Method and system for quantitatively assessing computer network vulnerability
First Claim
1. A method of quantitatively assessing the vulnerability of an elementary network unit, including at least one host, in which the state of, and application bound to, each port is known, the method comprising:
- classifying each port on each host in the elementary network unit; and
determining a quantitative vulnerability rating for the elementary network unit in accordance with the classification of each port on each host in the elementary network unit.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for quantitatively assessing the vulnerability of a computer network, comprised of elementary network elements each having at least one host, to external attack. The method produces a quantitative assessment that is repeatable and can be compared to a quantitative assessment of a separate network to determine the relative vulnerability of the network. The quantitative assessment is a function of the quantitative assessment of each elementary network unit, which is derived by classifying each port on each host and subsequently determining a quantitative vulnerability rating for the elementary network unit in accordance with the classification of each port on each host.
-
Citations
19 Claims
-
1. A method of quantitatively assessing the vulnerability of an elementary network unit, including at least one host, in which the state of, and application bound to, each port is known, the method comprising:
-
classifying each port on each host in the elementary network unit; and
determining a quantitative vulnerability rating for the elementary network unit in accordance with the classification of each port on each host in the elementary network unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 19)
-
-
11. A application program for quantitatively assessing the vulnerability of a computer network based on the state of, and application bound to, each port received from a network scanning application, the computer network being logically grouped into at least one elementary network unit having at least one host, comprising:
-
classification means for classifying each port on each host in the elementary network unit; and
means for determining a quantitative vulnerability rating for the elementary network unit in accordance with the classification of each port on each host in the elementary network unit. - View Dependent Claims (12, 13)
-
-
14. A graphical representation for displaying computer network vulnerability, comprising:
a plot of the computer network divided into elementary network units, each elementary network unit having a quantitative vulnerability rating.
-
15. A method for evaluating risk in a computer network, the computer network having at least one elementary network unit, comprising:
-
determining a quantitative vulnerability rating for each elementary network unit;
determining a risk associated with the computer network as a function of the quantitative vulnerability rating. - View Dependent Claims (16, 17, 18)
-
Specification