1. Field of the Invention
This invention relates generally to computer networks and, more specifically, to identifying a host through changes in the configuration of a dynamic network.
2. Description of the Related Art
Network security systems need an accurate snapshot of a network in order to provide optimal protection. Some devices on the network are configured to use static Internet Protocol (IP) addresses, allowing the network security system to easily track those devices. For example, a record or log of host characteristics, vulnerabilities, past attacks, and the like can be consistently associated with a device having a given address.
However, some networks and devices are configured to use dynamic IP addresses, which can cause the device to be disassociate from its record or log. Using techniques such as Dynamic Host Configuration Protocol (DHCP), a DHCP server can dynamically assign IP addresses on an as-needed basis from a pool. As a result, fewer IP addresses are needed. On the other hand, the network security system is unable to leverage off previously gathered information concerning a device that is not new to the network, but has merely been assigned a different IP address. Reassignment of IP addresses is not uncommon, occurring as a result of, for example, rebooting either the network security system or a device, physically unplugging a device from the network, manual configuration, and the like.
Problematically, the network security system performance is degraded in a dynamic network as it no longer has an accurate snapshot of the network. For example, if the device record contains a list of vulnerabilities present on the device, but the network security system is unable to retrieve this information because the address of the device has changed, the device may not be protected against those vulnerabilities. Nor is a network administrator able to make informed security decisions.
Additionally, self-identification of devices is unreliable and can further degrade performance. One way for a device to self-identify is through a service banner. However, hackers can easily compromise and edit service banners to misidentify the device. Furthermore, service banners often contain insufficient information concerning, for example, application version numbers and patch levels.
Therefore, what is needed is a robust network security system capable of persistently identifying a device through changes on a dynamic network. Furthermore, a network security system should be capable of providing the same level of security to a dynamic network as it does to a static network.