Method and system for quantitatively assessing computer network vulnerability

US 20030154269A1
Filed: 02/14/2002
Published: 08/14/2003
Est. Priority Date: 02/14/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of quantitatively assessing the vulnerability of an elementary network unit, including at least one host, in which the state of, and application bound to, each port is known, the method comprising:

classifying each port on each host in the elementary network unit; and

determining a quantitative vulnerability rating for the elementary network unit in accordance with the classification of each port on each host in the elementary network unit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for quantitatively assessing the vulnerability of a computer network, comprised of elementary network elements each having at least one host, to external attack. The method produces a quantitative assessment that is repeatable and can be compared to a quantitative assessment of a separate network to determine the relative vulnerability of the network. The quantitative assessment is a function of the quantitative assessment of each elementary network unit, which is derived by classifying each port on each host and subsequently determining a quantitative vulnerability rating for the elementary network unit in accordance with the classification of each port on each host.

81 Citations

View as Search Results

19 Claims

1. A method of quantitatively assessing the vulnerability of an elementary network unit, including at least one host, in which the state of, and application bound to, each port is known, the method comprising:
- classifying each port on each host in the elementary network unit; and
  
  determining a quantitative vulnerability rating for the elementary network unit in accordance with the classification of each port on each host in the elementary network unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 19)
- - 2. The method of claim 1, wherein classifying each port includes:
    - determining a network vulnerability rating for each port;
      
      determining an application vulnerability rating for each port; and
      
      determining a port status rating for each port.
  - 3. The method of claim 2, wherein the network vulnerability rating is derived from the status of each port, and the application bound to it.
  - 4. The method of claim 2, wherein determining the quantitative vulnerability rating for the elementary network unit includes:
    - determining, for each port, a port vulnerability rating as a function of the network vulnerability rating, the application vulnerability rating and the port status rating;
      
      determining, for each host in the elementary network unit, a host vulnerability rating as a function of the port vulnerability rating for each port associated with the host; and
      
      determining the quantitative vulnerability rating for the elementary network unit as a function of the determined host vulnerability ratings for each host in the elementary network unit.
  - 5. The method of claim 2, wherein the network vulnerability rating is determined by network protocol conventions regarding the assignment of ports.
  - 6. The method of claim 2, wherein the application vulnerability rating is determined by the application bound to the port.
  - 7. The method of claim 6, wherein the application vulnerability rating is further determined by a version of the application.
  - 8. The method of claim 6, wherein the application vulnerability rating is further determined by an operating system associated with the application.
  - 9. The method of claim 2, wherein the port status rating is determined by the state of the port.
  - 10. The method of claim 9, wherein the state of the port is selected from open, closed and filtered.
  - 19. The method of claim 1 wherein the application is a service.

11. A application program for quantitatively assessing the vulnerability of a computer network based on the state of, and application bound to, each port received from a network scanning application, the computer network being logically grouped into at least one elementary network unit having at least one host, comprising:
- classification means for classifying each port on each host in the elementary network unit; and
  
  means for determining a quantitative vulnerability rating for the elementary network unit in accordance with the classification of each port on each host in the elementary network unit.
- View Dependent Claims (12, 13)
- - 12. The application program of claim 11, wherein the classification means includes means for determining a network vulnerability rating for each port;
    - means for determining an application vulnerability rating for each port; and
      
      means for determining a port status rating for each port.
  - 13. The application program of claim 12, wherein the means for determining a quantitative vulnerability rating for the elementary network unit includes:
    - means for determining, for each port, a port vulnerability rating as a function of the network vulnerability rating, the application vulnerability rating and the port status rating;
      
      means for determining, for each host in the elementary network unit, a host vulnerability rating as a function of the port vulnerability rating for each port associated with the host; and
      
      means for determining the quantitative vulnerability rating for the elementary network unit as a function of the host vulnerability rating for each host in the elementary network unit.

14. A graphical representation for displaying computer network vulnerability, comprising:
- a plot of the computer network divided into elementary network units, each elementary network unit having a quantitative vulnerability rating.

15. A method for evaluating risk in a computer network, the computer network having at least one elementary network unit, comprising:
- determining a quantitative vulnerability rating for each elementary network unit;
  
  determining a risk associated with the computer network as a function of the quantitative vulnerability rating.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein determining the risk includes aggregating the quantitative vulnerability rating for each elementary network unit.
  - 17. The method of claim 15, wherein determining the risk includes comparing the quantitative vulnerability rating of the elementary network unit to a benchmark.
  - 18. The method of claim 15, wherein determining the risk includes comparing the quantitative vulnerability rating of the network to a benchmark.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of Montreal
Original Assignee
Bank of Montreal
Inventors
Nyanchama, Matunda G., Garigue, Robert J., Lopyrev, Alexandre

Application Number

US10/073,992
Publication Number

US 20030154269A1
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 63/1433 Vulnerability analysis

Method and system for quantitatively assessing computer network vulnerability

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for quantitatively assessing computer network vulnerability

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links