Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method and System for effectively and efficiently applying security related hot fixes, patches and signatures in a heterogeneous network environment

IP.com Disclosure Number: IPCOM000019862D
Original Publication Date: 2003-Oct-02
Included in the Prior Art Database: 2003-Oct-02
Document File: 7 page(s) / 43K

Publishing Venue

IBM

Abstract

Method and System for efficiently and effectively applying security related hot fixes, patches and virus-signatures in a heterogeneous network environment.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 25% of the total text.

Page 1 of 7

  Method and System for effectively and efficiently applying security related hot fixes, patches and signatures in a heterogeneous network environment

Introduction

The present invention discloses a unique method by which application of security fixes, updating of virus signatures database and their subsequent verification, stopping or removing of vulnerable services and daemons, modifying the security and firewall settings of the system etc. in the network becomes extremely trivial. The disclosed method helps in the automation of the above mentioned activities. No end-user action is required for any of the tasks mentioned except in certain specific cases when a reboot of the end-user's machine is required. This can be taken care of by designing the software in such a way that the end-user is notified of the reboot and given enough time to save the work in progress.

The network administrator will have total control over both the application of the security fixes and their subsequent verification. Total control can be exercised on removing or stopping vulnerable services and daemons, modifying the security and firewall settings of the systems etc. The administrator need not be dependent on the user action. The end-user need not be even aware of these activities.

Description

In accordance with the disclosure three generic classes of vulnerability are defined
i) Operating System Vulnerabilities: Vulnerabilities specific to system libraries, system executables etc. on a particular operating system.
ii) Application Vulnerabilities: Vulnerabilities specific to applications like services or daemons.
iii) Malicious Code Vulnerabilities: Vulnerabilities like virus, trojans, worms etc.

The method is implemented in software as two independent modules which communicate with each other based on a simple communication protocol. The first module which is referred to as the admin-module is responsible for delivering necessary information to all other hosts (machines) in the network. This is installed on one of the host from which the network administrator monitors all the other hosts in the network. The second module which is installed on all the remaining hosts in the network is referred as the host-module.

Whenever a new vulnerability is reported and/or the associated remedy (fix) is made available, the network administrator creates a specially crafted message which is then broadcast/multicast (sent to all the machines in the network) by the admin-module.

The broadcast message contains essentially the type of vulnerability, the operating system(s) affected, the vulnerable application details like the service/daemon executable name and the action to perform. The action may be (but not limited to) to apply a fix or updating the virus signatures or to stop a service/daemon or to remove a service/daemon or to modify firewall rules.

The host-modules listen for this broadcast message. Each host-module on receiving the

1

Page 2 of 7

broadcast message verif...