Configuration management for network activity detectors
Abstract
Network activity detectors, such as firewalls, communicate with one another to form a Unified Threat Management System. A first network activity detector sends a request for configuration settings to a second network activity detector. The second network activity detector sends a set of configuration settings in response to the request. The configuration settings include information for detecting digital security threats and/or for responding to detected digital security threats. In this way, configuration settings are propagated from one network activity detector to another so that network activity detectors within a UTMS system are configured consistently, e.g., have up-to-date information for detecting and/or responding to digital security threats.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method of promoting security of a computer network, the method comprising:
sending, by a first network activity detector of a first device coupled with a network, a request for configuration information to a second network activity detector of a second device identified as being a source of configuration information, wherein the second device is coupled with the network, wherein the configuration information includes a set of information for detecting digital security threats, wherein the first device is separate and distinct from the second device; receiving, by the first network activity detector, the configuration information from the second network activity detector; and sending, by the first network activity detector, the configuration information to a third network activity detector of a third device, wherein the third device is separate and distinct from the first device and the second device.
2 . The method of claim 1 , wherein the request is sent using a UDP network packet.
3 . The method of claim 1 , wherein:
the configuration information sent by the first network activity detector to the third network activity detector is at least partially encrypted; and the encryption of the configuration information is based on one or more of a MAC address of the third network activity detector, a process identifier of an operating environment running on the third network activity detector, and a serial number of a processor of the third network activity detector.
4 . The method of claim 1 , further comprising creating another set of configuration information.
5 . The method of claim 1 , further comprising:
receiving, from the third network activity detector, a request for the configuration information; and
instructing, by the first network activity detector, the third network activity detector to send future requests for configuration information to a fourth network activity detector,
wherein the fourth network activity detector is different from the first network activity detector.
6 . The method of claim 5 , further comprising:
instructing, by the first network activity detector, the fourth network activity detector to respond to requests for configuration information.
7 . A non-transitory computer-readable storage medium having computer-executable instructions, wherein the computer-executable instructions, when executed by one or more computer processors, cause the one or more computer processors to promote security of a computer network, the computer-executable instructions comprising instructions for:
sending, by a first network activity detector of a first device coupled with the network, a request for configuration information to a second network activity detector of a second device identified as being a source of configuration information, wherein the second device is coupled with the network, wherein the configuration information includes a set of information for detecting digital security threats and wherein the first device is separate and distinct from the second device; receiving, from the second network activity detector, by the first network activity detector, the configuration information; and sending, by the first network activity detector, the configuration information to a third network activity detector of a third device, wherein the third device is separate and distinct from the first device and the second device.
8 . The non-transitory computer-readable storage medium of claim 7 , wherein the request is sent using a UDP network packet.
9 . The non-transitory computer-readable storage medium of claim 7 , wherein:
the configuration information sent by the first network activity detector to the third network activity detector is at least partially encrypted; and the encryption is based on one or more of a MAC address of the third network activity detector, a process identifier of an operating environment running on the third network activity detector, and a serial number of a processor of the third network activity detector.
10 . The non-transitory computer-readable storage medium of claim 7 , wherein the computer-executable instructions further comprises instructions for creating another set of configuration information.
11 . The non-transitory computer-readable storage medium of claim 7 , wherein the computer-executable instructions further comprises instructions for:
receiving, from the third network activity detector, a request for the configuration information; and instructing, by the first network activity detector, the third network activity detector to send future requests for configuration information to a fourth network activity detector, wherein the fourth network activity detector is different from the first network activity detector.
12 . The non-transitory computer-readable storage medium of claim 11 , wherein the computer-executable instructions further comprises instructions for:
instructing, by the first network activity detector, the fourth activity detector to respond to requests for configuration information.
13 . The computer-readable storage medium of claim 7 , wherein the second network activity detector is in a predefined operating mode.
14 . A first network activity detector of a first device, the first network activity detector comprising:
a network interface configured to couple with a network; and a processor configured to:
send a request for configuration information across the network to a second network activity detector of a second device identified as being a source of configuration information, wherein the configuration information includes a set of information for detecting digital security threats, and wherein the first device is separate and distinct from the second device,
receive the configuration information from the second network activity detector; and
send the configuration information to a third network activity detector of a third device, the third device being separate and distinct from the first and second devices.
15 . The first network activity detector of claim 14 , wherein the request is sent using a UDP network packet.
16 . The first network activity detector of claim 14 , wherein the network activity detector is a first network activity detector, and wherein:
the configuration information sent by the first network activity detector to the third network activity detector is at least partially encrypted; and the encryption is based on one or more of a MAC address of the third network activity detector, a process identifier of an operating environment running on the third network activity detector, and a serial number of a processor of the third network activity detector.
17 . The first network activity detector of claim 14 , wherein the processor is further configured to create another set of configuration information.
18 . The first network activity detector of claim 14 , wherein the network activity detector is a first network activity detector and the processor of the first network activity detector is further configured to:
receive, from the third network activity detector, a request for the configuration information; and instruct, by the first network activity detector, the third network activity detector to send future requests for configuration information to a fourth network activity detector, wherein the fourth network activity detector is different from the first network activity detector.
19 . The first network activity detector of claim 18 , wherein the processor is further configured to:
instruct, by the first network activity detector, the fourth activity detector to respond to requests for configuration information.
20 . The network activity detector of claim 15 , wherein the second network activity detector is in a predefined operating mode.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.