| 发明名称 | Assessing network and device compliance with security policies | ||
| 摘要 | All of the transit services that each device is expected to provide are determined and contrasted with the transit configuration of each device. Because the transit configuration of each device may be state-dependent, the service items within each application service are processed in sequential order. Sequences of service items are associated with connection groups, and each of the routes associated with each connection group is determined based on the sequential order of the service items. The configuration of each device along each route is processed to determine the services that will be permitted or denied, based on its current configuration. Each desired transit service item is compared to the transit configuration provided by each device to identify any inconsistencies and/or violations. | ||
| 申请公布号 | US8955032(B2) | 申请公布日期 | 2015.02.10 |
| 申请号 | US200711776721 | 申请日期 | 2007.07.12 |
| 申请人 | Riverbed Technology, Inc. | 发明人 | Agarwal Ankit;Bastin Nick;Singh Pradeep K.;Martin Seth |
| 分类号 | H04L29/00;H04L29/06 | 主分类号 | H04L29/00 |
| 代理机构 | Park, Vaughan, Fleming & Dowler LLP | 代理人 | Park, Vaughan, Fleming & Dowler LLP |
| 主权项 | 1. A method comprising: receiving, at a processing machine, a plurality of transit policies, each policy indicating whether a given service is to be allowed for two or more device groups of a network, a device group including one or more devices of the network, determining, by the processing machine, a plurality of routes among the device groups in the network, identifying, by the processing machine, interface check objects at each interface along each of the routes, comparing, by the processing machine, configuration settings at each interface check object to a corresponding transit policy of the plurality of transit policies, and identifying, by the processing machine, violations of the transit policies. | ||
| 地址 | San Francisco CA US | ||