IP Addresses
Definitions of an Internet Protocol (IP) address may vary in the context of various IP versions. One version, IP Version 4 (IPv4) sets forth a 32-bit address. IP Version 6 (IPv6) provides a description of a newer 128-bit IP address. In the context of IPv4, an IP address is a 32-bit number that identifies each sender or receiver of information that is sent in packets across the Internet.
When one requests an HTML page or sends e-mail, the IP part of Transfer Control Protocol (TCP/IP) includes an IP address in the message and sends it to the IP address that is obtained by looking up the domain name in the Uniform Resource Locator (URL) that is requested or in the e-mail address. At the other end, the recipient can see the IP address of the Web page requestor or the e-mail sender and can respond by sending another message using the IP address it received.
An IP address has traditionally has two parts: the identifier of a particular network on the Internet and an identifier of the particular device (i.e. server, workstation, etc.) within that network.
The network part of the IP address identifies a particular network on the Internet. As is well known, the Internet provides an interconnection of many individual networks. The IP is basically the set of rules for one network communicating with any other. Each network must know the address thereof and that of any other networks with which it communicates. To be part of the Internet, an organization must have a particular Internet network number which is included in the network part of the IP address.
The local or host part of the IP address, on the other hand, identifies which specific machine or host in a network is sending or receiving a message. In use, the IP address must include both the unique network number and host number (which is unique within the network).
Since networks vary in size, there are four different basic address formats or classes to consider when subnetting a network. Table 1 illustrates examples of the various classes.
TABLE 1Class A addresses are for large networks with many devices.Class B addresses are for medium-sized networks.Class C addresses are for small networks (fewer than 256 devices)Class D addresses are multicast addresses.
Prior art FIG. 1 illustrates the various address structures 100 associated with the different classes set forth in Table 1. The IP address is usually expressed as four decimal numbers, each representing eight bits, separated by periods.
For Class A IP addresses, the numbers represent “network.local.local.local”; for a Class C IP address, they represent “network.network.network.local”. The number version of the IP address may be represented by a name or series of names called the domain name.
Network Security Systems
Computer network attacks can take many forms and any one attack may include many security events of different types. Security events are anomalous network conditions each of which may cause an anti-security effect to a computer network. Security events include producing network damage through mechanisms such as viruses, worms, or Trojan horses and overwhelming the network's capability in order to cause denial of service, and so forth.
Security systems often employ security risk-management tools, i.e. “scanners,” to search for known types of security events in the form of network service vulnerabilities, and also possibly for malicious programs such as viruses, worms, and Trojan horses.
In one particular type of network scanner system, a scanning agent is positioned on each of a plurality of network components. Each scanning agent includes the capability of scanning the associated network component in accordance with a particular set of rules, i.e. policy. By this design, policies may be sent to the network components from a centralized location such that a particular type of scan may be executed thereon.
In use, a controller at the centralized location must send the policies to each of the network components individually. In other words, a unique IP address representing a target machine, or network, must be generated for each instance of policy distribution. Often, one scanning policy is enforced across multiple different networks and/or network components. Unfortunately, this requires scheduling multiple separate tasks even though the only thing that changed is the target machine or network.
There is thus a need for configuring scanning policies in a more efficient manner.