System and method for network vulnerability detection and reporting

US 20030217039A1
Filed: 03/10/2003
Published: 11/20/2003
Est. Priority Date: 01/15/2002
Status: Active Grant

First Claim

Patent Images

1. A system for detecting and tracking network security vulnerabilities, the system comprising:

a scanning module that scans a target network to identify security vulnerabilities within specific host computers of the target network, wherein the scanning module is responsive to identification of a security vulnerability within a host computer by generating a vulnerability record that specifies the vulnerability and the host computer;

a vulnerability record management module that provides functionality for assigning the vulnerability records to specific users for correction of the security vulnerabilities specified therein, and further provides functionality for tracking a status of each such vulnerability record; and

a fix verification module that performs a vulnerability-record-specific vulnerability test to evaluate whether a security vulnerability specified by a vulnerability record has been corrected within a corresponding host computer.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.

173 Citations

13 Claims

1. A system for detecting and tracking network security vulnerabilities, the system comprising:
- a scanning module that scans a target network to identify security vulnerabilities within specific host computers of the target network, wherein the scanning module is responsive to identification of a security vulnerability within a host computer by generating a vulnerability record that specifies the vulnerability and the host computer;
  
  a vulnerability record management module that provides functionality for assigning the vulnerability records to specific users for correction of the security vulnerabilities specified therein, and further provides functionality for tracking a status of each such vulnerability record; and
  
  a fix verification module that performs a vulnerability-record-specific vulnerability test to evaluate whether a security vulnerability specified by a vulnerability record has been corrected within a corresponding host computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the scanning module is configurable with host credentials for scanning a target host computer, and wherein the fix verification module re-uses said host credentials to perform the vulnerability-record-specific vulnerability test of the target host computer.
  - 3. The system of claim 2, wherein the host credentials include an administrative-level username and password for the target host computer.
  - 4. The system of claim 1, wherein the vulnerability record management module provides a user interface through which an administrator can assign each vulnerability record to a selected user within a pool of users, and can view the statuses of the assigned vulnerability records.
  - 5. The system of claim 1, wherein the vulnerability record management module inhibits closure of a vulnerability record for which the fix verification module has not yet verified correction of a security vulnerability.
  - 6. The system of claim 1, wherein the vulnerability record management module provides a user option to verify a selected vulnerability record, and the fix verification module is responsive to user actuation of said option by performing a vulnerability test of the single host computer associated with the selected vulnerability record.
  - 7. The system of claim 1, wherein the scanning module tests a target host computer for each of a plurality of vulnerabilities, and the fix verification module performs a vulnerability-record-specific vulnerability test of the target host computer without re-testing for all of said plurality of vulnerabilities.

8. A method of network security vulnerability testing, comprising:
- scanning each of a plurality of host computers on a target network to test for an existence of known security vulnerabilities within the host computers;
  
  in response to detection of a security vulnerability within a host computer, generating a vulnerability record that is specific to the host computer, said vulnerability record specifying the detected security vulnerability; and
  
  providing a user interface through which user actions taken with respect to the vulnerability record may be tracked, and through which a vulnerability-record-specific fix verification test may be initiated to determine whether the detected security vulnerability has been removed from the host computer.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the vulnerability-record-specific fix verification test is performed without re-testing for all security vulnerabilities assessed during scanning.
  - 10. The method of claim 8, wherein the vulnerability-record-specific fix verification test tests the host computer for the existence of the detected security vulnerability only, without testing for other security vulnerabilities.
  - 11. The method of claim 8, wherein the user interface provides an option for an administrative user to assign the vulnerability record to a selected user for correcting the detected security vulnerability.
  - 12. The method of claim 8, wherein the vulnerability-record-specific fix verification test is performed using host credentials used during scanning of the host computer.
  - 13. The method of claim 12, wherein the host credentials include an administrative-level username and password for the host computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Cole, David M., Kurtz, George R.

Granted Patent

US 7,664,845 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/1
CPC Class Codes

G02B 2006/12097   Ridge, rib or the like

G02B 2006/12116   Polariser; Birefringent

G02B 5/3083   Birefringent or phase retar...

G02B 6/105   having optical polarisation...

G02B 6/12011   characterised by the arraye...

G02B 6/12023   characterised by means for ...

G06Q 10/063   Operations research, analys...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/0218   Distributed architectures, ...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

System and method for network vulnerability detection and reporting

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

173 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for network vulnerability detection and reporting

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

173 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links