1. Field of the Invention
The present invention generally relates to electronic devices having factory default settings and, more particularly, to an apparatus and method for automatically detecting and indicating a mis-configuration condition in an electronic device having one or more factory-default settings.
2. Background of the Invention
Many electronic devices such as communication and/or multimedia devices are pre-configured with factory set defaults. Such devices include, but are not limited to, network equipment such as routers, Access Points (including Wireless Access Points (WAPs)), and so forth. For example, a WAP is set to have a default channel, a default network name and a default encryption setting.
These default settings allow the device to be functioning in at least a basic mode. In many cases, the user of the device does not bother to change these default values. This can be acceptable in some cases relating to certain types of devices (e.g., televisions), but for some other devices like APs, this is not acceptable. In many APs, security is disabled by default. If the user does not configure the AP to enable security, all the data is sent unencrypted. As a result, any malicious user can snoop the data. In a corporate environment, this problem is even more acute because confidential data can be involved. Moreover, if multiple APs are located in geographically close locations, they can interfere with each other if the default channel setting is not changed. Thus, some of the parameters of these devices are critical and should be changed by the user/administrator. However, although most of the devices come with factory defaults, none of these devices provide a mechanism to alert the user/administrator that the default settings are in use and can be potentially risky to employ.
Accordingly, it would be desirable and highly advantageous to have an apparatus and/or method that overcome the above-identified deficiencies of the prior art.
The problems stated above, as well as other related problems of the prior art, are solved by the present invention, which is directed to an apparatus and method for automatically detecting and indicating a mis-configuration condition in an electronic device having one or more factory-default settings.
The present invention provides an apparatus and method that detect if an electronic device is configured with factory default settings and to provide an indication of the same, if the device is so configured. The indication can be provided, for example, using a visual indication including, but not limited to, changing a visible color, sending a message to a management/administrative entity via email, employing cellular text messaging service, and so forth. It is to be appreciated that the present invention can be implemented to automatically detect any kind of mis-configuration and alert a user/administrator about the same.
According to an aspect of the present invention, there is provided a method for automatically detecting and indicating a mis-configuration condition in an electronic device having one or more factory-default settings. At least one mis-configuration rule is received that relates to at least one mis-configuration condition of the electronic device. The at least one mis-configuration rule is checked against at least one corresponding current configuration setting to determine whether the electronic device is mis-configured. A mis-configuration alert is provided with respect to the electronic device, when the electronic device is determined to be mis-configured in said checking step.
According to another aspect of the present invention, there is provided an apparatus for automatically detecting and indicating a mis-configuration condition in an electronic device having one or more factory-default settings. A memory device stores at least one mis-configuration rule and at least one corresponding current configuration setting, the at least one mis-configuration rule relating to at least one mis-configuration condition of the electronic device. Rule checking circuitry checks the at least one mis-configuration rule against the at least one corresponding current configuration setting to determine whether the electronic device is mis-configured. A mis-configuration indicator provides a mis-configuration alert when the electronic device is determined to be mis-configured by the rule checking circuitry.
According to yet another aspect of the present invention, there is provided a method for automatically detecting and indicating a mis-configuration condition in an electronic device having one or more factory-default settings. At least one mis-configuration rule is received that relates to a security feature of the electronic device. The at least one mis-configuration rule is checked against at least one corresponding current configuration setting to determine whether the security feature is one of disabled and at a default setting. A mis-configuration alert is provided with respect to the electronic device, when the security feature is determined to be one of disabled and at the default setting in said checking step.
These and other aspects, features and advantages of the present invention will become apparent from the following detailed description of preferred embodiments, which is to be read in connection with the accompanying drawings.
The present invention is directed to an apparatus and method for automatically detecting and indicating a mis-configuration condition in an electronic device having one or more factory-default settings.
It is to be understood that the present invention can be implemented in various forms of hardware, software, firmware, special purpose processors, or a combination thereof. Preferably, the present invention is implemented as a combination of hardware and software. Moreover, the software is preferably implemented as an application program tangibly embodied on a program storage device. The application program can be uploaded to, and executed by, a machine comprising any suitable architecture. Preferably, the machine is implemented on a computer platform having hardware such as one or more central processing units (CPU), a random access memory (RAM), and input/output (I/O) interface(s). The computer platform also includes an operating system and microinstruction code. The various processes and functions described herein can either be part of the microinstruction code or part of the application program (or a combination thereof) that is executed via the operating system. In addition, various other peripheral devices can be connected to the computer platform such as an additional data storage device and a printing device.
It is to be further understood that, because some of the constituent system components and method steps depicted in the accompanying Figures are preferably implemented in software, the actual connections between the system components (or the process steps) can differ depending upon the manner in which the present invention is programmed. Given the teachings herein, one of ordinary skill in the related art will be able to contemplate these and similar implementations or configurations of the present invention.
The apparatus 100 includes a user/administrator interface (hereinafter “interface”) 105, a memory device 110, a processor 120, a mis-configuration indicator 130, and a communication device 140, all interconnected via a bus 150. The bus 150, in addition to interconnecting the preceding elements, also serves as an interface to the electronic device 199 and to other external components (not shown). The interface 105 is for inputting information into the apparatus 100. Such information can include, but is not limited to, one or more mis-configuration rules. The mis-configuration rules specify one or more mis-configuration conditions of the electronic device 199.
The memory device 110 is preferably a non-volatile memory device. The memory device 110 preferably includes a default area 110A and a user area 110B. The default area 110A of the non-volatile memory 110 stores the factory default settings. If necessary or desired, a user or an administrator (hereinafter collectively referred to as “administrator”) 188 can always re-apply one or more of the factory-default settings to the electronic device 199. For example, the factory default settings can be re-applied to the electronic device 199 through some mechanism such as, but not limited to, pressing a “restore” button. Examples of some factory-default settings, for example, for a wireless AP, include, but are not limited to:
The user area 110B is accessible for writing thereto. The administrator 188 can choose his/her own values for various settings/parameters. For example, for a wireless AP, some of these parameters could be set as follows:
The processor 120 performs functions as specified herein. Such functions include, but are not limited to, checking mis-configuration rules stored in the memory device 110 against corresponding current configuration settings to determine whether the electronic device is mis-configured. As noted above, the mis-configuration rules specify one or more mis-configuration conditions of the electronic device 199. It is to be appreciated that while the apparatus 100 is described to include a processor 120, other circuitry such as comparators, logic gates, Application Specific Integrated Circuits (ASICs), Programmable Logic Arrays (PLAs), and so forth can be employed to perform the method steps described herein. The processor 120 and the other circuitry can also be interchangeably referred to herein as “rule checking circuitry”.
The mis-configuration indicator 140 provides an indication to the administrator 188 that the electronic device is mis-configured. The indication can be provided visually, audibly, or using any other methodology or structure to provide such indication. For example, one or more speakers, Light Emitting Diodes (LEDs) or other visual indicators can be employed, while maintaining the spirit of the present invention. Of course, the present invention is not limited to the preceding types of indicators and, thus, other types of indicators can also be employed while maintaining the spirit of the present invention. It is to be appreciated that while the mis-configuration indicator 140 is shown in
The communication device 130 allows for communication between the electronic device 199 and the administrator 188 who can configure the electronic device 199 correctly. Accordingly, if the administrator 188 is in a location remote from the apparatus 100 and the electronic device 199, the administrator 188 can still nonetheless receive an indication that the electronic device 199 is mis-configured. The communication device 130 can be, for example, but is not limited to a modem, a transmitter, and so forth. In this way, for example, the modem can be used to dial a telephone, beeper, Personal Digital Assistant (PDA) and/or other device (collectively referred to as “mis-configuration alert remote receiving device” 187) that is local to the administrator 188.
Moreover, it is to be appreciated that while the apparatus 100 is described as including the preceding-identified elements, one or more of such elements can already be included in the electronic device and, thus, can be utilized as described herein in accordance with the present invention to avoid duplicity of parts while maintaining the spirit of the present invention.
Additionally, it is to be appreciated that while the apparatus 100 is shown as being within electronic device 199, the entire apparatus 100 or any parts thereof can be located external to the electronic device 199, while maintaining the spirit of the present invention.
Further, it is to be appreciated that, given the teachings of the present invention provided herein, one of ordinary skill in the related art will contemplate these and various other elements for performing the steps described herein, while maintaining the spirit of the present invention.
At least one rule (hereinafter “rules”) for determining whether or not the electronic device 199 is mis-configured is received, for example, via the interface 105 (step 205). It is to be appreciated that the rules can also be received from a remote location via the communication device 130. The rules can also be pre-loaded upon construction of the electronic device 199. It is to be further appreciated that the rules can be set statically or can be dynamically configured by the administrator 188 via, for example, the interface 105 and/or the communication device 130. The rules can be complex and specific, for example, particularly describing the preferred settings. Alternatively, the rules can be simple and can simply determine whether some or all of the currently set parameters/settings are the same as the corresponding factory default settings (particularly security related settings).
At a random or pre-determined time or with respect to some event (e.g., the device is powered on, etc.), the rules are checked against the current configuration to determine whether or not any of the rules have been violated (i.e., to determine whether the electronic device 199 is mis-configured as specified in the rules) (step 210). In one embodiment of the present invention, wherein the rule is that “the configuration in use should not be exactly the same as the default factory setting”, the apparatus 100 compares one or more factory-default settings to one or more corresponding current configuration settings to determine if there is a match (step 210a). The actual settings that are compared can include “critical settings” in that their mis-configuration can pose security or other undesirable risks to the device and the information communicated therewith.
It is to be appreciated that, in addition to or in place of having step 210 automatically performed to determine whether the electronic device 199 is mis-configured, the administrator 188 can query the electronic device 199 to determine whether or not the electronic device 199 is mis-configured (e.g., configured with one or more factory default settings). In such a case, a user and/or administrator generated query is received regarding whether the electronic device 199 is mis-configured (step 208). In such a case, a mechanism (such as, e.g., interface 105) for performing the query of step 208 can be provided on the apparatus 100 and/or the electronic device 199. For example, in the case of a wireless AP, an SNMP (Simple Network Management Protocol) Interface can be provided on the apparatus 100 and/or the electronic device 199 to perform the query.
If, in fact, one or more of the rules are violated, then the apparatus 100 alerts the administrator 188 via the mis-configuration alert indicator 130 (step 220). For example, in the case of the rule specified above with respect to step 210a, if the one or more factory-default settings are the same as the one or more corresponding current configuration settings, then the apparatus 100 alerts the administrator 188 via mis-configuration alert indicator 130. It is to be appreciated that the way in which the administrator 188 is alerted is not critical to the present invention and, thus, any approach and/or device for providing the alert can be employed while maintaining the spirit of the present invention. For example, the alert can be provided, but is not limited to, the following: (a) a visual method/device (flashing LED); (b) an audio method/device (series of beeps); (c) an alert message (e.g., Simple Network Monitoring Protocol (SNMP) trap to management console, Short Message Service (SMS) message); and so forth.
It is to be appreciated that the mis-configuration alert can be provided to the administrator at a remote location with respect to the electronic device 199 via the communication device 130 (step 230).
A description will now be given further regarding mis-configuration detection and alerting, according to another embodiment of the present invention. It is to be appreciated that any kind of rules that govern the proper configuration of a device can be employed in accordance with the present invention. As noted above, such rules can either be statically configured, or can be dynamically changed by the administrator. Moreover, as noted above, the apparatus 100 monitors the configuration of the electronic device 199 and, upon detecting any violation of the rules, alerts the administrator. The default configuration detection is simply one possible rule example that can be employed in accordance with the present invention. In the illustrative default configuration detection case, the rule is that “the configuration in use should not be exactly the same as the default factory setting”. However, as noted above, it is to be appreciated that other useful rules can also be employed in accordance with the present invention, while maintaining the spirit of the present invention. Some other illustrative rules that can be employed include, but are not limited to the following described immediately herein after. For example, one such rule is that if encryption is not configured, then packet filtering must be set up. Another illustrative rule is that if neither encryption nor packet filtering are turned on, then the transmit power must be under 20 mW. Yet another illustrative rule is that if the AP is configured as a router, then the Wireless Local Area Network (WLAN) interface and the Ethernet interface should not belong to the same sub network.
It is to be appreciated that the present invention is not limited to the specific rules and mis-configuration conditions described herein and, thus, other rules and mis-configuration conditions, as readily contemplated by one of ordinary skill in the related art, can also be employed with respect to the present invention while maintaining the spirit of the present invention.
A description will now be given of violation detection, according to an illustrative embodiment of the present invention. It is to be appreciated that the detections of violation conditions can be carried out in a variety of ways. It is to be further appreciated that the present invention is not limited to the violation detection methodologies and steps described herein and, thus, other steps, as readily contemplated by one of ordinary skill in the related art, can also be employed in accordance with the present invention while maintaining the spirit of the present invention. The detection process can be started whenever the configuration is changed through the administration interface, or at any other time. For example, the detection process can be started whenever the device reboots, the detection process can be scheduled periodically, and/or can be started manually by the administrator.
Although the illustrative embodiments have been described herein with reference to the accompanying drawings, it is to be understood that the present invention is not limited to those precise embodiments, and that various other changes and modifications can be affected therein by one of ordinary skill in the related art without departing from the scope or spirit of the invention. All such changes and modifications are intended to be included within the scope of the invention as defined by the appended claims.
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/US04/28952 | 9/3/2004 | WO | 3/2/2007 |