Method and System For Network Vulnerability Assessment

US 20080209566A1
Filed: 06/22/2006
Published: 08/28/2008
Est. Priority Date: 06/30/2005
Status: Abandoned Application

First Claim

Patent Images

1. A simultaneous system for finding and assessing vulnerabilities in a network, comprising:

A. A mapping unit for;

a. scanning the network, and each time a new element is found, reporting its IP address to a profiling unit;

b. sequentially receiving from the profiling unit profile records of said newly found elements;

c. sequentially extracting tables from those elements which their profile record indicates that they are of the network equipment type; and

d. sequentially reporting to a modeling and simulating unit topology records which include said found IPs, and for those elements being of a network equipment type, said topology records also include said extracted tables;

B. A profiling unit for sequentially receiving IP addresses of network elements from the mapping unit, investigating each of said elements, forming a profile record for each of said elements, and sequentially transferring said profile records to both the mapping unit and to a vulnerability assessment unit;

C. A vulnerability assessment unit for;

a. sequentially receiving profile records from the profiling unit;

b. determining a list of those vulnerability tests that have to be performed on each element;

c. performing for each element those vulnerability tests that are included in its corresponding list, and determining for each test a passed or failed result; and

d. sequentially reporting to a modeling and simulation unit for each performed test, the IP of the element, the identity code of the element, and the passed or failed result;

andD. A modeling and simulation unit for;

a. sequentially receiving topology records from the mapping unit, and each time a topology record is received, adding or subtracting respectively the corresponding element from a model of the network which is maintained at the modeling and simulation unit;

b. sequentially receiving from the vulnerability assessment unit VT results;

c. sequentially analyzing the model currently existing at the modeling and simulation unit for the possibility of exploiting vulnerabilities of the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a simultaneous system for finding and assessing vulnerabilities in a network, which comprises: A. A mapping unit for: (a) scanning the network, and each time a new element is found, reporting its IP address to a profiling unit; (b) sequentially receiving from the profiling unit profile records of said newly found elements; (c) sequentially extracting tables from those elements which their profile record indicates that they are of the network equipment type; and (d) sequentially reporting to a modeling and simulating unit topology records which include said found IPs, and for those elements being of a network equipment type, said topology records also include said extracted tables; B. A profiling unit for sequentially receiving IP addresses of network elements from the mapping unit, investigating each of said elements, forming a profile record for each of said elements, and sequentially transferring said profile records to both the mapping unit and to a vulnerability assessment unit; C. A vulnerability assessment unit for: (a) sequentially receiving profile records from the profiling unit; (b) determining a list of those vulnerability tests that have to be performed on each element; (c) performing for each element those vulnerability tests that are included in its corresponding list, and determining for each test a passed or failed result; and (d) sequentially reporting to an modeling and simulation unit for each performed test, the IP of the element, the identity code of the element, and the passed or failed result; and D. A modeling and simulation unit for: (a) sequentially receiving topology records from the mapping unit, and each time a topology record is received, adding or subtracting respectively the corresponding element from a model of the network which is maintained at the modeling and simulation unit; (b) sequentially receiving from the vulnerability assessment unit vulnerability test (VT) results; and (c) sequentially analyzing the model currently existing at the modeling and simulation unit for the possibility of exploiting vulnerabilities of the network.

34 Citations

View as Search Results

13 Claims

1. A simultaneous system for finding and assessing vulnerabilities in a network, comprising:
- A. A mapping unit for;
  
  a. scanning the network, and each time a new element is found, reporting its IP address to a profiling unit;
  
  b. sequentially receiving from the profiling unit profile records of said newly found elements;
  
  c. sequentially extracting tables from those elements which their profile record indicates that they are of the network equipment type; and
  
  d. sequentially reporting to a modeling and simulating unit topology records which include said found IPs, and for those elements being of a network equipment type, said topology records also include said extracted tables;
  
  B. A profiling unit for sequentially receiving IP addresses of network elements from the mapping unit, investigating each of said elements, forming a profile record for each of said elements, and sequentially transferring said profile records to both the mapping unit and to a vulnerability assessment unit;
  
  C. A vulnerability assessment unit for;
  
  a. sequentially receiving profile records from the profiling unit;
  
  b. determining a list of those vulnerability tests that have to be performed on each element;
  
  c. performing for each element those vulnerability tests that are included in its corresponding list, and determining for each test a passed or failed result; and
  
  d. sequentially reporting to a modeling and simulation unit for each performed test, the IP of the element, the identity code of the element, and the passed or failed result;
  
  andD. A modeling and simulation unit for;
  
  a. sequentially receiving topology records from the mapping unit, and each time a topology record is received, adding or subtracting respectively the corresponding element from a model of the network which is maintained at the modeling and simulation unit;
  
  b. sequentially receiving from the vulnerability assessment unit VT results;
  
  c. sequentially analyzing the model currently existing at the modeling and simulation unit for the possibility of exploiting vulnerabilities of the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. System according to claim 1, wherein each of the mapping, profiling, and vulnerability assessment units operate on only one element at each given time, and the modeling and simulation unit operates on the accumulated network model structure at each given time.
  - 3. System according to claim 1, wherein each topology record of a network element comprises at least the IP of a network element.
  - 4. System according to claim 3, wherein when the element is of a network equipment type, each topology record further comprises also the tables of the element.
  - 5. System according to claim 1, wherein each profile record of a network element comprises at least the parameters that characterize the specific element;
  - 6. System according to claim 1, wherein each profile record of a network element comprises one or more of the following parameters:
    - the IP address of the element, the operating system name and version open ports, running services, installed patches, configuration, registry configuration, supported protocols, running services detailed information, vendor, build number, and hardware identification.
  - 7. System according to claim 1, wherein the analyzing by the modeling and simulation unit involves the step of providing a vulnerability grade to each element of the model, based on the received vulnerability test results.
  - 8. System according to claim 7, wherein the analyzing by the modeling and simulation unit further involves, best on the vulnerability grade given to each element, the step of finding vulnerable routes for attacking the network elements.
  - 9. System according to claim 1, wherein each of the mapping, profiling, vulnerability assessment, and modeling and simulation units comprise:
    - a. an input queue for sequentially receiving inputs from one or more other units;
      
      b. an output queue for sequentially outputting outputs to one or more other units;
      
      c. a database;
      
      d. a storage for storing temporary processing results; and
      
      e. a processor for;
      
      receiving inputs from other units, using data in the database and the storage in order to obtain results, and for sequentially outputting results to other units.
  - 10. System according to claim 9, wherein when the unit is a mapping unit, the database contains commands for extracting tables from networking equipments, the storage contains tables and history of detected IP results for comparison, the input queue contains sequential profile records, and the output queue contains IP addresses of detected elements to be provided to the mapping unit, or topology records to be provided to the modeling and simulation unit.
  - 11. System according to claim 9, wherein when the unit is a profiling unit, the database contains OS information, vendor information, and other information relating to how to determine the profile of each element, the storage contains the profiles obtained from the already investigated network elements for comparison, the input queue contains IPs that are received from the mapping unit 10, and the output queue contains sequential profile records that are conveyed to the VA unit and to the mapping unit.
  - 12. System according to claim 9, wherein when the unit is a vulnerability assessment unit, the database contains the tests that have to be performed, and a table indicating the specific tests that have to be run on each element, the storage contains the accumulated vulnerability test results already obtained for each network element for comparison, the input queue contains profile records that are received from the profiling unit, and the output queue contains sequential vulnerability test results that are obtained and conveyed to the modeling and simulation unit.
  - 13. System according to claim 9, wherein when the unit is a simulation and modeling unit, the database contains the information relating to the impact results of test failures on the vulnerability grade given to each element;
    - the storage contains the accumulated model already obtained for each network element, the grade given to each element, and the accumulated simulation results;
      
      the input queue contains vulnerability test results that are received from the vulnerability assessment unit; and
      
      the output queue contains sequential results that are obtained and conveyed to the user interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raw Analysis, Ltd.
Original Assignee
Raw Analysis, Ltd.
Inventors
Ziv, Nitzan

Application Number

US11/993,993
Publication Number

US 20080209566A1
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

H04L 41/12 Discovery or management of ...

H04L 63/1433 Vulnerability analysis

Method and System For Network Vulnerability Assessment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System For Network Vulnerability Assessment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links