1. Field of the Invention
The present invention relates to a system, computer program, or method for performing inventories of network assets or resources. More particularly, the present invention relates to a system, computer program, or method for automatically and periodically performing inventories of one or more network assets or resources, such as, for example, servers, workstations, or firewalls, using a small non-intrusive agent running on each asset to gather and send information in a secure manner to a designated collection server where it can be parsed and wherefrom pertinent information can be saved to a directory server, whereafter the information may be retrieved by a reporting server and used to generate specific reports for use in, for example, determining network vulnerabilities, checking software licenses, and tracking network assets.
2. Description of the Prior Art
In a computer network comprising a plurality of assets or resources, including, for example, servers, workstations, or firewalls, it is often desirable to have available a complete and current inventory of each asset. Such an inventory provides data for use in a variety of desirable functions, including, for example, tracking vulnerabilities (e.g., determine whether operating system versions are up-to-date, or that any appropriate or required patches have been applied); checking software licenses; and tracking the existence and location of assets, whether physical or logical in nature.
Inventory mechanisms exist for conducting inventories of network assets or resources, but these mechanisms typically use undesirably large and disruptive processes to gather the information and put it into a useful format. Furthermore, parsing and analysis of the inventory data is typically performed on and by the asset being inventoried, thereby substantially reducing the availability of processing and memory resources more preferably dedicated toward the asset's primary function.
Additionally, when a change is desired in the protocol for performing the inventory, existing inventory mechanisms typically require that such changes be made separately on every asset to which the changes apply. It will be appreciated that where the number of such assets is in the hundreds or thousands, such changes are extremely inefficient, tedious, and time-consuming.
Additionally, existing inventory mechanisms typically provide no means of identification or authentication of inventory data, nor do they provide security when transferring such data. For example, those with skill in the computer-related arts are familiar with “spoofing”, which means to deceive, possibly by simulating a communications protocol, in order to gain access to an asset or resource. A well-known spoofing technique involves presenting a fake IP address to disguise the actual source of a communication. Because they provide no means of identification or authentication, existing inventory mechanisms are vulnerable to such spoofing.
Due to the above-identified and other problems and disadvantages in the art, a need exists for an improved inventory mechanisms for performing inventories of network assets or resources.