WO2021107767A1 - Network controller system and method - Google Patents

Network controller system and method Download PDF

Info

Publication number
WO2021107767A1
WO2021107767A1 PCT/MY2020/050134 MY2020050134W WO2021107767A1 WO 2021107767 A1 WO2021107767 A1 WO 2021107767A1 MY 2020050134 W MY2020050134 W MY 2020050134W WO 2021107767 A1 WO2021107767 A1 WO 2021107767A1
Authority
WO
WIPO (PCT)
Prior art keywords
host
controller system
network controller
network
module
Prior art date
Application number
PCT/MY2020/050134
Other languages
French (fr)
Inventor
Sharipah Setapa
Shahrol Hisham BAHAROM
Saliza HASAN
Hong Hoe ONG
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2021107767A1 publication Critical patent/WO2021107767A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Definitions

  • Embodiments of the present invention generally relate to network systems, and in particular relate to adding hosts to network systems.
  • the host when physical host is required to be added to network, it needs to be configured first. For example, the host may be required to undergo configuration, setup and installation before it may be utilized. Further, the host needs to have certain specification before it is suitable to be added in cloud. After a satisfaction configuration, the host may be added through a discovery into the cloud.
  • a network controller system (102) for adding a host to a network includes a scan module (202) configured to scan host discovery and physical specification.
  • the network controller system (102) includes a port detection module (204) configured to establish vulnerability range and physical host skeleton.
  • the network controller system (102) includes a tolerance acceptance module (206) configured to check and prepare list of risk and non-risk host.
  • the network controller system (102) includes an agent module (208) configured to find appropriate queue host in the network, based on tolerance level of the host.
  • a computer-implemented method for adding a host to a network is provided herein.
  • the computer- implemented method includes scanning host discovery and physical specification.
  • the computer-implemented method further includes establishing a vulnerability range and physical host skeleton.
  • the computer-implemented method further includes checking and preparing list of risk and non-risk host.
  • the computer- implemented method further includes finding appropriate queue host in the network, based on tolerance level of the host.
  • FIG. 1 is a block diagram depicting a network environment according to an embodiment of the present invention
  • FIG. 2 is a block diagram of modules stored in memory, according to an embodiment of the present invention
  • FIG. 3 depicts an exemplary flowchart illustrating overall flow of a method of adding hosts to a network, according to an embodiment of the present invention
  • FIG. 4 depicts an exemplary flowchart illustrating steps for scanning penetration of network, according to an embodiment of the present invention
  • FIG. 5 depicts an exemplary flowchart illustrating steps of establishing vulnerability range and physical host skeleton, according to an embodiment of the present invention
  • FIG. 6 depicts an exemplary flowchart illustrating steps of providing provision of queuing host/server, according to an embodiment of the present invention
  • FIG. 7 depicts an exemplary flowchart illustrating steps of establishing a combination queuing host, according to an embodiment of the present invention
  • FIG. 8 depicts an exemplary diagram illustrating combination of application, queuing host, and physical specification being performed
  • FIG. 9 depicts an exemplary diagram illustrating difference between prior art and present disclosure, according to an embodiment of the present invention.
  • the word “may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must).
  • the words “include”, “including”, and “includes” mean including but not limited to.
  • each of the expressions “at least one of A, B and C”, “at least one of A, B, or C”, “one or more of A, B, and C”, “one or more of A, B, or C” and “A, B, and/or C” means A alone, B alone, C alone, A and B together, A and C together, B and C together, or A, B and C together.
  • FIG. 1 illustrates a network environment (100) where various embodiments of the present invention may be implemented.
  • the network environment (100) includes a network controller system (102) connected to various hosts 104a, 104b,...104n, (hereinafter referred as 104) via a network interface (108) having various ports via a network (106).
  • the network (106) may be a communication network such as Internet, Public Switched Telephone Network (PSTN), Local Area Network (LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN), and so forth.
  • messages exchanged between the network controller system (102) and the hosts (104) may comprise any suitable message format and protocol capable of communicating the information necessary for the network controller system (102) to scan various hosts (104) (before adding to the network (106) for checking network requirement and vulnerability, and add the host (104) to the network (106).
  • the network controller system (102) includes a processor (110) and a memory (112).
  • the processor (110) includes a single processor and resides at the network controller system (102).
  • the memory (112) may comprise suitable logic, circuitry, and/or interfaces that may be operable to store a machine readable code and/or a computer program with at least one code section executable by the processor (110).
  • the memory (112) includes one or more instructions that may be executed by the processor (110) to scan host discovery and physical specification, establish vulnerability range and physical host skeleton, check and prepare list of risk and non-risk host, and find appropriate queue host in the network, based on tolerance level of the host.
  • the memory (112) includes modules (114), and a database (116).
  • the database (116) is stored internally to the network controller system (102).
  • the memory (112) of the network controller system (102) is coupled to the processor (110).
  • the network controller system (102) may include a system for receiving an indication to scan a set of network addresses (e.g., from a user or an administrator system).
  • the network controller system (102) is configured to determine portions of the scan to be performed by a plurality of scanning nodes, in which the scanning nodes is configured to each perform a portion of the requested scan by the network controller system, and receive back results from each of the scanning nodes.
  • the network controller system (102) is configured to provide the results to the database (116), determine differences between current results and previous results (e.g., previous results also stored in the database 116), and provide the requestor an indication of results, results, or a summary of the results.
  • the network controller system (102) may include a system implemented using cloud computing hardware.
  • the network controller system (102) may receive an indication of a set of the scanning nodes.
  • the scanning nodes comprise network systems for scanning.
  • the network controller system (102) may communicate with the plurality of hosts using the network (106).
  • the modules (114) includes a scan module (202), a port detection module (204), a tolerance acceptance module (206), and an agent module (208).
  • the modules (114) are instructions stored in the memory (112).
  • the scan module (202) is configured to scan host discovery and physical specification.
  • the scan module (202) is configured to perform host discovery to check if host is alive or not. Further, the physical specification may depend on application, software, traffic, or user.
  • the scan module (202) is configured to scan a host using various tools information and identify predetermined or relevant information (for example, port, service, operating system, CPU, RAM). Further, the scan module (202) is configured to select a host, based on the predetermined relevant information. Further, the scan module (202) is configured to calculate a significant value for each host, for similarity or difference for significant host, based on a predetermined value.
  • the port detection module (204) is configured to establish vulnerability range and physical host skeleton. In an embodiment, the port detection module (204) is configured to take few hosts in specific range and find specific similarity. Further, the port detection module (204) is configured to determine if the host is vulnerable. In an exemplary embodiment, the port detection module (204) may identify ‘Host A’ as highly vulnerability, ‘Host B’ as medium risk, ‘Host C’ as vulnerable, and ‘Host D’ as low vulnerable. The port detection module (204) is configured to fix vulnerability of the host. In an embodiment, the port detection module (204) is configured to make such host as ‘passive host’ by assigning the host a passive host category.
  • each passive host may be vulnerable, but it is not able to compromise the network controller system (102), and may be fixed.
  • the port detection module (204) is configured to check potential intrusive port, and cure the intrusive port.
  • the potential intrusive port is cured before converting into list of selection host again.
  • the intrusive port may be a source to spread the malware, and intrusive port attack may include, but not limited to, SQL injections, cross-site request forgeries, cross-site scripting, and buffer overruns.
  • potential for the port to be intrusive is high in port ‘80’ and ‘22’ based on scanning weightage.
  • the tolerance acceptance module (206) is configured to provide a provision queuing host/server. In an embodiment, the tolerance acceptance module (206) is configured to first categorize a risk based on predefined criteria. Further, the tolerance acceptance module (206) is configured to perform a migration, based on risk result. The tolerance acceptance module (206) is configured to further check and prepare list of risk and non-risk host. Further, the tolerance acceptance module (206) is configured to check whether host is categorized in ‘risk’ and ‘non-risk’ list, and establish a continuous list for queue and a stock of hosts.
  • the agent module (208) is configured to establish a combination of queuing host with combination of application and minimal tolerance physical specification.
  • the agent module (208) is configured to first observe applications, for example, web and database. Further, the agent module (208) is configured to calculate minimum tolerance of applications by comparing with clean host and hardware specification. In an embodiment, a comparison may be made that can satisfy queuing host and specification.
  • the agent module (208) is further configured to determine if queue host is below minimum tolerance, when compared with a threshold. Further, the agent module (208) is configured to find appropriate queue host. For example, if the host needs to be utilized for both web and database, the agent module (208) may identify ‘Flost D’ as tolerance specification for the application. Further, the agent module (208) may determine next queue for host as ‘host B’ and ‘host C’. Further, if the specification is below minimal requirement (as shown in FIG. 8), for ‘host B’, then the queue may be filled for another host (for example, ‘host C’). Further, the agent module (208) may add potential host tolerance in the cloud. FIG.
  • FIG. 3 illustrates an exemplary flowchart of a method of adding hosts to a network (300), according to an embodiment of the present invention.
  • penetration of network is scanned.
  • host discovery and physical specification may be scanned.
  • a vulnerability range and physical host skeleton is established.
  • port frequent similarly and physical host parameter (CPU, RAM, hard disk) may be established.
  • a provision queuing host/server is provided.
  • each host is a queue host based on passive and intrusive nature before it is compared with application and physical specification.
  • a combination queuing host is established with combination of application and minimal tolerance physical specification.
  • another queuing host is established when it is compared with combination of application and minimal tolerance physical specification.
  • FIG. 4 illustrates an exemplary flowchart of steps (310) for scanning penetration of network, according to an embodiment of the present invention.
  • penetration is created for physical specification of host and host delivery (for example, to check if host is alive or not).
  • host is scanned using various tools information.
  • relevant information is identified, for example, port, service, operating system, CPU, RAM.
  • host is selected, based on relevant information.
  • significant value is calculated for similarity or difference for significant host.
  • FIG. 5 illustrates an exemplary flowchart of steps (320) for establishing vulnerability range and physical host skeleton, according to an embodiment of the present invention.
  • step 321 few hosts are taken in specific range.
  • port with specific similarity is found.
  • step 323 it is determined if host is vulnerable. If yes, proceeds to step 324 where vulnerability is tried to be fixed and to step 325, where the host is converted as passive port host. If no, method proceeds to step 326 to check the potential intrusive port, for example port ‘80’ and ‘22’.
  • the intrusive port is cured. In an embodiment, the potential intrusive port is cured before converting into list of selection host again.
  • FIG. 6 illustrates an exemplary flowchart of steps (330) for providing provision of queuing host/server, according to an embodiment of the present invention.
  • risk is categorized into high, medium and low risk.
  • migration is performed based on risk result (for example, vulnerable, pending to be fixed, or fixed). In an embodiment, if host belongs to high risk and cannot be fixed category, then host is not listed in queue.
  • host belongs to medium risk, and it can be fixed then the host may be listed in queue.
  • list of risk and non-risk host is prepared. For example, a particular ‘Flost A’ may be found as risky and another ‘Flost B’ may be found as non-risky.
  • step 334 it is determined if list is not available. If yes, proceeds to step 335 and it is checked whether host is categorized. Otherwise, the method proceeds to step 336 where a continuous list for queue is established. At step 337, a stock is established. Those skilled in art would appreciate that this queueing gives the stock without need to scan every time host need to be added into LAN. This is with assumption that the host is a passive host.
  • FIG. 7 illustrates an exemplary flowchart of steps (340) for establishing a combination queuing host, according to an embodiment of the present invention.
  • applications are observed, for example, web and database.
  • minimum tolerance is calculated. Acceptance of each application is determined when compared with clean host and hardware specification.
  • a comparison is made that can satisfy queuing host and specification.
  • it is determined if queue host is below minimum tolerance, when compared with a threshold. If no, method proceeds to step 345. If yes, the method proceeds to step 346.
  • plan sequence is proceeded with.
  • step 346 another queuing host is got.
  • appropriate queue host is found, for example, queue host above minimum tolerance.
  • FIG. 8 depicts an exemplary diagram illustrating combination application, queuing host, and physical specification.
  • ‘Flost D’ may be used as tolerance specification for the application.
  • next queue may be determined for host as ‘host B’ and ‘host C’.
  • the queue may be filled for another host (for example, ‘Flost C’).
  • potential host tolerance may be added in the cloud.
  • the network controller system (102) and the method (300) performed by the network controller system (102) advantageously adds any host to a network after properly checking requirement and vulnerabilities of host to the network, as shown in FIG. 9, instead of adding host without checking requirement and vulnerabilities of host to the network.
  • the network controller system (102) is configured to allow a host that meets a requirement and block if the host has vulnerabilities or does not meet minimum requirements.
  • the network controller system (102) provides for managing and occupying certain level of priority when new service is critical. Further, the network controller system (102) provides for establishing a parameter for scanning, and creating requirement for physical boundary minimum and high specification. Further, the network controller system (102) provides for managing a list of new host queuing, getting a specification tolerance that combines the application, queue host and minimal requirement, and adding the host tolerance into the cloud.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

A network controller system (102) for adding a host to a network is provided herein. The network controller system (102) includes a scan module (202) configured to scan host discovery and physical specification. The network controller system (102) includes a port detection module (204) configured to establish vulnerability range and physical host skeleton. The network controller system (102) includes a tolerance acceptance module (206) configured to check and prepare list of risk and non-risk host. The network controller system (102) includes an agent module (208) configured to find appropriate queue host in the network, based on tolerance level of the host.

Description

NETWORK CONTROLLER SYSTEM AND METHOD
FIELD OF THE INVENTION Embodiments of the present invention, generally relate to network systems, and in particular relate to adding hosts to network systems.
BACKGROUND These days almost every type of organization (for example, a government agency or commercial agency) relies on one or more networks interconnecting multiple computing nodes. It is well known fact that failure of the networked computing system of an organization may cause huge damage, up to completely shutting down all operations. Further, all data including confidential data of the organization exists on its networked computing system that needs to be protected.
Usually, when physical host is required to be added to network, it needs to be configured first. For example, the host may be required to undergo configuration, setup and installation before it may be utilized. Further, the host needs to have certain specification before it is suitable to be added in cloud. After a satisfaction configuration, the host may be added through a discovery into the cloud.
Conventional methods of adding host to the organization network suffer from several deficiencies. For example, when a new host has a specification which does not meet with requirement of the cloud, then a standard requirement from the host that needs to be met is not defined properly. Further, conventional methods have to discover new host manually which is not an efficient way. Further, conventional methods lack an internal penetration host to uncover vulnerabilities and highlight the risk involved in the host.
An example of prior art host scanning and adding is United States Patent Application No. 20180278626 issued to Qadium Inc, discloses an approach for scanning hosts, however the system may not be expedient for larger networks, and does not disclose the ability to categorise intrusive or passive hosts, hence lacking thorough checking (that could compromise network safety) when scanning of hosts is carried out. Further, conventional methods tend to add host into cloud without knowing minimum or maximum requirement specification of hosts. Further, each time new IP address is scanned by a server, scanning is done without having prior information of previous host state information. Thus, at the end, host is added to network without doing a proper scanning and filtering. Further, any host is added without properly checking requirement and vulnerabilities of host to the network and confidential data.
Therefore, there is a need for an improved system and method for adding host to network which solves above disadvantages associated with the conventional methods.
SUMMARY According to an aspect of the present disclosure, a network controller system (102) for adding a host to a network is provided herein. The network controller system (102) includes a scan module (202) configured to scan host discovery and physical specification. The network controller system (102) includes a port detection module (204) configured to establish vulnerability range and physical host skeleton. The network controller system (102) includes a tolerance acceptance module (206) configured to check and prepare list of risk and non-risk host. The network controller system (102) includes an agent module (208) configured to find appropriate queue host in the network, based on tolerance level of the host. According to another aspect of the present disclosure, a computer-implemented method for adding a host to a network is provided herein. The computer- implemented method includes scanning host discovery and physical specification. The computer-implemented method further includes establishing a vulnerability range and physical host skeleton. The computer-implemented method further includes checking and preparing list of risk and non-risk host. The computer- implemented method further includes finding appropriate queue host in the network, based on tolerance level of the host.
The preceding is a simplified summary to provide an understanding of some aspects of embodiments of the present invention. This summary is neither an extensive nor exhaustive overview of the present invention and its various embodiments. The summary presents selected concepts of the embodiments of the present invention in a simplified form as an introduction to the more detailed description presented below. As will be appreciated, other embodiments of the present invention are possible utilizing, alone or in combination, one or more of the features set forth above or described in detail below.
BRIEF DESCRIPTION OF THE DRAWINGS
The above and still further features and advantages of embodiments of the present invention will become apparent upon consideration of the following detailed description of embodiments thereof, especially when taken in conjunction with the accompanying drawings, and wherein:
FIG. 1 is a block diagram depicting a network environment according to an embodiment of the present invention;
FIG. 2 is a block diagram of modules stored in memory, according to an embodiment of the present invention; FIG. 3 depicts an exemplary flowchart illustrating overall flow of a method of adding hosts to a network, according to an embodiment of the present invention;
FIG. 4 depicts an exemplary flowchart illustrating steps for scanning penetration of network, according to an embodiment of the present invention;
FIG. 5 depicts an exemplary flowchart illustrating steps of establishing vulnerability range and physical host skeleton, according to an embodiment of the present invention; FIG. 6 depicts an exemplary flowchart illustrating steps of providing provision of queuing host/server, according to an embodiment of the present invention;
FIG. 7 depicts an exemplary flowchart illustrating steps of establishing a combination queuing host, according to an embodiment of the present invention; FIG. 8 depicts an exemplary diagram illustrating combination of application, queuing host, and physical specification being performed; and
FIG. 9 depicts an exemplary diagram illustrating difference between prior art and present disclosure, according to an embodiment of the present invention.
To facilitate understanding, like reference numerals have been used, where possible, to designate like elements common to the figures. DETAILED DESCRIPTION
As used throughout this application, the word "may" is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include”, “including”, and “includes” mean including but not limited to.
The phrases “at least one”, “one or more”, and “and/or” are open-ended expressions that are both conjunctive and disjunctive in operation. For example, each of the expressions “at least one of A, B and C”, “at least one of A, B, or C”, “one or more of A, B, and C”, “one or more of A, B, or C” and “A, B, and/or C” means A alone, B alone, C alone, A and B together, A and C together, B and C together, or A, B and C together.
The term “a” or “an” entity refers to one or more of that entity. As such, the terms “a” (or “an”), “one or more” and “at least one” can be used interchangeably herein. It is also to be noted that the terms “comprising”, “including”, and “having” can be used interchangeably.
The term “automatic” and variations thereof, as used herein, refers to any process or operation done without material human input when the process or operation is performed. Flowever, a process or operation can be automatic, even though performance of the process or operation uses material or immaterial human input, if the input is received before performance of the process or operation. Fluman input is deemed to be material if such input influences how the process or operation will be performed. Fluman input that consents to the performance of the process or operation is not deemed to be “material”. FIG. 1 illustrates a network environment (100) where various embodiments of the present invention may be implemented. The network environment (100) includes a network controller system (102) connected to various hosts 104a, 104b,...104n, (hereinafter referred as 104) via a network interface (108) having various ports via a network (106). The network (106) may be a communication network such as Internet, Public Switched Telephone Network (PSTN), Local Area Network (LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN), and so forth. Further, messages exchanged between the network controller system (102) and the hosts (104) may comprise any suitable message format and protocol capable of communicating the information necessary for the network controller system (102) to scan various hosts (104) (before adding to the network (106) for checking network requirement and vulnerability, and add the host (104) to the network (106).
In an embodiment of the present invention, the network controller system (102) includes a processor (110) and a memory (112). In one embodiment, the processor (110) includes a single processor and resides at the network controller system (102). Further, the memory (112) may comprise suitable logic, circuitry, and/or interfaces that may be operable to store a machine readable code and/or a computer program with at least one code section executable by the processor (110). In an embodiment, the memory (112) includes one or more instructions that may be executed by the processor (110) to scan host discovery and physical specification, establish vulnerability range and physical host skeleton, check and prepare list of risk and non-risk host, and find appropriate queue host in the network, based on tolerance level of the host. In one embodiment, the memory (112) includes modules (114), and a database (116). In one embodiment, the database (116) is stored internally to the network controller system (102). Furthermore, the memory (112) of the network controller system (102) is coupled to the processor (110).
Further, the network controller system (102) may include a system for receiving an indication to scan a set of network addresses (e.g., from a user or an administrator system). The network controller system (102) is configured to determine portions of the scan to be performed by a plurality of scanning nodes, in which the scanning nodes is configured to each perform a portion of the requested scan by the network controller system, and receive back results from each of the scanning nodes. Further, the network controller system (102) is configured to provide the results to the database (116), determine differences between current results and previous results (e.g., previous results also stored in the database 116), and provide the requestor an indication of results, results, or a summary of the results. In an embodiment, the network controller system (102) may include a system implemented using cloud computing hardware. The network controller system (102) may receive an indication of a set of the scanning nodes. In some embodiments, the scanning nodes comprise network systems for scanning. The network controller system (102) may communicate with the plurality of hosts using the network (106).
Referring to FIG. 2, the modules (114) includes a scan module (202), a port detection module (204), a tolerance acceptance module (206), and an agent module (208). The modules (114) are instructions stored in the memory (112). According to an embodiment of the present invention, the scan module (202) is configured to scan host discovery and physical specification. In an embodiment, the scan module (202) is configured to perform host discovery to check if host is alive or not. Further, the physical specification may depend on application, software, traffic, or user. In an embodiment of the present invention, the scan module (202) is configured to scan a host using various tools information and identify predetermined or relevant information (for example, port, service, operating system, CPU, RAM). Further, the scan module (202) is configured to select a host, based on the predetermined relevant information. Further, the scan module (202) is configured to calculate a significant value for each host, for similarity or difference for significant host, based on a predetermined value.
The port detection module (204) is configured to establish vulnerability range and physical host skeleton. In an embodiment, the port detection module (204) is configured to take few hosts in specific range and find specific similarity. Further, the port detection module (204) is configured to determine if the host is vulnerable. In an exemplary embodiment, the port detection module (204) may identify ‘Host A’ as highly vulnerability, ‘Host B’ as medium risk, ‘Host C’ as vulnerable, and ‘Host D’ as low vulnerable. The port detection module (204) is configured to fix vulnerability of the host. In an embodiment, the port detection module (204) is configured to make such host as ‘passive host’ by assigning the host a passive host category. Those skilled in art will appreciate that each passive host may be vulnerable, but it is not able to compromise the network controller system (102), and may be fixed. Further, the port detection module (204) is configured to check potential intrusive port, and cure the intrusive port. In an embodiment, the potential intrusive port is cured before converting into list of selection host again. The intrusive port may be a source to spread the malware, and intrusive port attack may include, but not limited to, SQL injections, cross-site request forgeries, cross-site scripting, and buffer overruns. In an exemplary embodiment, potential for the port to be intrusive is high in port ‘80’ and ‘22’ based on scanning weightage.
The tolerance acceptance module (206) is configured to provide a provision queuing host/server. In an embodiment, the tolerance acceptance module (206) is configured to first categorize a risk based on predefined criteria. Further, the tolerance acceptance module (206) is configured to perform a migration, based on risk result. The tolerance acceptance module (206) is configured to further check and prepare list of risk and non-risk host. Further, the tolerance acceptance module (206) is configured to check whether host is categorized in ‘risk’ and ‘non-risk’ list, and establish a continuous list for queue and a stock of hosts.
The agent module (208) is configured to establish a combination of queuing host with combination of application and minimal tolerance physical specification. In an embodiment, the agent module (208) is configured to first observe applications, for example, web and database. Further, the agent module (208) is configured to calculate minimum tolerance of applications by comparing with clean host and hardware specification. In an embodiment, a comparison may be made that can satisfy queuing host and specification.
The agent module (208) is further configured to determine if queue host is below minimum tolerance, when compared with a threshold. Further, the agent module (208) is configured to find appropriate queue host. For example, if the host needs to be utilized for both web and database, the agent module (208) may identify ‘Flost D’ as tolerance specification for the application. Further, the agent module (208) may determine next queue for host as ‘host B’ and ‘host C’. Further, if the specification is below minimal requirement (as shown in FIG. 8), for ‘host B’, then the queue may be filled for another host (for example, ‘host C’). Further, the agent module (208) may add potential host tolerance in the cloud. FIG. 3 illustrates an exemplary flowchart of a method of adding hosts to a network (300), according to an embodiment of the present invention. Initially, at step 310, penetration of network is scanned. In an embodiment, host discovery and physical specification may be scanned. At step 320, a vulnerability range and physical host skeleton is established. In an embodiment, port frequent similarly and physical host parameter (CPU, RAM, hard disk) may be established.
At step 330, a provision queuing host/server is provided. In an embodiment, each host is a queue host based on passive and intrusive nature before it is compared with application and physical specification. At step 340, a combination queuing host is established with combination of application and minimal tolerance physical specification. In an embodiment, another queuing host is established when it is compared with combination of application and minimal tolerance physical specification.
FIG. 4 illustrates an exemplary flowchart of steps (310) for scanning penetration of network, according to an embodiment of the present invention. At step 311, penetration is created for physical specification of host and host delivery (for example, to check if host is alive or not). At step 312, host is scanned using various tools information. At step 313, relevant information is identified, for example, port, service, operating system, CPU, RAM. At step 314, host is selected, based on relevant information. At step 315, significant value is calculated for similarity or difference for significant host.
FIG. 5 illustrates an exemplary flowchart of steps (320) for establishing vulnerability range and physical host skeleton, according to an embodiment of the present invention. At step 321 , few hosts are taken in specific range. At step 322, port with specific similarity is found. At step 323, it is determined if host is vulnerable. If yes, proceeds to step 324 where vulnerability is tried to be fixed and to step 325, where the host is converted as passive port host. If no, method proceeds to step 326 to check the potential intrusive port, for example port ‘80’ and ‘22’. At step 327, the intrusive port is cured. In an embodiment, the potential intrusive port is cured before converting into list of selection host again. For example, ‘Flost A’ may be identified as highly vulnerable, ‘Flost B’ as medium risk, ‘Flost C’ as vulnerable, and ‘Flost D’ as low vulnerable. Further, the vulnerability of the host may be fixed, for example, by making the host as passive host by assigning the host the passive host category. FIG. 6 illustrates an exemplary flowchart of steps (330) for providing provision of queuing host/server, according to an embodiment of the present invention. At step 331 , risk is categorized into high, medium and low risk. At step 332, migration is performed based on risk result (for example, vulnerable, pending to be fixed, or fixed). In an embodiment, if host belongs to high risk and cannot be fixed category, then host is not listed in queue. If host belongs to medium risk, and it can be fixed then the host may be listed in queue. At step 333, list of risk and non-risk host is prepared. For example, a particular ‘Flost A’ may be found as risky and another ‘Flost B’ may be found as non-risky.
At step 334, it is determined if list is not available. If yes, proceeds to step 335 and it is checked whether host is categorized. Otherwise, the method proceeds to step 336 where a continuous list for queue is established. At step 337, a stock is established. Those skilled in art would appreciate that this queueing gives the stock without need to scan every time host need to be added into LAN. This is with assumption that the host is a passive host.
FIG. 7 illustrates an exemplary flowchart of steps (340) for establishing a combination queuing host, according to an embodiment of the present invention. At step 341 , applications are observed, for example, web and database. At step 342, minimum tolerance is calculated. Acceptance of each application is determined when compared with clean host and hardware specification. At step 343, a comparison is made that can satisfy queuing host and specification. At step 344, it is determined if queue host is below minimum tolerance, when compared with a threshold. If no, method proceeds to step 345. If yes, the method proceeds to step 346. At step 345, plan sequence is proceeded with. At step 346, another queuing host is got. At step 347, appropriate queue host is found, for example, queue host above minimum tolerance.
FIG. 8 depicts an exemplary diagram illustrating combination application, queuing host, and physical specification. As shown in FIG. 8, if the host needs to be utilized for both web and database, ‘Flost D’ may be used as tolerance specification for the application. Further, next queue may be determined for host as ‘host B’ and ‘host C’. Further, if the specification is below minimal requirement for ‘host B’, then the queue may be filled for another host (for example, ‘Flost C’). Further, potential host tolerance may be added in the cloud. The network controller system (102) and the method (300) performed by the network controller system (102) advantageously adds any host to a network after properly checking requirement and vulnerabilities of host to the network, as shown in FIG. 9, instead of adding host without checking requirement and vulnerabilities of host to the network. The network controller system (102) is configured to allow a host that meets a requirement and block if the host has vulnerabilities or does not meet minimum requirements.
Further, the network controller system (102) provides for managing and occupying certain level of priority when new service is critical. Further, the network controller system (102) provides for establishing a parameter for scanning, and creating requirement for physical boundary minimum and high specification. Further, the network controller system (102) provides for managing a list of new host queuing, getting a specification tolerance that combines the application, queue host and minimal requirement, and adding the host tolerance into the cloud.
The foregoing discussion of the present invention has been presented for purposes of illustration and description. It is not intended to limit the present invention to the form or forms disclosed herein. In the foregoing Detailed Description, for example, various features of the present invention are grouped together in one or more embodiments, configurations, or aspects for the purpose of streamlining the disclosure. The features of the embodiments, configurations, or aspects may be combined in alternate embodiments, configurations, or aspects other than those discussed above. This method of disclosure is not to be interpreted as reflecting an intention the present invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment, configuration, or aspect. Thus, the following claims are hereby incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of the present invention.
Moreover, though the description of the present invention has included description of one or more embodiments, configurations, or aspects and certain variations and modifications, other variations, combinations, and modifications are within the scope of the present invention, e.g., as may be within the skill and knowledge of those in the art, after understanding the present disclosure. It is intended to obtain rights which include alternative embodiments, configurations, or aspects to the extent permitted, including alternate, interchangeable and/or equivalent structures, functions, ranges or steps to those claimed, whether or not such alternate, interchangeable and/or equivalent structures, functions, ranges or steps are disclosed herein, and without intending to publicly dedicate any patentable subject matter.

Claims

1 . A network controller system (102) for adding a host to a network, the network controller system (102), comprising a processor (110) and a memory (112), characterized by: the memory (112) storing: a scan module (202) configured to scan host discovery and physical specification of at least one host; a port detection module (204) configured to establish vulnerability range and physical host skeleton for the at least one host; a tolerance acceptance module (206) configured to check and prepare list of risky host and non-risky host; and an agent module (208) configured to find appropriate queue host in the network, based on tolerance level of the at least one host.
2. The network controller system (102) of claim 1 , wherein the scan module
(202) is configured to scan the at least one host using tools information, and identify predetermined information.
3. The network controller system (102) of claim 1 , wherein the scan module (202) is configured to calculate a value for similarity or difference for the at least one host, based on predetermined value. 4. The network controller system (102) of claim 1 , wherein the port detection module (204) is configured to determine if the at least one host is vulnerable.
5. The network controller system (102) of claim 1 , wherein the port detection module (204) is configured to assign the at least one host as passive host to fix vulnerability of the at least one host.
6. The network controller system (102) of claim 1 , wherein the port detection module (204) is configured to check intrusive port potential, and cure the intrusive port.
7. The network controller system (102) of claim 1 , wherein the tolerance acceptance module (206) is configured to categorize a risk based on predefined criteria. 8. The network controller system (102) of claim 1 , wherein the tolerance acceptance module (206) is configured to establish a continuous list for queue and a stock.
9. The network controller system (102) of claim 1 , wherein the agent module (208) is configured to establish a combination queuing host with combination of application and minimal tolerance physical specification.
10. The network controller system (102) of claim 1 , wherein the agent module (208) is configured to calculate minimum tolerance by comparing with clean host and hardware specification.
11. A computer-implemented method for adding a host to a network, the computer-implemented method comprising: scanning host discovery and physical specification for at least one host; establishing a vulnerability range and physical host skeleton for at least one host; checking and preparing list of risky and non-risky hosts; and finding appropriate queue host in the network, based on tolerance level of the at least one host.
12. The computer-implemented method of claim 11 , wherein the step of scanning comprises scanning the at least one host using tools information and identifying predetermined information.
13. The computer-implemented method of claim 11 , wherein the step of establishing the vulnerability range comprises determining if the at least one host is vulnerable.
14. The computer-implemented method of claim 11 , wherein the step of establishing the vulnerability range further comprising assigning the at least one host as passive host to fix vulnerability of the host. 15. The computer-implemented method of claim 11 , wherein the step of finding appropriate queue comprises establishing a combination queuing host with combination of application and minimal tolerance physical specification.
PCT/MY2020/050134 2019-11-28 2020-11-06 Network controller system and method WO2021107767A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2019007053 2019-11-28
MYPI2019007053 2019-11-28

Publications (1)

Publication Number Publication Date
WO2021107767A1 true WO2021107767A1 (en) 2021-06-03

Family

ID=76130673

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2020/050134 WO2021107767A1 (en) 2019-11-28 2020-11-06 Network controller system and method

Country Status (1)

Country Link
WO (1) WO2021107767A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006066982A (en) * 2004-08-24 2006-03-09 Hitachi Ltd Network connection control system
WO2013076920A1 (en) * 2011-11-25 2013-05-30 パナソニック株式会社 Master device, collaborative service management system, and collaborative service management method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006066982A (en) * 2004-08-24 2006-03-09 Hitachi Ltd Network connection control system
WO2013076920A1 (en) * 2011-11-25 2013-05-30 パナソニック株式会社 Master device, collaborative service management system, and collaborative service management method

Similar Documents

Publication Publication Date Title
CN105721461B (en) System and method for utilizing special purpose computer security services
US7506056B2 (en) System analyzing configuration fingerprints of network nodes for granting network access and detecting security threat
US8302196B2 (en) Combining assessment models and client targeting to identify network security vulnerabilities
US8544099B2 (en) Method and device for questioning a plurality of computerized devices
US8433792B2 (en) System and method for optimization of execution of security tasks in local network
US20150347751A1 (en) System and method for monitoring data in a client environment
US8065368B2 (en) Configuring templates for an application and network management system
CN109379347B (en) Safety protection method and equipment
US20120030757A1 (en) Login initiated scanning of computing devices
US11323474B1 (en) System and method for determining endpoint compatibility with subnet prefix of all-ones for lateral propagation prevention of ransomware
US20080183603A1 (en) Policy enforcement over heterogeneous assets
US20060064754A1 (en) Distributed network security service
US20090271510A1 (en) Network state platform
US11677758B2 (en) Minimizing data flow between computing infrastructures for email security
RU2601162C1 (en) Method of using dedicated computer security service
CN109299053B (en) File operation method, device and computer storage medium
WO2021107767A1 (en) Network controller system and method
CN116132132A (en) Network asset management method, device, electronic equipment and medium
CN112217770B (en) Security detection method, security detection device, computer equipment and storage medium
US20100179997A1 (en) Message tracking between organizations
KR102679203B1 (en) Vulnerability diagnosis method provided by diagnosis server
KR20200071787A (en) Method and system for managing integrated storages of on-premise and cloud
CN117082147B (en) Application network access control method, system, device and medium
RU2584505C2 (en) System and method for filtering files to control applications
US20080263203A1 (en) Method and apparatus for delegating responses to conditions in computing systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20891704

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20891704

Country of ref document: EP

Kind code of ref document: A1