Method and system for evaluating network security
First Claim
1. A method for evaluating network security comprising the steps of:
- (a) initializing a list of passwords;
(b) reading network tables stored in network components managed by a network management station and generating a list of network addresses in response thereto;
(c) accessing a network component corresponding to a network address of said list of network addresses, using a password of said list of passwords, and reading one or more additional network addresses from said network component; and
(d) updating said list of network addresses in response to said reading of one or more additional network addresses.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for automatically identifying from an ordinary station connected to a TCP/IP network, the network components managed by a network management station for which it is possible to read or write over the confidential network data they store. Starting from the list of the default passwords protecting the network data and the IP addresses of the network components communicating with the ordinary station, the method allows by repeating the IP address discovery process, to discover step by step the passwords used in all the network components managed by the network management station and try to use them in reading or writing network information.
The method allows detecting the lack of protection by password which usually occurs in campus networks and thus auditing such networks against intrusion from one of the stations of the network.
32 Citations
30 Claims
-
1. A method for evaluating network security comprising the steps of:
-
(a) initializing a list of passwords;
(b) reading network tables stored in network components managed by a network management station and generating a list of network addresses in response thereto;
(c) accessing a network component corresponding to a network address of said list of network addresses, using a password of said list of passwords, and reading one or more additional network addresses from said network component; and
(d) updating said list of network addresses in response to said reading of one or more additional network addresses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product embodied in a tangible storage medium, the program product including a program of instructions for performing the steps of:
-
(a) initializing a list of passwords;
(b) reading network tables stored in network components managed by a network management station and generating a list of network addresses in response thereto;
(c) accessing a network component corresponding to a network address of said list of network addresses, using a password of said list of passwords, and reading one or more additional network addresses from said network component; and
(d) updating said list of network addresses in response to said reading of one or more additional network addresses. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A data processing system for evaluating network security comprising:
-
(a) circuitry operable for initializing a list of passwords;
(b) circuitry operable for reading network tables stored in network components managed by a network management station and generating a list of network addresses in response thereto;
(c) circuitry operable for accessing a network component corresponding to a network address of said list of network addresses, using a password of said list of passwords, and reading one or more additional network addresses from said network component; and
(d) circuitry operable for updating said list of network addresses in response to said reading of one or more additional network addresses. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification