System, Method and Computer Readable Medium for Evaluating a Security Characteristic
First Claim
Patent Images
1. A method for evaluating a security characteristic of a network, the method comprising:
- (a) generating a network model representative of a topology of the network and of vulnerabilities of network nodes;
(b) generating an attack dictionary representative of attack actions on at least one network node of the network model;
(c) determining access and Intrusion Detection and Prevention (IDP) information representative of communication paths through the network model and of IDP rules applied through the communication paths;
(d) evaluating at least one first result of at least one attack on at least one network node, based on the network model; and
(g) evaluating a security characteristic in response to the at least one first result.
6 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.
-
Citations
22 Claims
-
1. A method for evaluating a security characteristic of a network, the method comprising:
-
(a) generating a network model representative of a topology of the network and of vulnerabilities of network nodes; (b) generating an attack dictionary representative of attack actions on at least one network node of the network model; (c) determining access and Intrusion Detection and Prevention (IDP) information representative of communication paths through the network model and of IDP rules applied through the communication paths; (d) evaluating at least one first result of at least one attack on at least one network node, based on the network model; and (g) evaluating a security characteristic in response to the at least one first result. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for evaluating a security effectiveness of an Intrusion Detection and Prevention (IDP) entity of a network, the method comprises:
-
generating a network model representative of a topology of the network and of vulnerabilities of network nodes; generating an attack dictionary representative of attack actions on at least one network node of the network model; evaluating at least one first result of at least one attack on at least one network node, based on the network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon the network model and an attack model; and
determining an effectiveness of the IDP entity in response to the evaluated effects. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
performing access and Intrusion Detection and Prevention (IDP) analysis, based on a network model representative of a topology of a network and of vulnerabilities of network nodes, such as to identify remote services that can be accessed from at least one source of the network model;
wherein the performing comprises generating access information that represents sets of packets that can reach a network node from source nodes independently of a particular communication pattern or attacking action;remote services, related attacking actions that belong to a selected group of attack actions; and identifying the IDP rules which are supposed to be applied to packets that are represented by the access information and can reach the identified remote services. - View Dependent Claims (17)
-
-
18. A method for checking an access between a source node and a set of target nodes of a network, the method comprising:
-
receiving a network model of the network; finding at least one accessible target node of the set of target nodes that is accessible from the source node independently of a particular communication pattern or a particular attacking action; and finding IDP rules that are expected to be applied to communications from the source node to the at least one accessible target node. - View Dependent Claims (19, 20)
-
-
21. A computer program product comprising a non-transitory computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to
generate a network model representative of a topology of the network and of vulnerabilities of network nodes; -
generate an attack dictionary representative of attack actions on at least one network node of the network model; determine access and Intrusion Detection and Prevention (IDP) information representative of communication paths through the network model and of IDP rules applied through the communication paths; evaluate at least one first result of at least one attack on at least one network node, based on the network model; and evaluate a security characteristic in response to the at least one first result.
-
-
22. A system for evaluating a security characteristic, the system comprises:
-
at least one data base adapted to store a network model representative of a topology of a network and of vulnerabilities of network nodes, an attack dictionary representative of attack actions on at least one node of the network model; and a server computer that comprises a server software that comprises at least one module adapted to; determine access and Intrusion Detection and Prevention (IDP) information representative of communication paths through the network model and of IDP rules applied through the communication paths; evaluate at least one first result of at least one attack on at least one network node, based on the network model; and evaluate a security characteristic in response to the at least one first result.
-
Specification