System, method and computer program product for improved efficiency in network assessment utilizing a port status pre-qualification procedure

US 7,003,561 B1
Filed: 06/29/2001
Issued: 02/21/2006
Est. Priority Date: 06/29/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of minimizing the duration of a risk-assessment scan, comprising:

a) selecting a plurality of risk-assessment modules for execution during a risk-assessment scan, the risk-assessment modules each including vulnerability checks, and requiring communication via at least one predetermined port;

b) determining a set of ports for communicating with a select number of network components;

c) executing a port scan of only the set of ports associated with the selected risk-assessment modules and the network components, for reducing the number of ports scanned during the port scan, wherein latency is reduced since a port scan involving 65,536 ports is avoided;

d) modifying the set of ports based on the port scan, the set of ports being modified to include only ports available for communicating with the network components;

e) comparing the port associated with each selected risk-assessment module with the modified set of ports; and

f) conditionally disabling the execution of the risk-assessment modules based on the comparison to minimize the duration of the risk-assessment scan.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided for minimizing the duration of a risk-assessment scan. Initially, a plurality of risk-assessment modules are selected each including vulnerability checks associated with a risk-assessment scan. Thereafter, a first set of ports is determined. Such first set of ports is required for communicating with network components subject to the risk-assessment modules associated with the risk-assessment scan. A port scan is subsequently executed on the first set of ports. Based on such port scan, a second set of ports is determined which includes ports unavailable for communicating with the network components subject to the risk-assessment modules associated with the risk-assessment scan. The risk-assessment modules associated with the second set of ports may then be disabled to minimize the duration of the risk-assessment scan.

Citations

15 Claims

1. A method of minimizing the duration of a risk-assessment scan, comprising:
- a) selecting a plurality of risk-assessment modules for execution during a risk-assessment scan, the risk-assessment modules each including vulnerability checks, and requiring communication via at least one predetermined port;
  
  b) determining a set of ports for communicating with a select number of network components;
  
  c) executing a port scan of only the set of ports associated with the selected risk-assessment modules and the network components, for reducing the number of ports scanned during the port scan, wherein latency is reduced since a port scan involving 65,536 ports is avoided;
  
  d) modifying the set of ports based on the port scan, the set of ports being modified to include only ports available for communicating with the network components;
  
  e) comparing the port associated with each selected risk-assessment module with the modified set of ports; and
  
  f) conditionally disabling the execution of the risk-assessment modules based on the comparison to minimize the duration of the risk-assessment scan.

2. A computer program product embodied on a computer readable medium for minimizing the duration of a risk-assessment scan, comprising:
- a) computer code for selecting a plurality of risk-assessment modules for execution during a risk-assessment scan, the risk-assessment modules each including vulnerability checks, and requiring communication via at least one predetermined port;
  
  b) computer code for determining a set of ports for communicating with network components;
  
  c) computer code for executing a port scan of the set of ports associated with the selected risk-assessment modules and the network components, for reducing the number of ports scanned during the port scan, wherein latency is reduced since a port scan involving 65,536 ports is avoided;
  
  d) computer code for modifying the set of ports based on the port scan, the set of ports being modified to include only ports available for communicating with the network components;
  
  e) computer code for comparing the port associated with each selected risk-assessment module with the modified set of ports; and
  
  f) computer code for conditionally disabling the execution of the risk-assessment modules based on the comparison to minimize the duration of the risk-assessment scan.

3. A method of minimizing the duration of a risk-assessment scan, comprising:
- a) selecting a plurality of risk-assessment modules each including vulnerability checks associated with a risk-assessment scan, and requiring communication via at least one predetermined port;
  
  b) determining a first set of ports required for communicating with network components subject to the risk-assessment modules associated with the risk-assessment scan;
  
  c) executing a port scan of only the first set of ports associated with the selected risk-assessment modules, for reducing the number of ports scanned during the port scan, wherein latency is reduced since a port scan involving 65,536 ports is avoided;
  
  d) determining a second set of ports based on the port scan, the second set of ports being unavailable for communicating with the network components subject to the risk-assessment modules associated with the risk-assessment scan;
  
  e) disabling the risk-assessment modules associated with the second set of ports to minimize the duration of the risk-assessment scan;
  
  f) storing a third set of ports including the first set of ports and excluding the second set of ports; and
  
  g) comparing the port associated with each risk-assessment module with the stored third set of ports;
  
  h) wherein the risk-assessment module is disabled if the port associated with the risk-assessment module does not match at least one port of the stored third set of ports.
- View Dependent Claims (4, 5, 6, 7)
- - 4. The method as recited in claim 3, wherein a plurality of the risk-assessment modules each have the same port associated therewith, and redundancy in the first set of ports is removed prior to executing the port scan.
  - 5. The method as recited in claim 3, wherein the risk-assessment modules are user-specified.
  - 6. The method as recited in claim 3, and further comprising performing the vulnerability checks of the risk-assessment module if the port associated with the risk-assessment module matches at least one port of the stored third set of ports.
  - 7. The method as recited in claim 3, wherein the risk-assessment modules include a web server vulnerability module with a predetermined port of 80, an e-mail vulnerability module with a predetermined port of 31337, and a Trojan program vulnerability module with a predetermined port of 25.

8. A computer program product embodied on a computer readable medium for minimizing the duration of a risk-assessment scan, comprising:
- a) computer code for selecting a plurality of risk-assessment modules each including vulnerability checks associated with a risk-assessment scan, and requiring communication via at least one predetermined port;
  
  b) computer code for determining a first set of ports required for communicating with network components subject to the risk-assessment modules associated with the risk-assessment scan;
  
  c) computer code for executing a port scan of the first set of ports associated with the selected risk-assessment modules, for reducing the number of ports scanned during the port scan, wherein latency is reduced since a port scan involving 65,536 ports is avoided;
  
  d) computer code for determining a second set of ports based on the port scan, the second set of ports being unavailable for communicating with the network components subject to the risk-assessment modules associated with the risk-assessment scan;
  
  e) computer code for disabling the risk-assessment modules associated with the second set of ports to minimize the duration of the risk-assessment scan;
  
  f) computer code for storing a third set of ports including the first set of ports and excluding the second set of ports; and
  
  g) computer code for comparing the port associated with each risk-assessment module with the stored third set of ports;
  
  h) wherein the risk-assessment module is disabled if the port associated with the risk-assessment module does not match at least one port of the stored third set of ports.
- View Dependent Claims (9, 10, 11)
- - 9. The computer program product as recited in claim 8, wherein a plurality of the risk-assessment modules each have the same port associated therewith, and redundancy in the first set of ports is removed prior to executing the port scan.
  - 10. The computer program product as recited in claim 8, wherein the risk-assessment modules are user-specified.
  - 11. The computer program product as recited in claim 8, and further comprising computer code for performing the vulnerability checks of the risk-assessment module if the port associated with the risk-assessment module matches at least one port of the stored third set of ports.

12. A system for minimizing the duration of a risk-assessment scan, comprising:
- a) logic for selecting a plurality of risk-assessment modules each including vulnerability checks associated with a risk-assessment scan, and requiring communication via at least one predetermined port;
  
  b) logic for determining a first set of ports required for communicating with network components subject to the risk-assessment modules associated with the risk-assessment scan;
  
  c) logic for executing a port scan of only the first set of ports associated with the selected risk-assessment modules, for reducing the number of ports scanned during the port scan, wherein latency is reduced since a port scan involving 65,536 ports is avoided;
  
  d) logic for determining a second set of ports based on the port scan, the second set of ports being unavailable for communicating with the network components subject to the risk-assessment modules associated with the risk-assessment scan;
  
  e) logic for disabling the risk-assessment modules associated with the second set of ports to minimize the duration of the risk-assessment scan;
  
  f) logic for storing a third set of ports including the first set of ports and excluding the second set of ports; and
  
  g) logic for comparing the port associated with each risk-assessment module with the stored third set of ports;
  
  h) wherein the risk-assessment module is disabled if the port associated with the risk-assessment module does not match at least one port of the stored third set of ports.
- View Dependent Claims (13, 14, 15)
- - 13. The system as recited in claim 12, wherein a plurality of the risk-assessment modules each have the same port associated therewith, and redundancy in the first set of ports is removed prior to executing the port scan.
  - 14. The system as recited in claim 12, wherein the risk-assessment modules are user-specified.
  - 15. The system as recited in claim 12, and further comprising logic for performing the vulnerability checks of the risk-assessment module if the port associated with the risk-assessment module matches at least one port of the stored third set of ports.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
McDonald, John R., Rahmanovic, Tarik, Osborne, Anthony C., Magdych, James S., Tellier, Brock E., Herath, Nishad P.
Primary Examiner(s)
Caldwell, Andrew
Assistant Examiner(s)
Ailes, Benjamin A.

Application Number

US09/895,535
Time in Patent Office

1,698 Days
Field of Search

709220-227, 713200-201, 370/245, 714/30, 726/22, 726/25
US Class Current

709/223
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

System, method and computer program product for improved efficiency in network assessment utilizing a port status pre-qualification procedure

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for improved efficiency in network assessment utilizing a port status pre-qualification procedure

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links