METHOD AND SYSTEM FOR PREVENTING COMPROMISE OF NETWORK INFRASTRUCTURE OBJECTS IN FREEIPA DIRECTORY SERVICE Russian patent published in 2024 - IPC G06F21/50

Abstract RU 2826430 C1

FIELD: providing security of a corporate network.

SUBSTANCE: technical result is achieved by a method for preventing compromise of network infrastructure objects (NIO) in the FreeIPA directory service, in which: obtaining data from the FreeIPA domain controller storage, which characterize the control NIO and their attributes, the access rights granted to them, as well as reference books of links between said NIO; determining FreeIPA highly privileged objects (HVA); determining types of NIO relations between themselves; forming a graph based on the obtained data; HVA attack path is simulated using the generated graph, at which determining at least one subgraph with NIO, allowing to obtain control over HVA, or related NIO; HVA is monitored based on the simulated attack path; and in case of determination of change of access rights of NIO, detected on subgraph, performing isolation of links of at least one detected NIO from other objects and/or reduction of its privileges by removal of rights.

EFFECT: high efficiency of protecting a corporate network from compromising facilities and gaining access to highly privileged assets.

11 cl, 3 dwg, 2 tbl

Similar patents RU2826430C1

Title	Year	Author	Number
METHOD AND SYSTEM FOR PREVENTING UNAUTHORIZED ACCESS TO CORPORATE NETWORK OBJECTS	2022	Balashov Aleksandr Viktorovich Cherepanov Pavel Nagornov Ivan Grigorevich Glazunov Nikita Sergeevich Solomatin Aleksandr Igorevich	RU2799117C1
TECHNOLOGIES FOR PROVIDING NETWORK SECURITY THROUGH DYNAMICALLY ALLOCATED ACCOUNTS	2015	Brady Shane Mathur Siddhartha Dani Rajalakshmi Kumar Santosh Schoen Luke Hetherington David	RU2691211C2
STRATEGIES TO STUDY VULNERABILITIES AND TO SUPPRESS VULNERABILITIES CAUSED BY CAPTURING ACCOUNT DATA	2007	Dungan Dzhon Khartrehll Gregori D. Sajmon Dehniel R.	RU2462753C2
EXPERT ANALYSIS OF SYSTEM AND GRAPHIC DISPLAY OF PRIVILEGES ESCALATION ROUTES IN COMPUTING ENVIRONMENT	2006	Lambert Dzhon Tomlinson Mehtt'Ju	RU2421792C2
MEANS OF CONTROLLING ACCESS TO ONLINE SERVICE USING CONVENTIONAL CATALOGUE FEATURES	2011	Olzhevski Markin Lyuk Dzhonatan Khopmann Aleksandr I. Do Rosario Fabritsio Chalub Barbosa Gorbet Devid Pol Kharris Kakhill Dzhejson Mettyu	RU2598324C2
CONTAINER-CONTROLLING AND DISPATCHING SYSTEM	2019	Sinkh, Dipak Suares, Entoni Dzhozef Serston, Uilyam Endryu Ajtal, Anirudkh Balachandra Gerdesmajer, Deniel Robert Kemp, Euan Skajler Meduri, Kiran Kumar Azad, Mukhammad Umer	RU2751576C2
CONTROL AND CONTAINERS DISPATCHING SYSTEM	2015	Singh Deepak Suarez Anthony Joseph Thurston William Andrew Aithal Anirudh Balachandra Gerdesmeier Daniel Robert Kemp Euan Skyler Meduri Kiran Kumar Azad Muhammad Umer	RU2666475C1
CONTAINER CONTROL AND DISPATCHING SYSTEM	2015	Singh, Deepak Suarez, Anthony Joseph Thurston, William Andrew Aithal, Anirudh Balachandra Gerdesmeier, Daniel Robert Kemp, Euan Skyler Meduri, Kiran Kumar Azad, Muhammad Umer	RU2704734C2
INTERACTING MODULE FACILITIES FOR COLLECTION OF AUTHENTICATORS AND ACCESS	2004	Khats Bendzhamin A. Ilas Krist'Jan Perlin Ehrik K. Flo Ehrik R. Stefens Dzhon Shutts Klaus U. Richardz Stefan Rizor Sterling M.	RU2369025C2
SYSTEM AND METHOD FOR TARGET INSTALLATION OF CONFIGURED SOFTWARE	2012	Voronkov Konstantin Pavlovich Deshevykh Stepan Nikolaevich Jablokov Viktor Vladimirovich	RU2523113C1

RU 2 826 430 C1

Authors

Balashov Aleksandr Viktorovich

Cherepanov Pavel

Nagornov Ivan Grigorevich

Dates

2024-09-10—Published

2023-12-20—Filed