1. Field of the Invention
The present invention relates generally to managing applications on a computer network, and more particularly to managing applications on a computer network using configuration inheritance and revisioning.
2. Description of Related Art
Multi-vendor security services and products typically provide network security. Each security service and product typically must be configured and reconfigured to maintain network security. Typically, each vendor for a security service and product utilizes various settings to establish a configuration. Some of these settings may be established at the time a product is installed. A user, a group, or update features of the product may establish other settings.
Unfortunately, it is difficult, if not impossible, for a network security administrator to know the configuration of each product, each device, at the various tiers that exist on the network at a given moment in time. Consequently, monitoring and changing configurations in view of a security threat is a time consuming and difficult task.
While there may be a well-defined security policy, assuring the policy is properly implemented at all times on the network is difficult. The security administrator may have no idea of how various products, devices etc. were configured at the time of an attack compared with how the same elements are configured at the time it was determined that an attack occurred. Consequently, it is unclear what must be done to implement the security policy.
This problem is exacerbated because there is not a common technique or structure for maintaining configuration data for the wide variety of products, devices and groupings of products and devices found in the complex enterprise networks that exist today. For this reason, an integrated approach to configuring devices and products to support network security management is very complex and difficult to implement. Moreover, an approach developed for one enterprise network many not be applicable to another enterprise network due to the differences in the network structure, the security products and services, and the use of the network.