Method and system for identifying, fixing, and updating security vulnerabilities
First Claim
1. A computer-implemented process for identifying security vulnerabilities in a host computer system via a scanner comprising an engine, exploit manager, resource manager, and built-in exploits, comprising the steps of:
- updating a capability of the scanner to conduct vulnerability assessments of the host computer system by obtaining a pluggable express update package, wherein the update package is configured as an independent plug-in module that is separate from the scanner and communicates with the scanner to support the vulnerability assessments by the scanner, the update package comprising;
an exploit plug-in module comprising exploit objects for exploits that check the host computer system for at least certain ones of the security vulnerabilities, the exploits representing modifications or updates to the built-in exploits of the scanner;
a resource plug-in module comprising resource objects representing resources that can be used by the scanner, the resources maintained as resource objects separate from the exploits of the exploit objects to support an independent updating of the resource objects and the exploit objects;
a dat file comprising exploit attribute information defining attribute information for the exploits of the exploit plug-in module, the exploit attribute information stored in a file separate from the exploit objects to support an independent updating of the dat file and the exploit objects; and
a help file comprising on-line help information about the exploits of the exploit plug-in module, the help information stored in a file separate from the exploit objects to support an independent updating of the help file and the exploit objects;
supplying the exploit attribute information to the exploit manager from the dat file;
passing the exploit objects and the resource objects from the exploit manager and the resource manager to an engine of the scanner; and
executing the exploits of the exploit plug-in module at the scanner.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system identifies, fixes, and updates security vulnerabilities in a host computer or host computers. The present invention can communicate between a scanner with plug-in capability, an operating system, and an express update package.
The architectural set-up can allow exploits within the scanner and exploits in the express update package to function with no knowledge of each other. The user also needs no knowledge of whether the exploits are within the scanner or the express update package. Mutual authentication procedures can enable the scanner to load only legitimate express update packages, and can provide that express update packages can only be loaded into legitimate scanners.
131 Citations
48 Claims
-
1. A computer-implemented process for identifying security vulnerabilities in a host computer system via a scanner comprising an engine, exploit manager, resource manager, and built-in exploits, comprising the steps of:
-
updating a capability of the scanner to conduct vulnerability assessments of the host computer system by obtaining a pluggable express update package, wherein the update package is configured as an independent plug-in module that is separate from the scanner and communicates with the scanner to support the vulnerability assessments by the scanner, the update package comprising;
an exploit plug-in module comprising exploit objects for exploits that check the host computer system for at least certain ones of the security vulnerabilities, the exploits representing modifications or updates to the built-in exploits of the scanner;
a resource plug-in module comprising resource objects representing resources that can be used by the scanner, the resources maintained as resource objects separate from the exploits of the exploit objects to support an independent updating of the resource objects and the exploit objects;
a dat file comprising exploit attribute information defining attribute information for the exploits of the exploit plug-in module, the exploit attribute information stored in a file separate from the exploit objects to support an independent updating of the dat file and the exploit objects; and
a help file comprising on-line help information about the exploits of the exploit plug-in module, the help information stored in a file separate from the exploit objects to support an independent updating of the help file and the exploit objects;
supplying the exploit attribute information to the exploit manager from the dat file;
passing the exploit objects and the resource objects from the exploit manager and the resource manager to an engine of the scanner; and
executing the exploits of the exploit plug-in module at the scanner. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented process for identifying security vulnerabilities in a host computer system via a scanner comprising an engine, an exploit manager, a resource manager, standard built-in exploits and denial of service built-in exploits, comprising the steps of:
-
installing an express update package comprising an exploit plug-in module having exploit objects representing exploits that check the host computer system for vulnerabilities, the exploits comprising standard plug-in exploits and denial of service plug-in exploits;
a resource plug-in module having resource objects representing resources for use by the scanner, a dat file comprising exploit attribute information; and
a help file comprising on-line help information;
supplying the exploit attribute information from the dat file to the exploit manager of the scanner;
passing information about the exploit objects and resource objects from the exploit manager and the resource manager to the scanner engine;
running the standard built-in exploits and the denial of service built-in exploits by the scanner engine;
running the standard plug-in exploits and the denial of service plug-in exploits by a plug-in engine of the scanner, wherein the step of running the standard plug-in exploits and the denial of service plug-in exploits comprises the steps of;
(a) obtaining copies of a master exploit list and a master resource list from a session object;
(b) obtaining exploit information from a scanpolicy object for an identified one of the plug-in exploits;
(c) creating a target object and placing the exploit information in the target object;
(d) passing the target object to one of the exploit objects corresponding to the identified plug-in exploit;
(e) running the identified plug-in exploit;
(f) adding exploit result information to the target object;
(g) passing the target object to the plug-in engine;
(h) querying the target object for the exploit result information;
(i) recording the exploit result information to a scanner log file and sending the exploit result information to a user interface; and
repeating steps (b)-(i) for each of the remaining standard and denial of service plug-in exploits. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer-implemented process for identifying security vulnerabilities in a host computer system via a scanner comprising a policy manager, an engine, an exploit manager and a resource manager, comprising the steps of:
-
installing an express update package comprising an exploit plug-in module having exploit objects representing exploits that check the host computer system for vulnerabilities the exploits comprising standard plug-in exploits and denial of service plug-in exploits;
a resource plug-in module having resource objects representing resources for use by the scanner;
a dat file comprising exploit attribute information; and
a help file comprising on-line help information;
initializing the scanner by completing the following steps;
enumerating the exploit plug-in module and the resource plug-in module and the exploit and the resource objects;
running load security for each of the exploit and resource plug-in modules; and
initializing the policy manager, wherein the step of initializing the policy manager comprises the steps of;
requesting the exploit manager and the resource manager to identify available ones of the exploits and the resources;
using the exploit manager and the resource manager to query a registry for available ones of the exploit objects and the resource objects;
creating maps by the exploit manager and the resource manager, the maps identifying the exploit and resource plug-in modules containing the available exploit objects and the available resource objects;
issuing a request to the exploit manager and the resource manager to request the available exploit objects and common-setting resource objects;
returning the available exploit objects and the common-setting resource objects to the policy manager; and
issuing a query from the policy manager to query the available exploit objects and the common-setting resource objects for corresponding exploit attribute information and resource configuration information;
supplying the exploit attribute information to the exploit manager from the dat file;
passing exploit object and resource object information from the exploit manager and the resource manager to the scanner engine; and
executing the exploits at the scanner engine. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer-implemented process for identifying security vulnerabilities in a host computer system via a scanner comprising an engine, an exploit manager, a resource manager, standard built-in exploits and denial of service built-in exploits, and a user interface, comprising the steps of:
-
updating a capability of the scanner to conduct security vulnerability assessments of the host computer system by obtaining an update comprising an exploit plug-in module having exploit objects representing exploits that check the host computer system for vulnerabilities, the exploits comprising standard plug-in exploits and denial of service plug-in exploits;
a resource plug-in module having resource objects representing resources for use by the scanner; and
a file comprising exploit attribute information;
installing the update as an independent plug-in for operation in connection with the scanner;
supplying the exploit attribute information from the update to the exploit manager of the scanner;
passing information about the exploit objects and resource objects from the exploit manager and the resource manager to the scanner engine;
running the standard built-in exploits and the denial of service built-in exploits at the scanner engine;
running the standard plug-in exploits and the denial of service plug-in exploits at a plug-in engine of the scanner, wherein the step of running the standard plug-in exploits and the denial of service plug-in exploits comprises the steps of;
(a) obtaining copies of a master exploit list and a master resource list;
(b) obtaining host information and selected ones of the resources for an identified one of the plug-in exploits;
(c) providing the host information and the selected resources via a target object to one of the exploit objects corresponding to the identified plug-in exploit (e) running the identified plug-in exploit at the plug-in engine;
(f) adding scan result information to the target object in response to running the identified plug-in exploit;
(g) obtaining the scan result information from the target object for presentation via the user interface of the scanner; and
repeating steps (b)-(g) for each of the remaining standard and denial of service plug-in exploits. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A computer-implemented process for identifying security vulnerabilities in a host computer system via a scanner comprising an engine, an exploit manager, a resource manager, standard built-in exploits and denial of service built-in exploits, comprising the steps of:
-
updating a capability of the scanner to conduct security vulnerability assessments of the host computer system by obtaining an update comprising an exploit plug-in module having exploit objects representing exploits that check the host computer system for vulnerabilities, the exploits comprising standard plug-in exploits and denial of service plug-in exploits;
a resource plug-in module having resource objects representing resources for use by the scanner; and
a file comprising exploit attribute information;
installing the update as an independent plug-in for operation in connection with the scanner;
supplying the exploit attribute information from the update to the exploit manager of the scanner;
passing information about the exploit objects and resource objects from the exploit manager and the resource manager to the scanner engine;
running the standard built-in exploits and the denial of service built-in exploits at the scanner engine;
running the standard plug-in exploits and the denial of service plug-in exploits at a plug-in engine of the scanner, wherein the step of running the standard plug-in exploits and the denial of service plug-in exploits comprises the steps of;
(a) obtaining copies of a master exploit list and a master resource list;
(b) obtaining host information and selected ones of the resources for an identified one of the plug-in exploits;
(c) providing the host information and the selected resources via a target object to one of the exploit objects corresponding to the identified plug-in exploit (e) running the identified plug-in exploit at the plug-in engine;
(f) adding scan result information to the target object in response to running the identified plug-in exploit;
(g) obtaining the scan result information from the target object for storage in a scanner log file; and
repeating steps (b)-(g) for each of the remaining standard and denial of service plug-in exploits. - View Dependent Claims (36, 37, 38, 39, 40, 41)
-
-
42. A computer-implemented process for identifying security vulnerabilities in a host computer system via a scanner comprising a policy manager, an engine, an exploit manager and a resource manager, comprising the steps of:
-
updating a capability of the scanner to conduct security vulnerability assessments of the host computer system by obtaining an update comprising an exploit plug-in module having exploit objects representing exploits that check the host computer system for vulnerabilities, the exploits comprising standard plug-in exploits and denial of service plug-in exploits;
a resource plug-in module having resource objects representing resources for use by the scanner;
a dat file comprising exploit attribute information; and
a help file comprising on-line help information;
installing the update for use by the scanner;
initializing the scanner by completing the following steps;
enumerating the exploit plug-in module and the resource plug-in module and the exploit and the resource objects;
running load security for each of the exploit and resource plug-in modules; and
initializing the policy manager, wherein the step of initializing the policy manager comprises the steps of;
identifying available ones of the exploits and the resources;
identifying the exploit and resource plug-in modules containing the available ones of the exploit objects and the resource objects corresponding to the available exploits and resources;
obtaining the available exploit objects and common-setting resource objects; and
querying the available exploit objects and the common-setting resource objects for corresponding exploit attribute information and resource configuration information;
supplying the exploit attribute information to the exploit manager from the update passing exploit object and resource object information from the exploit manager and the resource manager to the scanner engine; and
executing the exploits at the scanner engine. - View Dependent Claims (43, 44, 45, 46, 47, 48)
-
Specification