System And Method For Network Vulnerability Detection And Reporting
First Claim
1. A method of conducting an automated vulnerability assessment on a computer network, comprising:
- sending a plurality of IP addresses to a network scanning process;
assigning a first group of IP addresses from the plurality of IP addresses to a first subscanning process and assigning a second group of IP addresses from the plurality of IP addresses to a second subscanning process, the first subscanning process scanning the computer network with a first selected sequence of IP addresses from the first group of IP addresses and receiving and storing a first set of responses from the computer network, the second subscanning process scanning the computer network with a second selected sequence of IP addresses from the second group of IP addresses and receiving and storing a second set of responses from the computer network, the first selected sequence of IP addresses and the second selected sequence of IP addresses being applied in parallel; and
providing the first set of responses and the second set of responses as data for performing a vulnerability assessment of the computer network.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.
-
Citations
24 Claims
-
1. A method of conducting an automated vulnerability assessment on a computer network, comprising:
-
sending a plurality of IP addresses to a network scanning process;
assigning a first group of IP addresses from the plurality of IP addresses to a first subscanning process and assigning a second group of IP addresses from the plurality of IP addresses to a second subscanning process, the first subscanning process scanning the computer network with a first selected sequence of IP addresses from the first group of IP addresses and receiving and storing a first set of responses from the computer network, the second subscanning process scanning the computer network with a second selected sequence of IP addresses from the second group of IP addresses and receiving and storing a second set of responses from the computer network, the first selected sequence of IP addresses and the second selected sequence of IP addresses being applied in parallel; and
providing the first set of responses and the second set of responses as data for performing a vulnerability assessment of the computer network. - View Dependent Claims (4, 5, 6, 7, 8)
-
-
2. The method of defined in claim 2, wherein:
-
the first group of IP addresses applied by the first subscanning process are distributed among at least a first batch of IP addresses and a second batch of IP addresses;
the first batch of IP addresses comprises a first non-ordered sequence of a first portion of the first group of IP addresses and the second batch of IP addresses comprises a second non-ordered sequence of a second portion of the first group of IP addresses;
the second group of IP addresses applied by the second subscanning process are distributed among at least a third batch of IP addresses and a fourth batch of IP addresses; and
the third batch of IP addresses comprises a third non-ordered sequence of a first portion of the second group of IP addresses and the fourth batch of IP addresses comprises a fourth non-ordered sequence of a second portion of the second group of IP addresses. - View Dependent Claims (3)
-
-
9. A computer program product embodied on a tangible computer readable medium for conducting an automated vulnerability assessment on a computer network, comprising:
-
computer code for sending a plurality of IP addresses to a network scanning process;
computer code for assigning a first group of IP addresses from the plurality of IP addresses to a first subscanning process and assigning a second group of IP addresses from the plurality of IP addresses to a second subscanning process, the first subscanning process scanning the computer network with a first selected sequence of IP addresses from the first group of IP addresses and receiving and storing a first set of responses from the computer network, the second subscanning process scanning the computer network with a second selected sequence of IP addresses from the second group of IP addresses and receiving and storing a second set of responses from the computer network, the first selected sequence of IP addresses and the second selected sequence of IP addresses being applied in parallel; and
computer code for providing the first set of responses and the second set of responses as data for performing a vulnerability assessment of the computer network;
wherein;
the first group of IP addresses applied by the first subscanning process are distributed among at least a first batch of IP addresses and a second batch of IP addresses;
the first batch of IP addresses comprises a first non-ordered sequence of a first portion of the first group of IP addresses and the second batch of IP addresses comprises a second non-ordered sequence of a second portion of the first group of IP addresses;
the second group of IP addresses applied by the second subscanning process are distributed among at least a third batch of IP addresses and a fourth batch of IP addresses; and
the third batch of IP addresses comprises a third non-ordered sequence of a first portion of the second group of IP addresses and the fourth batch of IP addresses comprises a fourth non-ordered sequence of a second portion of the second group of IP addresses. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. Apparatus for conducting an automated vulnerability assessment on a computer network, comprising:
-
means for sending a plurality of IP addresses to a network scanning process;
means for assigning a first group of IP addresses from the plurality of IP addresses to a first subscanning process and assigning a second group of IP addresses from the plurality of IP addresses to a second subscanning process, the first subscanning process scanning the computer network with a first selected sequence of IP addresses from the first group of IP addresses and receiving and storing a first set of responses from the computer network, the second subscanning process scanning the computer network with a second selected sequence of IP addresses from the second group of IP addresses and receiving and storing a second set of responses from the computer network, the first selected sequence of IP addresses and the second selected sequence of IP addresses being applied in parallel; and
means for providing the first set of responses and the second set of responses as data for performing a vulnerability assessment of the computer network;
wherein;
the first group of IP addresses applied by the first subscanning process are distributed among at least a first batch of IP addresses and a second batch of IP addresses;
the first batch of IP addresses comprises a first non-ordered sequence of a first portion of the first group of IP addresses and the second batch of IP addresses comprises a second non-ordered sequence of a second portion of the first group of IP addresses;
the second group of IP addresses applied by the second subscanning process are distributed among at least a third batch of IP addresses and a fourth batch of IP addresses; and
the third batch of IP addresses comprises a third non-ordered sequence of a first portion of the second group of IP addresses and the fourth batch of IP addresses comprises a fourth non-ordered sequence of a second portion of the second group of IP addresses. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A method, comprising:
-
assigning a first group including one or more IP addresses to a first subscanning process and assigning a second group including one or more IP addresses to a second subscanning process, the first subscanning process scanning the computer network with the one or more IP addresses of the first group and receiving and storing one or more responses from the computer network, the second subscanning process scanning the computer network with the one or more IP addresses of the second group and receiving and storing one or more responses from the computer network, the first subscanning process occurring in parallel with the second subscanning process; and
providing the responses as data for performing a vulnerability assessment of the computer network. - View Dependent Claims (23, 24)
-
Specification