors to network blocks of the hosts, that balances a processing load and accuracy of the sensors in the network based on physical closeness of the sensors to different divisions of hosts within a same network block.

公开(公告)号：US20110307600A1

公开(公告)日：2011-12-15

申请号：US12813859

申请日：2010-06-11

申请人： Jonathan Polley ,  William Andrew Vogel, III

发明人： Jonathan Polley ,  William Andrew Vogel, III

IPC分类号： G06F15/173

CPC分类号： G06F11/3006 ,  H04L41/0893 ,  H04L41/12

摘要： A system includes a processor device. The processor device is configured to detect a physical topology of a network comprising hosts and sensors in the network. The processor device is also configured to generate a sensor policy for assignment of the sensors to network blocks of the hosts, that balances a processing load and accuracy of the sensors in the network based on physical closeness of the sensors to different divisions of hosts within a same network block.

摘要翻译： 系统包括处理器设备。 处理器设备被配置为检测包括网络中的主机和传感器的网络的物理拓扑。 处理器设备还被配置为生成用于将传感器分配给主机的网络块的传感器策略，其基于传感器到主机内的不同分区的物理接近度来平衡网络中的传感器的处理负载和精度 相同的网络块。

公开(公告)号：US07716742B1

公开(公告)日：2010-05-11

申请号：US10843353

申请日：2004-05-12

申请人： Martin Roesch ,  William Andrew Vogel, III ,  Matt Watchinski

发明人： Martin Roesch ,  William Andrew Vogel, III ,  Matt Watchinski

IPC分类号： G06F12/14

CPC分类号： H04L67/125 ,  H04L63/1433

摘要： A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.

摘要翻译： 在网络上发送的分组被读取和解码。 通过分析解码的分组来识别网络设备及其操作系统。 如果从解码的分组识别出多于一个的操作系统，则操作系统通过比较分配给所识别的操作系统的置信度来选择。 从解码的分组或被读取，解码和分析的后续分组识别在网络设备上运行的服务。 通过读取，解码和分析多个分组来确定网络的网络拓扑。 通过读取，解码和分析多个分组来确定两个网络设备之间的流。 脆弱性分配给通过读取，解码和分析数据包识别的操作系统和服务。 在通过读取，解码和分析数据包识别的操作系统和服务上实施网络配置策略。

公开(公告)号：US07317693B1

公开(公告)日：2008-01-08

申请号：US10843376

申请日：2004-05-12

申请人： Martin Roesch ,  William Andrew Vogel, III

发明人： Martin Roesch ,  William Andrew Vogel, III

IPC分类号： H04J1/16

CPC分类号： H04L43/18 ,  H04L41/0893 ,  H04L41/12

摘要： A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.

摘要翻译： 在网络上发送的分组被读取和解码。 通过分析解码的分组来识别网络设备及其操作系统。 如果从解码的分组识别出多于一个的操作系统，则操作系统通过比较分配给所识别的操作系统的置信度来选择。 从解码的分组或被读取，解码和分析的后续分组识别在网络设备上运行的服务。 通过读取，解码和分析多个分组来确定网络的网络拓扑。 通过读取，解码和分析多个分组来确定两个网络设备之间的流。 脆弱性分配给通过读取，解码和分析数据包识别的操作系统和服务。 在通过读取，解码和分析数据包识别的操作系统和服务上实施网络配置策略。

公开(公告)号：US20100205675A1

公开(公告)日：2010-08-12

申请号：US12688400

申请日：2010-01-15

申请人： William Andrew Vogel, III ,  Dina Bruzek

发明人： William Andrew Vogel, III ,  Dina Bruzek

IPC分类号： G06F21/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F7/04

CPC分类号： H04L63/1408 ,  H04L63/1433

摘要： The disclosed systems and methods provide a user interface for modifying host configuration data that has been automatically and passively determined and for adding or modifying other parameters associated with a host. A host data table can store various parameters descriptive of a host including the applicability of specific vulnerabilities. If it is determined that one or more hosts should not be identified as associated with a specific vulnerability, a graphical user interface can be used to modify the vulnerability parameter.

摘要翻译： 所公开的系统和方法提供用于修改已被自动和被动确定的主机配置数据并用于添加或修改与主机相关联的其他参数的用户界面。 主机数据表可以存储描述主机的各种参数，包括特定漏洞的适用性。 如果确定不应将一个或多个主机识别为与特定漏洞相关联，则可以使用图形用户界面来修改漏洞参数。

公开(公告)号：US08289882B2

公开(公告)日：2012-10-16

申请号：US12688400

申请日：2010-01-15

申请人： William Andrew Vogel, III ,  Dina L. Bruzek

发明人： William Andrew Vogel, III ,  Dina L. Bruzek

IPC分类号： H04L12/28 ,  G06F15/173 ,  G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  H04W4/00

CPC分类号： H04L63/1408 ,  H04L63/1433

摘要： The disclosed systems and methods provide a user interface for modifying host configuration data that has been automatically and passively determined and for adding or modifying other parameters associated with a host. A host data table can store various parameters descriptive of a host including the applicability of specific vulnerabilities. If it is determined that one or more hosts should not be identified as associated with a specific vulnerability, a graphical user interface can be used to modify the vulnerability parameter.

摘要翻译： 所公开的系统和方法提供用于修改已被自动和被动确定的主机配置数据并用于添加或修改与主机相关联的其他参数的用户界面。 主机数据表可以存储描述主机的各种参数，包括特定漏洞的适用性。 如果确定不应将一个或多个主机识别为与特定漏洞相关联，则可以使用图形用户界面来修改漏洞参数。

公开(公告)号：US08671182B2

公开(公告)日：2014-03-11

申请号：US12820227

申请日：2010-06-22

申请人： William Andrew Vogel, III ,  Andrew Baker

发明人： William Andrew Vogel, III ,  Andrew Baker

IPC分类号： G06F15/173 ,  G06F7/00

CPC分类号： H04L63/1433 ,  H04L41/12

摘要： A system includes a processor device. The processor device is configured to receive reports of operating system identities for a single host; determine which of the operating system identities are an intersection of the reported operating system identities; and assign the intersection of the reported operating system identities as a resolved operating system identity.

摘要翻译： 系统包括处理器设备。 处理器设备被配置为接收针对单个主机的操作系统身份的报告; 确定哪个操作系统身份是报告的操作系统身份的交集; 并将所报告的操作系统身份的交集分配为解决的操作系统身份。

公开(公告)号：US20110314143A1

公开(公告)日：2011-12-22

申请号：US12820227

申请日：2010-06-22

申请人： William Andrew Vogel, III ,  Andrew Baker

发明人： William Andrew Vogel, III ,  Andrew Baker

IPC分类号： G06F15/173

CPC分类号： H04L63/1433 ,  H04L41/12

摘要： A system includes a processor device. The processor device is configured to receive reports of operating system identities for a single host; determine which of the operating system identities are an intersection of the reported operating system identities; and assign the intersection of the reported operating system identities as a resolved operating system identity.

摘要翻译： 系统包括处理器设备。 处理器设备被配置为接收针对单个主机的操作系统身份的报告; 确定哪个操作系统身份是报告的操作系统身份的交集; 并将所报告的操作系统身份的交集分配为解决的操作系统身份。