System and Method for Network Security Scanning
First Claim
1. A method for scanning network nodes for detection and reporting of security vulnerabilities, comprising the steps of:
- scanning all network host nodes within designated address ranges for determining all active hosts;
scanning all ports in each active host for determining all open ports;
scanning each port of each active host for detecting security vulnerabilities;
notifying a user of all open ports and detected security vulnerabilities; and
repeating the scanning and notifying steps above in an iterative manner.
2 Assignments
0 Petitions
Accused Products
Abstract
A network appliance for scanning network nodes to determine open ports and vulnerabilities to attack by unauthorized users. A user initializes the system and method by remotely configuring the network scanner, initiating a new job by defining IP address ranges to be scanned, and iteratively assessing the vulnerabilities of assigned active network nodes. The vulnerability assessment comprises scanning all host network nodes within a user specified range of IP addresses, scanning all ports of host network nodes found to be active to determine open ports, and scanning all ports to assess vulnerabilities to unauthorized access using vulnerability scanner plug-ins. The vulnerability plug-in modules may be downloaded into a scanner on an “as required” basis. A user may access and configure the network scanner and define ranges of IP addresses to be protected from a remote client workstation.
203 Citations
29 Claims
-
1. A method for scanning network nodes for detection and reporting of security vulnerabilities, comprising the steps of:
-
scanning all network host nodes within designated address ranges for determining all active hosts;
scanning all ports in each active host for determining all open ports;
scanning each port of each active host for detecting security vulnerabilities;
notifying a user of all open ports and detected security vulnerabilities; and
repeating the scanning and notifying steps above in an iterative manner. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for scanning network nodes for detection and reporting of security vulnerabilities, comprising:
-
means for scanning all network host nodes within designated address ranges for determining all active hosts;
means for scanning all ports in each active host for determining all open ports;
means for scanning each port of each active host for detecting security vulnerabilities; and
means for notifying a user of all open ports and detected security vulnerabilities. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for scanning network nodes for detection and reporting of security vulnerabilities, comprising:
-
a user interface on a client workstation connected to a network scanner via a communications network and a user interface gateway for configuring and initializing the scanner, defining scan jobs, and receiving results of security assessments of designated host nodes within a network; and
the network scanner system including a daemon supervisor, a host scanner daemon, an operating system daemon, a port scanner daemon, a vulnerability scanner daemon, a control database, and a plug-in database.
-
Specification