Processing

Please wait...

Settings

Settings

Goto Application

1. WO2019212777 - AUTOMATED COMPLIANCE WITH SECURITY, AUDIT AND NETWORK CONFIGURATION POLICIES

Publication Number WO/2019/212777
Publication Date 07.11.2019
International Application No. PCT/US2019/028427
International Filing Date 22.04.2019
IPC
H04L 29/06 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
H04L 12/24 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12Data switching networks
02Details
24Arrangements for maintenance or administration
CPC
G06F 9/44505
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
445Program loading or initiating
44505Configuring for program initiating, e.g. using registry, configuration files
H04L 41/0672
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
41Arrangements for maintenance or administration or management of packet switching networks
06involving management of faults or events or alarms
0654Network fault recovery
0672by re-configuring the faulty entity
H04L 41/0859
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
41Arrangements for maintenance or administration or management of packet switching networks
08Configuration management of network or network elements
085Keeping track of network configuration
0859by keeping history of different configuration generations or versions
H04L 41/0863
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
41Arrangements for maintenance or administration or management of packet switching networks
08Configuration management of network or network elements
085Keeping track of network configuration
0863by rolling back to previous configuration versions
H04L 41/0866
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
41Arrangements for maintenance or administration or management of packet switching networks
08Configuration management of network or network elements
0866Checking configuration
H04L 63/101
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
101Access control lists [ACL]
Applicants
  • MICROSOFT TECHNOLOGY LICENSING, LLC [US]/[US]
Inventors
  • ANANDAM, Parvez
  • KORADIA, Imran S.
  • TANG, Zheng
  • MENDELSOHN, Andrew
  • GROVER, Ankush
  • ZHOU, Liyuan
  • KLASSEN, Brandon Michael
  • MALTZ, David A.
  • GREENBERG, Albert Gordon
Agents
  • MINHAS, Sandip S.
  • CHEN, Wei-Chen Nicholas
  • HINOJOSA, Brianna L.
  • HOLMES, Danielle J.
  • SWAIN, Cassandra T.
  • WONG, Thomas S.
  • CHOI, Daniel
  • HWANG, William C.
  • WIGHT, Stephen A.
  • CHATTERJEE, Aaron C.
  • JARDINE, John S.
  • GOLDSMITH, Micah P.
Priority Data
15/968,47201.05.2018US
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) AUTOMATED COMPLIANCE WITH SECURITY, AUDIT AND NETWORK CONFIGURATION POLICIES
(FR) CONFORMITÉ AUTOMATISÉE AVEC DES POLITIQUES DE SÉCURITÉ, D'AUDIT ET DE CONFIGURATION DE RÉSEAU
Abstract
(EN) Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list.
(FR) L'invention concerne des systèmes et des procédés pour faciliter une conformité automatisée avec des politiques de sécurité, d'audit et de configuration de réseau. Dans certains cas, de nouveaux fichiers de configuration d'exécution sont générés de manière itérative et comparés à un fichier de configuration de ligne de base pour déterminer s'il existe une variance de seuil entre le fichier de configuration de ligne de base et chaque nouveau fichier de configuration d'exécution distinct. Si la variance de seuil existe, des actions correctives sont déclenchées. Dans certains cas, des fichiers de configuration d'exécution sont analysés à la recherche de paramètres de configuration de liste noire. Lorsque des paramètres de configuration de liste noire sont trouvés, des actions correctives peuvent également être déclenchées. Dans certains cas, des fichiers de configuration sont nettoyés en omettant des éléments de liste noire détectés à partir des fichiers de configuration. Dans certains cas, des changements ne sont apportés aux fichiers de configuration que lorsqu'ils correspondent à des changements figurant sur une liste de changements approuvés et sont absents d'une liste d'incidents ouverts.
Related patent documents
Latest bibliographic data on file with the International Bureau