System for penetrating computer or computer network

US 6,574,737 B1
Filed: 12/23/1998
Issued: 06/03/2003
Est. Priority Date: 12/23/1998
Status: Expired due to Term

First Claim

Patent Images

1. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:

a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;

a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network penetration test discovers vulnerabilities in the network using a number of scan modules. The scan modules perform their scanning of the network separately but in parallel. A scan engine controller oversees the data fed to and received from the scan modules, and controls the sharing of information among the modules according to data records and configuration files that specify how a user-selected set of penetration objectives should be carried out. The system allows for penetration strategies to be attempted simultaneously and independently. Information from each strategy is shared with other strategies so each can be more effective, and together they form a very comprehensive approach to network penetration. The strategies can be throttled at different levels to allow for those that are more likely to achieve success to run at the highest speeds. While most strategies collect information from the network, at least one dedicated one analyzes the data produced by the others according to a series of rules. This analysis reduces and refines data and simplifies the design of the various strategies. Data obtained through the various strategies are stored in such a way that new data types can be stored and processed without all the strategies having to be adjusted. Strategies are run according to whether or not they can help in achieving a specified objectives. The vulnerability scan is initiated by a user who specifies what targeted network resources to scan. From that point on, the scan is data driven and models how an unwanted attacker would gain unauthorized access to the system.

268 Citations

22 Claims

1. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
- a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
  
  a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein said scan modules scan the computer independently of one another.
  - 3. The system of claim 1, further comprising a memory for storing outputs from said scan modules, said controller retrieving said outputs from said memory and forwarding data from said outputs to said scan modules.
  - 4. The system of claim 1, wherein said input produced by said controller is identical to said output from said one scan module.

5. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
- a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
  
  a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output; and
  
  a user interface operatively connected to said controller for allowing a user to input a desired network penetration objective, wherein said controller selects said plurality of scan modules from a set of available scan modules based on the input penetration objective.

6. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
- a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
  
  a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output;
  
  a user interface operatively connected to said controller for allowing a user to input a desired network penetration objective, wherein said controller selects said plurality of scan modules from a set of available scan modules based on the input penetration objective; and
  
  an objective configuration file for each respective penetration objective input by the user, said objective configuration file identifying at least one scan module needed to achieve the corresponding penetration objective, wherein said controller selects said plurality of scan modules by accessing objective configuration files corresponding to the input penetration objectives.

7. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
- a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
  
  a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output;
  
  a user interface operatively connected to said controller for allowing a user to input a desired network penetration objective, wherein said controller selects said plurality of scan modules from a set of available scan modules based on the input penetration objective;
  
  an objective configuration file for each respective penetration objective input by the user, said objective configuration file identifying at least one scan module needed to achieve the corresponding penetration objective, wherein said controller selects said plurality of scan modules by accessing objective configuration files corresponding to the input penetration objectives; and
  
  wherein at least one of said objective configuration files identifies an auxiliary objective to pursue, and said controller accesses an objective configuration file corresponding to the auxiliary objective, said set of scan modules including a scan module identified in said objective configuration file corresponding to the auxiliary objective.

8. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
- a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
  
  a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output;
  
  wherein said input produced by said controller is identical to said output from said one scan module; and
  
  wherein said output from said one scan module is a data record having fields, each of said fields identifying at least one piece of information about the scan performed by said one scan module.

9. A method of performing a penetration test on a computer network, comprising:
- (a) performing a first computer network scan to gather information about a secured network resource in the computer network;
  
  (b) performing a second computer network scan to gather information about a second secured network resource in the computer network; and
  
  (c) automatically sharing output data from the first computer network scan with the second computer network scan.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, further comprising:
11. The method of claim 10, wherein the third network resource is the same resource as the first or second network resource.
12. The method of claim 10, wherein the third network resource is not the same resource as the first or second network resource.
13. The method of claim 10, wherein each of said steps (a), (b), and (c) is performed from a location remote from the computer network being scanned.

14. A method of performing a penetration test on a computer network, comprising:
- (a) performing a first computer network scan to gather information about a secured network resource in the computer network;
  
  (b) performing a second computer network scan to gather information about a second secured network resource in the computer network;
  
  (c) automatically sharing output data from the first computer network scan with the second computer network scan; and
  
  prior to said steps (a) through (c);
  
  (d) selecting at least one objective for the penetration test; and
  
  (e) determining, based upon the at least one objective, a set of scan modules to use during the penetration test, the set of scan modules including first and second modules for respectively performing the first and second computer network scans of steps (a) and (b).

15. An article of manufacture bearing a machine readable program for carrying out the steps of:
- scanning a computer network using a plurality of scan modules; and
  
  automatically sharing information from at least one of the scan modules to at least one other of the scan modules.
- View Dependent Claims (16, 17)
- - 16. The article of manufacture of claim 15, wherein said scanning step includes performing simultaneous and independent scanning of the computer network by at least two of the scan modules.
  - 17. The article of manufacture of claim 15, wherein said step of automatically sharing information includes passing an output data record as-is from one of the scan modules to another of the scan modules.

18. An article of manufacture bearing a machine readable program for carrying out the steps of:
- scanning a computer network using a plurality of scan modules;
  
  automatically sharing information from at least one of the scan modules to at least one other of the scan modules; and
  
  wherein said step of automatically sharing information includes modifying contents of an output data record from one of the scan modules to form a modified data record, and passing the modified data record to another of the scan modules.

19. A computer network penetration test embodied in at least one carrier wave comprising:
- a plurality of first signal segments constituting scan modules for scanning a network resource on a computer network to learn vulnerabilities that the network resource has to unwanted access;
  
  a second signal segment defining instructions for one of the scan modules to perform a scan of the computer network and to produce an output based on the scan, and for producing an input to an other of the scan modules based on the output.

20. A computer network penetration test embodied in at least one carrier wave comprising:
- a plurality of first signal segments constituting scan modules for scanning a network resource on a computer network to learn vulnerabilities that the network resource has to unwanted access;
  
  a second signal segment defining instructions for one of the scan modules to perform a scan of the computer network and to produce an output based on the scan, and for producing an input to an other of the scan modules based on the output; and
  
  a third signal segment constituting instructions for formatting the output in the form of a data record having a plurality of data fields, and for formatting the input to the other scan module in the form of a second data record having a plurality of second data fields.

21. A software medium having software recorded thereon, the software written to be executed by a processor, for procuring information relating to access of a secured computer system for any purpose whatsoever, the software comprising:
- a first set of machine readable instructions for attempting to determine a first item of information relating to access of the secured computer system;
  
  a second set of machine readable instructions for attempting to determine a second item of information relating to access of the secured computer system; and
  
  information sharing instructions for making the first item available for use by the processor during execution of the second set of machine readable instructions.
- View Dependent Claims (22)
- - 22. The software medium of claim 21 wherein the second set of machine readable instructions can be executed in absence of the first item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Kingsford, Bryan, Thrower, Woody, McQueen, Stan
Primary Examiner(s)
Wright, Norman M.
Assistant Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US09/220,125
Time in Patent Office

1,623 Days
Field of Search

713/200, 713/201, 713/164, 713/165, 713/167, 713/194, 709/217, 709/218, 709/219, 709/227, 709/223, 709/224, 709/228, 709/229, 714/33, 714/37, 714/39
US Class Current

726/25
CPC Class Codes

H04L 63/1433 Vulnerability analysis

System for penetrating computer or computer network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

268 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System for penetrating computer or computer network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

268 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links