System And Method For Network Vulnerability Detection And Reporting
First Claim
1. A method of objectively assessing the security of a network, said method comprising:
- assigning a vulnerability risk level to each of a plurality of vulnerabilities found on the network;
assigning a vulnerability risk level to each of a plurality of nodes on the network based on vulnerabilities found on each of the plurality of nodes;
assigning an exposure risk level to each exposure found on the network;
providing a security score that is dependent on at least the vulnerability risk levels of the vulnerabilities, the vulnerability risk levels of the nodes, and a number of nodes on the network.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.
171 Citations
16 Claims
-
1. A method of objectively assessing the security of a network, said method comprising:
-
assigning a vulnerability risk level to each of a plurality of vulnerabilities found on the network;
assigning a vulnerability risk level to each of a plurality of nodes on the network based on vulnerabilities found on each of the plurality of nodes;
assigning an exposure risk level to each exposure found on the network;
providing a security score that is dependent on at least the vulnerability risk levels of the vulnerabilities, the vulnerability risk levels of the nodes, and a number of nodes on the network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for selectively calculating one of a plurality of network security scores, the system comprising:
-
a network security score calculation module adapted to run computer instructions for calculating a network security score, the network security score being calculated according to defined vulnerabilities and exposures found in a network and defined numerical weights for each defined vulnerability and exposure;
a plurality of network security calculation instruction sets, the plurality of network security calculation instruction sets adapted to define the vulnerabilities and exposures included in the calculation, and to define the numerical weights for each vulnerability and exposure; and
a calculation selection module adapted to allow a computer user to select one of the plurality of network security calculation instruction sets to be run by the network security score calculation module. - View Dependent Claims (9)
-
-
10. A computer program product embodied on a tangible computer readable medium for objectively assessing the security of a network, said computer program product comprising:
-
computer code for assigning a vulnerability risk level to each of a plurality of vulnerabilities found on the network;
computer code for assigning a vulnerability risk level to each of a plurality of nodes on the network based on vulnerabilities found on each of the plurality of nodes;
computer code for assigning an exposure risk level to each exposure found on the network;
computer code for providing a security score that is dependent on at least the vulnerability risk levels of the vulnerabilities, the vulnerability risk levels of the nodes, and a number of nodes on the network. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
assigning a vulnerability risk level to each of a plurality of vulnerabilities found on a network;
identifying a number of nodes on the network; and
providing a security score that is dependent on at least one of the vulnerability risk levels and the number of nodes on the network.
-
Specification