SYSTEM AND METHOD FOR IDENTIFYING EXPLOITABLE WEAK POINTS IN A NETWORK
First Claim
1. A system for identifying exploitable weak points in a network, comprising:
- one or more passive scanners configured to observe connections in the network to identify network addresses and open ports associated with the observed connections;
one or more active scanners configured to scan the network to enumerate current connections in the network and identify network addresses and open ports associated with the current connections in the network; and
one or more processors coupled to the one or more passive scanners and the one or more active scanners, wherein the one or more processors are configured to;
model trust relationships in the network based on information associated with the connections observed with the one or more passive scanners and the current connections enumerated with the one or more active scanners;
identify exploitable weak points in the network based on the information associated with the connections observed with the one or more passive scanners and the current connections enumerated with the one or more active scanners;
simulate an attack that uses the modeled trust relationships to target the exploitable weak points on a selected host in the network; and
enumerate remote network addresses that could compromise the network and determine an exploitation path that the enumerated remote network addresses could use to compromise the network based on the simulated attack.
3 Assignments
0 Petitions
Accused Products
Abstract
The system and method described herein may leverage passive and active vulnerability discovery to identify network addresses and open ports associated with connections that one or more passive scanners observed in a network and current connections that one or more active scanners enumerated in the network. The observed and enumerated current connections may be used to model trust relationships and identify exploitable weak points in the network, wherein the exploitable weak points may include hosts that have exploitable services, exploitable client software, and/or exploitable trust relationships. Furthermore, an attack that uses the modeled trust relationships to target the exploitable weak points on a selected host in the network may be simulated to enumerate remote network addresses that could compromise the network and determine an exploitation path that the enumerated remote network addresses could use to compromise the network.
104 Citations
32 Claims
-
1. A system for identifying exploitable weak points in a network, comprising:
-
one or more passive scanners configured to observe connections in the network to identify network addresses and open ports associated with the observed connections; one or more active scanners configured to scan the network to enumerate current connections in the network and identify network addresses and open ports associated with the current connections in the network; and one or more processors coupled to the one or more passive scanners and the one or more active scanners, wherein the one or more processors are configured to; model trust relationships in the network based on information associated with the connections observed with the one or more passive scanners and the current connections enumerated with the one or more active scanners; identify exploitable weak points in the network based on the information associated with the connections observed with the one or more passive scanners and the current connections enumerated with the one or more active scanners; simulate an attack that uses the modeled trust relationships to target the exploitable weak points on a selected host in the network; and enumerate remote network addresses that could compromise the network and determine an exploitation path that the enumerated remote network addresses could use to compromise the network based on the simulated attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for identifying exploitable weak points in a network, comprising:
-
configuring one or more passive scanners to identify network addresses and open ports associated with connections that the one or more passive scanners observe in the network; configuring one or more active scanners to enumerate current connections in the network and identify network addresses and open ports associated with the current connections enumerated with the one or more active scanners; modeling trust relationships in the network based on information associated with the connections observed with the one or more passive scanners and the current connections enumerated with the one or more active scanners; identifying exploitable weak points in the network based on the information associated with the connections observed with the one or more passive scanners and the current connections enumerated with the one or more active scanners; simulating an attack that uses the modeled trust relationships to target the exploitable weak points on a selected host in the network; and enumerating remote network addresses that could compromise the network and determine an exploitation path that the enumerated remote network addresses could use to compromise the network based on the simulated attack. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A computer-readable storage medium having computer-executable instructions stored thereon for identifying exploitable weak points in a network, wherein executing the computer-executable instructions one or more processors causes the one or more processors to:
-
configure one or more passive scanners to identify network addresses and open ports associated with connections that the one or more passive scanners observe in the network; configure one or more active scanners to enumerate current connections in the network and identify network addresses and open ports associated with the current connections enumerated with the one or more active scanners; model trust relationships in the network based on information associated with the connections observed with the one or more passive scanners and the current connections enumerated with the one or more active scanners; identify exploitable weak points in the network based on the information associated with the connections observed with the one or more passive scanners and the current connections enumerated with the one or more active scanners; simulate an attack that uses the modeled trust relationships to target the exploitable weak points on a selected host in the network; and enumerate remote network addresses that could compromise the network and determine an exploitation path that the enumerated remote network addresses could use to compromise the network based on the simulated attack.
-
Specification