The present invention relates in general to security application management and, in particular, to a system and process for maintaining a plurality of remote security applications using a modular framework in a distributed computing environment.
Information networks interconnecting a wide range of computational resources have become a mainstay of corporate enterprise computing environments. Typically, several host computer systems are interconnected internally over an intranetwork to which individual workstations and network resources are connected. These intranetworks, also known as local area networks (LANs), make legacy databases and information resources widely available for access and utilization throughout the corporation. These same corporate resources can also be interconnected to wide area networks (WANs), including public information internetworks such as the Internet, to enable internal users access to remote computational resources, such as the World Wide Web, and to allow outside users access to select corporate resources for the purpose of completing limited transactions or data transfer.
Most current internetworks and intranetworks are based on the Transmission Control Protocol/Internet Protocol (TCP/IP) suite, such as described in W. R. Stevens, xe2x80x9cTCP/IP Illustrated,xe2x80x9d Vol. 1, Ch. 1, Addison-Wesley (1994), the disclosure of which is incorporated herein by reference. Computer systems and network devices employing the TCP/IP suite implement a network protocol stack, which includes a hierarchically structured set of protocol layers. Each protocol layer performs a set of pre-defined functions as specified by the official TCP/IP standards set forth in applicable Requests for Comment (RFC).
The growth of distributed computing environments, especially TCP/IP environments, has created an increased need for computer security, particularly for protecting operating system and application software and stored data. A wide range of security applications are needed to ensure effective security. For example, firewalls and intrusion detection systems are necessary to combat would-be network intruders, the so-called xe2x80x9chackers,xe2x80x9d of the networking world. Similarly, antivirus scanning applications must be regularly executed and, equally importantly, updated, to detect and eradicate xe2x80x9cmalwarexe2x80x9d consisting of computer viruses, Trojan horses, and other forms of unauthorized content.
In addition to these forms of reactive security applications, proactive security applications are increasingly being adopted to prevent security breaches from happening. For instance, vulnerability scanners probe and identify potential security risks and concerns. Likewise, xe2x80x9choney potxe2x80x9d or decoy host systems create the illusion of a network of relatively unguarded, virtual hosts within which a would-be hacker can be tracked and identified.
While these types of security applications form a powerful arsenal of defensive and offensive security tools, installing, configuring and maintaining security applications, particularly when installed on remote client systems, can be a time-consuming and complex task. Generic solutions to managing security applications generally fail due to variations in installed hardware, operating system type and patch level, and application sets and version levels for each client system. Consequently, each client system must first be evaluated before any changes are effected, a task which only adds more time to an already tedious process. Client management applications can assist with maintaining an up-to-date inventory of the environment installed on each client, but these applications take a relatively passive role and lack the capability to effectively manage problem-specific vertical applications, such as security applications.
In addition, a computing site will often implement security policies to maximize the effectiveness of the security applications in place. For example, a security policy might require that individual client passwords be changed every month. However, even within a given site, security policies may vary and require different settings depending upon the platform and organizational needs. As well, individual systems, particularly when left with open administrative permissions, can depart from the actual security policies in effect, thereby by-passing the security measures and potentially creating a network vulnerability. Furthermore, security policies represent a meta level of security which is not necessarily dependent upon any one particular security application. Thus, implementing and enforcing security policies adds another layer of complexity to security application management.
Finally, the time required to properly configure and maintain a network site grows substantially with each installed platform and often several systems or even the entire network site can require maintenance to address specific problems or changes in security policies. For instance, a computer virus detection signature must be installed on each client system for every newly-discovered computer virus. Installing these virus signatures can take a significant amount of time. Similarly, software updates cannot be installed on any given system until a complete inventory of hardware, operating system, security applications, and patch levels has been completed. Obtaining an inventory can be particularly difficult in an environment that includes mobile computing resources.
Therefore, there is a need for an approach to securely managing security applications running on client systems, and particularly remote client systems, from a centralized management console. Such an approach would preferably provide the capability to install, configure, maintain, and update security applications and policies on the client systems and to receive events returned therefrom.
There is a further need for an approach to automatically updating security applications running on multiple client systems from a centralized management console.
The present invention provides a system and process for configuring and managing security applications executing on remote client systems in a distributed computing environment. A security management interface service interfaces to one or more snap-in components, including a namespace and an agent communication services snap-in components. The namespace snap-in component interfaces to a repository within which is stored one or more console storage objects. Each console storage object can contain one or more potentially nested storages which each contain one or more sets of attributes. Each attributes set corresponds to a remote security application. The remote security applications on each remote client system are interfaced to an agent which communicates with the security management interface service via the agent communication services snap-in component. The security management interface service processes service request received from the snap-in components via the namespace and agent communication services snap-in components.
An embodiment of the present invention is a system and a process for maintaining a plurality of remote security applications using a centralized broker in a distributed computing environment. A centralized broker is executed on a designated system within the distributed computing environment. A console interface from the centralized broker is exposed. The console interface implements a plurality of browser methods which each define a browser function which can be invoked by a plurality of snap-in components. A namespace snap-in component is defined and includes a logical grouping identifying at least one remote security application being executed on a remote system within the distributed computing environment. A namespace interface from the namespace snap-in component is exposed. The namespace interface implements a plurality of namespace methods each defining a storage function which can be invoked by the centralized broker. A repository including a plurality of storages corresponding to each remote system is formed. Each storage includes a set of attributes describing each such remote security application defined within the namespace snap-in component.
Still other embodiments of the present invention will become readily apparent to those skilled in the art from the following detailed description, wherein is described embodiments of the invention by way of illustrating the best mode contemplated for carrying out the invention. As will be realized, the invention is capable of other and different embodiments and its several details are capable of modifications in various obvious respects, all without departing from the spirit and the scope of the present invention. Accordingly, the drawings and detailed description are to be regarded as illustrative in nature and not as restrictive.