SYSTEM AND METHOD FOR NETWORK VULNERABILITY DETECTION AND REPORTING

US 20120144476A1
Filed: 02/15/2012
Published: 06/07/2012
Est. Priority Date: 01/15/2002
Status: Abandoned Application

First Claim

Patent Images

1-11. -11. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.

Citations

32 Claims

1-11. -11. (canceled)

12. A method comprising:
- identifying a set of responsive computer devices in a plurality of computer devices in a network;
  
  performing, for each computer device in the set of responsive computer devices, an ICMP traceroute between a particular system connected to the network and the respective computer device in the set of responsive computer devices;
  
  determining, for each responsive computer device, from echo reply packets returned from the corresponding ICMP traceroute, a respective number of hops between the respective computer device and the particular system; and
  
  determining a topology of the network including at least the set of responsive computer devices.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 13. The method of claim 12, further comprising identifying, from the ICMP traceroutes, network devices between the system and at least one of responsive computer devices.
  - 14. The method of claim 13, further comprising generating a graphical mapping of the determined topology of the network including the set of responsive computer devices.
  - 15. The method of claim 12, wherein identifying the set of responsive computer devices includes discovering responsive computer devices on the network by transmitting a set of ICMP packets, a set of TCP packets, and a set of UDP packets to a group of computers in the plurality of computer devices.
  - 16. The method of claim 12, wherein performing an ICMP traceroute includes sending a set of ICMP echo requests with varying time-to-live (TTL) values.
  - 17. The method of claim 12, further comprising performing, for at least one computer device in the set of responsive computer devices, a TCP traceroute between the particular system and at least one computer device.
  - 18. The method of claim 17, supplementing results of at least one ICMP traceroute with results of the TCP traceroute.
  - 19. The method of claim 18, wherein TCP SYN packets are used in the TCP traceroute.
  - 20. The method of claim 12, further comprising scanning each of the responsive computer devices to discover vulnerabilities of the respective responsive computer device.
  - 21. The method of claim 20, further comprising determining a security score for each responsive computer device, the security score based at least in part on vulnerabilities discovered for the respective responsive computer device.
  - 22. The method of claim 21, wherein the security scores of each responsive device are presented in connection with an interactive graphical user interface graphically modeling the topology of the network and including graphical representations of one or more of the responsive computer devices.
  - 23. The method of claim 12, further comprising:
    - identifying a set of non-responses to one or more ICMP traceroutes attempts; and
      
      modeling each non-response in the set of non-responses as a firewall within the topology of the network.
  - 24. The method of claim 23, further comprising:
    - identifying a plurality of non-responses in the set of non-responses as possessing a common preceding IP address; and
      
      determining that each non-response in the plurality of non-responses corresponds to a common firewall.
  - 25. The method of claim 12, further comprising:
    - determining, for each responsive device, from the ICMP traceroute, a number of devices directly connected to the respective responsive device;
      
      designating responsive devices directly connected to only one device as a network leaf; and
      
      designating devices directly connected to a designated network leaf as a router.
  - 26. The method of claim 25, further comprising determining whether devices designated as routers are connected to the internet.
  - 27. The method of claim 26, wherein determining whether devices designated as routers are connected to the internet includes determining for the router devices, whether another device designated as a router precedes the particular device in a traceroute from the particular system.
  - 28. The method of claim 12, further comprising determining, for each responsive computer device, a distance from the respective computer device to the internet based on a maximum number of hops returned in a corresponding traceroute.

29. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- identifying a set of responsive computer devices in a plurality of computer devices in a network;
  
  performing, for each computer device in the set of responsive computer devices, an ICMP traceroute between a particular system connected to the network and the respective computer device in the set of responsive computer devices;
  
  determining, for each responsive computer device, from echo reply packets returned from the corresponding ICMP traceroute, a respective number of hops between the respective computer device and the particular system; and
  
  determining a topology of the network including at least the set of responsive computer devices.

30. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a network mapping engine, adapted when executed by the at least one processor device to;
  
  identifying a set of responsive computer devices in a plurality of computer devices in a network;
  
  performing, for each computer device in the set of responsive computer devices, an ICMP traceroute between a particular system connected to the network and the respective computer device in the set of responsive computer devices;
  
  determining, for each responsive computer device, from echo reply packets returned from the corresponding ICMP traceroute, a respective number of hops between the respective computer device and the particular system; and
  
  determining a topology of the network including at least the set of responsive computer devices.
- View Dependent Claims (31, 32)
- - 31. The system of claim 30, further comprising a user interface engine, adapted when executed by the at least one processor device to generate an interactive graphical mapping of the topology of the network including the set of responsive computer devices.
  - 32. The system of claim 30, further comprising a security engine, adapted when executed by the at least one processor device to:
    - scan the set of responsive computer devices for vulnerabilities; and
      
      determine a security score for one or more of the responsive computer devices based at least in part on vulnerabilities of the one or more responsive computer devices discovered during the scanning.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
McClure, Stuart C., Kurtz, George, Keir, Robin, Beddoe, Marshall A., Morton, Michael J., Prosise, Christopher M., Cole, David M., Abad, Christopher

Application Number

US13/397,605
Publication Number

US 20120144476A1
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

G02B 2006/12097   Ridge, rib or the like

G02B 2006/12116   Polariser; Birefringent

G02B 6/105   having optical polarisation...

G02B 6/12011   characterised by the arraye...

G02B 6/12023   characterised by means for ...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

SYSTEM AND METHOD FOR NETWORK VULNERABILITY DETECTION AND REPORTING

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR NETWORK VULNERABILITY DETECTION AND REPORTING

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links