Claims
- 1. A node of a network for managing an intrusion protection system, the node comprising:
a memory module for storing data in machine-readable format for retrieval and execution by a central processing unit; and an operating system comprising a network stack comprising a protocol driver and a media access control driver and operable to execute an intrusion protection system management application, the management application operable to receive text-file input from an input device, the text-file defining a network-exploit rule and comprising at least one field.
- 2. The node according to claim 1, wherein the network exploit rule further comprises a field selected from the group consisting of an ENABLED field and a SEVERITY field.
- 3. The node according to claim 1, wherein the node is operable to compile the text-file into a machine-readable signature-file and transmit the machine-readable signature-file to at least one other node of the network.
- 4. The node according to claim 1, further comprising a database, the node operable to store a plurality of text-files, each respectively defining a network-exploit rule, in the database.
- 5. The node according to claim 2, further comprising a machine-readable signature-file database operable to store a plurality of machine-readable signature-files each generated from one of a respective plurality of text-files, the management application operable to transmit a subset of the plurality of machine-readable signature-files to another node connected to the network.
- 6. The node according to claim 5, wherein the subset comprises all machine-readable signature-files of the plurality of machine-readable signature-files each generated from a respective text-file having an asserted ENABLED field value.
- 7. The node according to claim 5, wherein the management application is operable to accept a SEVERITY threshold from the input device and the subset comprises all machine-readable signature-files respectively generated from a text-file having a SEVERITY field value equal to or greater than the threshold.
- 8. A method of distributing command and security updates in a network having an intrusion protection system, comprising:
generating a text-file defining a network-exploit rule; and specifying at least one field selected from the group consisting of an ENABLED field value and a SEVERITY level field value during generation of the text-file.
- 9. The method according to claim 8, further comprising storing a plurality of text-files in a database, each text-file defining a network-exploit rule.
- 10. The method according to claim 9, further comprising transmitting, by a management node of the network, a subset of the plurality of machine-readable signature-files to a node in the network.
- 11. The method according to claim 10, wherein the subset of machine-readable signature-files comprises all of the plurality of machine-readable signature-files each generated from a respective one of the plurality of text-files that has the respective ENABLED field asserted.
- 12. The method according to claim 10, further comprising specifying a priority level threshold, the subset of the plurality of machine-readable signature-files comprised of all machine-readable signature-files generated from a respective one of the plurality of text-files having a SEVERITY level field value equal to or greater than the threshold.
- 13. A computer-readable medium having stored thereon a set of instructions to be executed, the set of instructions, when executed by a processor, cause the processor to perform a computer method of:
reading input from an input device of the computer; compiling the input into a machine-readable signature file comprising machine-readable logic representative of the network-exploit rule and a value of at least one field selected from the group consisting of an ENABLED field and a SEVERITY field; evaluating the machine-readable signature file; and determining the value of the at least one field of the machine-readable signature file.
- 14. The computer readable medium according to claim 13, further comprising a set of instructions that, when executed by the processor, cause the processor to perform the computer method of specifying a SEVERITY threshold value.
- 15. The computer readable medium according to claim 14, further comprising a set of instructions that, when executed by the processor, cause the processor to perform the computer method of transmitting the machine-readable signature file to another node of the network upon determining the value of the SEVERITY field is greater than the threshold.
- 16. The computer readable medium according to claim 13, further comprising a set of instruction that, when executed by the processor, cause the processor to perform the computer method of generating a text-file from the input, the text-file specifying the network-exploit rule and the at least one field, the machine-readable signature file compiled from the text file.
- 17. The computer readable medium according to claim 13, further comprising a set of instruction that, when executed by the processor, cause the processor to perform the computer method of transmitting the machine-readable signature file to another node of the network upon determining the ENABLED field value is logically asserted.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This patent application is related to co-pending U.S. patent application, Ser. No. ______ entitled “METHOD AND COMPUTER READABLE MEDIUM FOR SUPPRESSING EXECUTION OF SIGNATURE FILE DIRECTIVES DURING A NETWORK EXPLOIT,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “SYSTEM AND METHOD OF DEFINING THE SECURITY CONDITION OF A COMPUTER SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______ entitled “SYSTEM AND METHOD OF DEFINING THE SECURITY VULNERABILITIES OF A COMPUTER SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “SYSTEM AND METHOD OF DEFINING UNAUTHORIZED INTRUSIONS ON A COMPUTER SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “NETWORK INTRUSION DETECTION SYSTEM AND METHOD,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “NODE, METHOD AND COMPUTER READABLE MEDIUM FOR INSERTING AN INTRUSION PREVENTION SYSTEM INTO A NETWORK STACK,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “METHOD, COMPUTER-READABLE MEDIUM, AND NODE FOR DETECTING EXPLOITS BASED ON AN INBOUND SIGNATURE OF THE EXPLOIT AND AN OUTBOUND SIGNATURE IN RESPONSE THERETO,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “NETWORK, METHOD AND COMPUTER READABLE MEDIUM FOR DISTRIBUTED SECURITY UPDATES TO SELECT NODES ON A NETWORK,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “METHOD, COMPUTER READABLE MEDIUM, AND NODE FOR A THREE-LAYERED INTRUSION PREVENTION SYSTEM FOR DETECTING NETWORK EXPLOITS,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “SYSTEM AND METHOD OF AN OS-INTEGRATED INTRUSION DETECTION AND ANTI-VIRUS SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “METHOD, NODE AND COMPUTER READABLE MEDIUM FOR IDENTIFYING DATA IN A NETWORK EXPLOIT,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “METHOD, NODE AND COMPUTER READABLE MEDIUM FOR PERFORMING MULTIPLE SIGNATURE MATCHING IN AN INTRUSION PREVENTION SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “USER INTERFACE FOR PRESENTING DATA FOR AN INTRUSION PROTECTION SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “NODE AND MOBILE DEVICE FOR A MOBILE TELECOMMUNICATIONS NETWORK PROVIDING INTRUSION DETECTION,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “METHOD AND COMPUTER-READABLE MEDIUM FOR INTEGRATING A DECODE ENGINE WITH AN INTRUSION DETECTION SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application, Ser. No. ______, entitled “SYSTEM AND METHOD OF GRAPHICALLY DISPLAYING DATA FOR AN INTRUSION PROTECTION SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; and U.S. patent application, Ser. No. ______, entitled “SYSTEM AND METHOD OF GRAPHICALLY CORRELATING DATA FOR AN INTRUSION PROTECTION SYSTEM,” filed Oct. 31, 2001, co-assigned herewith.