Browse Prior Art Database

Threat Level Based Proactive Protection of Computer Networks

IP.com Disclosure Number: IPCOM000029564D
Original Publication Date: 2004-Jul-07
Included in the Prior Art Database: 2004-Jul-07
Document File: 1 page(s) / 80K

Publishing Venue

IBM

Abstract

Disclosed is a system that allows proactive protection of computer networks and computer systems based on threat levels derived form the existence of a new computer worm or computer viruses in the general Internet. Upon determining from various sources that there is a new computer worm or virus spreading on the internet, a threat level is determined, and based on the threat level, routers, network filters, intrusion detection systems and virus scanners, amongst other security systems, are configured proactively to mitigate the threat.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 67% of the total text.

Page 1 of 1

Threat Level Based Proactive Protection of Computer Networks

Upon determining from various sources, (CERT( Computer Emergency Response team), other companies, news etc) that there is a new computer worm or virus spreading on the internet, a threat levels assessment is done based on the type of worm, the damage it does and the type and number of systems possibly affected. This threat level can be codified in numerical form ( 1,2,3,4,...) or in a color coded form ( red, white, yellow, green, ...). The determination of the number of threat levels is done by the user of the system. The threat levels may correspond to a specific criteria being met.
E.g. if a worm travels through e-mail Vs travels through TFTP (trivial file transfer protocol) Vs FTP ( file transfer protocol) Vs other protocols. The system ( provisioning system) examines the threat level and based on site policies, determines that the configuration of the various network elements ( e.g. routers) in the network need to be changed to restrict the type of traffic passing or examine the traffic using addition filters. It then takes provisioning actions to reconfigures the routers and other network and security devices to implement the new policies. Thus e.g. a threat level of red may signify that only e-mail and web traffic is allowed to flow through the network until all the computer systems are patched with the latest patch against a worm that travels via TFTP. While this proactive action will reduce cert...