System and method for rules-driven multi-phase network vulnerability assessment
First Claim
Patent Images
1. A computer implemented method for multi-phase rules-driven network vulnerability assessment, the method comprising:
- pinging devices on a network to discover devices with a connection to the network;
performing port scans on the discovered devices and collecting banners sent as a result of the port scans;
storing information from the collected banners as entries in a first database to establish a network configuration;
comparing the entries in the network configuration with more than one rule set to determine potential vulnerabilities; and
storing results of the comparison in a second database.
1 Assignment
0 Petitions
Accused Products
Abstract
In one aspect of the invention, a computer implemented method for rules-driven multi-phase network vulnerability assessment is disclosed. The method comprises pinging devices on a network to discover devices with a connection to the network. Port scans are performed on the discovered devices and banners are collected. Information from the collected banners are stored as entries in a first database. Analysis is performed on the entries by comparing the entries with a rule set to determine potential vulnerabilities. The results of the analysis are stored in a second database.
489 Citations
27 Claims
-
1. A computer implemented method for multi-phase rules-driven network vulnerability assessment, the method comprising:
-
pinging devices on a network to discover devices with a connection to the network;
performing port scans on the discovered devices and collecting banners sent as a result of the port scans;
storing information from the collected banners as entries in a first database to establish a network configuration;
comparing the entries in the network configuration with more than one rule set to determine potential vulnerabilities; and
storing results of the comparison in a second database. - View Dependent Claims (2, 3, 4, 5, 6)
comparing an entry in the network configuration to a rule to determine an operating system represented by the entry;
comparing the entry to a second rule to determine a service; and
comparing the entry to a third rule to determine a potential vulnerability.
-
-
5. The method of claim 1, wherein the rule sets comprise a text based prepositional logic language.
-
6. The method of claim 1, further comprising confirming a potential vulnerability by performing an active exploit.
-
7. A system for multi-phase rules-driven network vulnerability assessment, the system comprising:
-
a first database for storing information from collected banners as entries;
a plurality of rule sets;
a second database for storing results of a comparison; and
an execution module coupled to the first database, the rule set, and the second database, the execution module operable to ping devices on a network to discover devices with a connection to the network, the execution module further operable to perform port scans on the discovered device and collect banners sent as a result of the port scans;
the execution module operable to store information from the collected entries in the first database to establish a network configuration and compare the entries in the network configuration with more than one rule set to determine potential vulnerabilities;
the execution module operable to store results of the comparision in the second database. - View Dependent Claims (8, 9, 10, 11, 12)
compare an entry in the network configuration to a rule to determine an operating system represented by the entry;
compare the entry to a second rule to determine a service; and
compare the entry to a third rule to determine a potential vulnerability.
-
-
11. The system of claim 7, wherein the rule sets comprise a text based prepositional logic language.
-
12. The system or claim 7, wherein the execution module is further operable to confirm a potential vulnerability by performing an active exploit.
-
13. A computer implemented method for multiphase rules-driven network vulnerability assessment, the method comprising:
-
pinging devices on a network to discover devices with a connection to the network;
performing port scans on the discovered devices and collecting banners sent as a result of the port scans;
storing information from the collected banners as entries in a first database to establish a network configuration;
comparing an entry in the first database to a rule to determine an operating system represented by the entry;
comparing the entry to a second rule to determine a service;
comparing the entry to a third rule to determine a potential vulnerability; and
storing results of the comparing steps in a second database. - View Dependent Claims (14, 15, 16, 17)
-
-
18. Logic encoded in media for multi-phase rules-driven network vulnerability assessment and operable to perform the following steps:
-
pinging devices on a network to discover devices with a connection to the network;
performing port scans on the discovered devices and collecting banners sent as a result of the port scans;
storing information from the collected banners as entries in a first database to establish a network configuration;
comparing the entries in the network configuration with more than one rule set to detemine potential vulnerabilities; and
storing results of the comparison in a second database. - View Dependent Claims (19, 20, 21, 22)
comparing an entry in the network configuration to a rule to determine an operating system represented by the entry;
comparing the entry to a second rule to determine a service; and
comparing the entry to a third rule to determine a potential vulnerability.
-
-
22. The logic of claim 18, further comprising the step of confirming a potential vulnerability by performing an active exploit.
-
23. An apparatus for multi-phase rules-driven network vulnerability assessment comprising:
-
means for pinging devices on a network to discover devices with a connection to the network;
means for performing port scans on the discovered devices and collecting banners sent as a result of the port scans;
means for storing information from the collected banners as entries in a first database to establish a network configuration;
means for comparing the entries in the network configuration with more than one rule set to determine potential vulnerabilities; and
means for storing results of the comparison in a second database. - View Dependent Claims (24, 25, 26, 27)
means for comparing an entry in the network configuration to a rule to determine an operating system represented by the entry;
means for comparing the entry to a second rule to determine a service; and
means for comparing the entry to a third rule to determine a potential vulnerability.
-
-
27. The apparatus of claim 23, further comprising means for confirming a potential vulnerability by performing an active exploit.
Specification