Browse Prior Art Database

Business Method of Using Host Based Health Checking and Vulnerability Mitigation Disclosure Number: IPCOM000015506D
Original Publication Date: 2002-Jan-12
Included in the Prior Art Database: 2003-Jun-20

Publishing Venue



This disclosure defines the business method for a service offering that uses Host Based Health Checking in web hosting environments. In a Web Hosting environment, there exists different security zones depending on the proximity of each to the Internet. Each zone can be defined and represented by green, yellow, or red colors based on the risk each poses for systems residing in them. For example, systems close to the Internet reside in a red zone and have a higher security risk. As systems, depending on their function, reside (logically) further from the internet in the Web hosting environments more protection and safeguards are in place thereby having less security risks associated with them. These system are designated to be in Yellow or Green zones. Current hosting architectures exhibit these structures as shown in figure 1. Note that although 3 zones are shown, additional zones which represent combinations or subsets of the shown zones can be shown. "3" is not a magic number. In figure 1, zones are interconnected at connection points. The nature of the connection points are typically firewalls, routers or load balancers. To afford protection in this environment, host based vulnerability protection is available and used. There are multiple products available to utilize for this function, and for the purpose of this disclosure are termed Host Based Health Checking. Host Based Health Checking performs the following generic checks: Account Integrity, Account information, File Attributes, File Find, Password Strength, Network Integrity, Object Integrity, Startup Files, User Files. This is not a complete list, but a sample list of general health checking checks. These checks are not meant to be an all inclusive list since they are dependent on the application. They are also not intended to limit the scope, but only used to better illustrate the type of checks used in a health checking application.