Network-based risk-assessment tool for remotely detecting local computer vulnerabilities

US 7,096,503 B1
Filed: 06/29/2001
Issued: 08/22/2006
Est. Priority Date: 06/29/2001
Status: Active Grant

First Claim

Patent Images

1. A method of remotely detecting vulnerabilities on a local computer, comprising:

a) installing an agent on a local computer;

b) receiving encrypted commands for executing a risk-assessment scan from a remote computer utilizing a network;

c) decrypting the commands on the local computer utilizing the agent;

d) processing the commands on the local computer utilizing the agent; and

e) performing the risk-assessment scan on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;

wherein the agent includes a plurality of risk-assessment modules;

wherein the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer;

wherein the commands each indicate at least one of the risk-assessment modules;

wherein the commands are processed by extracting parameters associated with the commands, and executing the risk-assessment modules indicated by the commands utilizing the associated parameters.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided for remotely detecting vulnerabilities on a local computer. Initially, an agent is installed on a local computer for receiving encrypted commands from a remote computer utilizing a network. Next, the commands are decrypted and processed on the local computer utilizing the agent. A risk-assessment scan is then performed on the local computer utilizing the agent in accordance with the processed commands for the purpose of remotely detecting local vulnerabilities on the local computer.

Citations

27 Claims

1. A method of remotely detecting vulnerabilities on a local computer, comprising:
- a) installing an agent on a local computer;
  
  b) receiving encrypted commands for executing a risk-assessment scan from a remote computer utilizing a network;
  
  c) decrypting the commands on the local computer utilizing the agent;
  
  d) processing the commands on the local computer utilizing the agent; and
  
  e) performing the risk-assessment scan on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;
  
  wherein the agent includes a plurality of risk-assessment modules;
  
  wherein the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer;
  
  wherein the commands each indicate at least one of the risk-assessment modules;
  
  wherein the commands are processed by extracting parameters associated with the commands, and executing the risk-assessment modules indicated by the commands utilizing the associated parameters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method as recited in claim 1, wherein the risk-assessment modules are selected for the agent based on specifications of the local computer.
  - 3. The method as recited in claim 1, wherein the risk-assessment modules include a STAT module for performing a stat system call on a file, a READ module for reading a file, a READDIR module for returning contents of a directory, a FIND module for locating a list of files based on a given function, a GETPWENT module for retrieving an entry from a password database, a GETGRENT module for retrieving an entry from a group database, a CHKSUM module for performing a checksum operation on a file, and an EXEC module for executing a command.
  - 4. The method as recited in claim 1, wherein the risk-assessment modules are selected from the group consisting of a STAT module for performing a stat system call on a file, a READ module for reading a file, a READDIR module for returning contents of a directory, a FIND module for locating a list of files based on a given function, a GETPWENT module for retrieving an entry from a password database, a GETGRENT module for retrieving an entry from a group database, a CHKSUM module for performing a checksum operation on a file, and an EXEC module for executing a command.
  - 5. The method as recited in claim 1, and further comprising transmitting results of the risk-assessment scan from the local computer to the remote computer utilizing the network.
  - 6. The method as recited in claim 5, and further comprising receiving feedback to the results from the remote computer utilizing the network.
  - 7. The method as recited in claim 1, wherein the commands are decrypted utilizing a shared key.
  - 20. The computer program product as recited in claim 6, wherein the feedback is active.
  - 21. The computer program product as recited in claim 20, wherein the feedback includes additional commands and additional modules for correcting the vulnerabilities in response to the additional commands.
  - 22. The computer program product as recited in claim 6, wherein the feedback is passive.
  - 23. The computer program product as recited in claim 22, wherein the feedback includes descriptions as to how to correct the vulnerabilities.
  - 24. The computer program product as recited in claim 5, wherein the results include a log of the risk-assessment scan.
  - 25. The computer program product as recited in claim 24, wherein the results include an identification of the vulnerabilities.
  - 26. The computer program product as recited in claim 1, wherein a plurality of the commands are each associated with only one of the risk-assessment modules.
  - 27. The computer program product as recited in claim 1, wherein a different set of risk-assessment modules exists on different local computers, based on a platform associated with each of the local computers.

8. A computer program product embodied on a computer readable medium for remotely detecting vulnerabilities on a local computer, comprising:
- a) computer code for installing an agent on a local computer;
  
  b) computer code for receiving encrypted commands for executing a risk-assessment scan from a remote computer utilizing a network;
  
  c) computer code for decrypting the commands on the local computer utilizing the agent;
  
  d) computer code for processing the commands on the local computer utilizing the agent; and
  
  e) computer code for performing the risk-assessment scan on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;
  
  wherein the agent includes a plurality of risk-assessment modules;
  
  wherein the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer;
  
  wherein the commands each indicate at least one of the risk-assessment modules;
  
  wherein the commands are processed by extracting parameters associated with the commands, and executing the risk-assessment modules indicated by the commands utilizing the associated parameters.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product as recited in claim 8, wherein the risk-assessment modules are selected for the agent based on specifications of the local computer.
  - 10. The computer program product as recited in claim 8, wherein the risk-assessment modules include a STAT module for performing a stat system call on a file, a READ module for reading a file, a READDIR module for returning contents of a directory, a FIND module for locating a list of files based on a given function, a GETPWENT module for retrieving an entry from a password database, a GETGRENT module for retrieving an entry from a group database, a CHKSUM module for performing a checksum operation on a file, and an EXEC module for executing a command.
  - 11. The computer program product as recited in claim 8, wherein the risk-assessment modules are selected from the group consisting of a STAT module for performing a stat system call on a file, a READ module for reading a file, a READDIR module for returning contents of a directory, a FIND module for locating a list of files based on a given function, a GETPWENT module for retrieving an entry from a password database, a GETGRENT module for retrieving an entry from a group database, a CHKSUM module for performing a checksum operation on a file, and an EXEC module for executing a command.
  - 12. The computer program product as recited in claim 8, and further comprising computer code for transmitting results of the risk-assessment scan from the local computer to the remote computer utilizing the network.
  - 13. The computer program product as recited in claim 12, and further comprising computer code for receiving feedback to the results from the remote computer utilizing the network.
  - 14. The computer program product as recited in claim 8, wherein the commands are decrypted utilizing a shared key.

15. A system for remotely detecting vulnerabilities on a local computer, comprising:
- a) an agent installed on a local computer for receiving encrypted commands for executing a risk-assessment scan from a remote computer utilizing a network, decrypting the commands on the local computer, and processing the commands on the local computer; and
  
  b) wherein the risk-assessment scan is performed on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;
  
  wherein the agent includes a plurality of risk-assessment modules;
  
  wherein the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer;
  
  wherein the commands each indicate at least one of the risk-assessment modules;
  
  wherein the commands are processed by extracting parameters associated with the commands, and executing the risk-assessment modules indicated by the commands utilizing the associated parameters.

16. A system for remotely detecting vulnerabilities on a local computer, comprising:
- a) means for installing an agent on a local computer;
  
  b) means for receiving encrypted commands for executing a risk-assessment scan from a remote computer utilizing a network;
  
  c) means for decrypting the commands on the local computer utilizing the agent;
  
  d) means for processing the commands on the local computer utilizing the agent; and
  
  e) means for performing the risk-assessment scan on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;
  
  wherein the agent includes a plurality of risk-assessment modules;
  
  wherein the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer;
  
  wherein the commands each indicate at least one of the risk-assessment modules;
  
  wherein the commands are processed by extracting parameters associated with the commands, and executing the risk-assessment modules indicated by the commands utilizing the associated parameters.

17. A method of remotely detecting vulnerabilities from a remote computer, comprising:
- a) sending encrypted commands from a remote computer to an agent on a local computer for executing a risk-assessment scan utilizing a network, the commands adapted for being decrypted and processed on the local computer utilizing the agent for performing the risk-assessment scan on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;
  
  b) receiving results of the risk-assessment scan from the local computer utilizing the network; and
  
  c) transmitting feedback to the results from the remote computer to the local computer utilizing the network;
  
  wherein the agent includes a plurality of risk-assessment modules;
  
  wherein the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer;
  
  wherein the commands each indicate at least one of the risk-assessment modules;
  
  wherein the commands are processed by extracting parameters associated with the commands, and executing the risk-assessment modules indicated by the commands utilizing the associated parameters.

18. A computer program product embodied on a computer readable medium for remotely detecting vulnerabilities from a remote computer, comprising:
- a) computer code for sending encrypted commands from a remote computer to an agent on a local computer for executing a risk-assessment scan utilizing a network, the commands adapted for being decrypted and processed on the local computer utilizing the agent for performing the risk-assessment scan on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;
  
  b) computer code for receiving results of the risk-assessment scan from the local computer utilizing the network; and
  
  c) computer code for transmitting feedback to the results from the remote computer to the local computer utilizing the network;
  
  wherein the agent includes a plurality of risk-assessment modules;
  
  wherein the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer;
  
  wherein the commands each indicate at least one of the risk-assessment modules;
  
  wherein the commands are processed by extracting parameters associated with the commands, and executing the risk-assessment modules indicated by the commands utilizing the associated parameters.

19. A method of remotely detecting vulnerabilities on a local computer, comprising:
- a) installing an agent on a local computer, the agent including a plurality of risk-assessment modules selected based on at least one aspect of the computer;
  
  b) receiving encrypted commands for executing a risk-assessment scan from a remote computer utilizing a network;
  
  c) decrypting the commands on the local computer utilizing the agent;
  
  d) authenticating the commands on the local computer utilizing the agent;
  
  e) processing the commands on the local computer utilizing the agent, the commands adapted to execute the risk-assessment modules in a specific manner that is configured at the remote computer;
  
  f) performing the risk-assessment scan on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;
  
  g) transmitting results of the risk-assessment scan from the local computer to the remote computer utilizing the network;
  
  h) receiving feedback to the results from the remote computer utilizing the network;
  
  wherein the commands each indicate at least one of the risk-assessment modules;
  
  wherein the commands are processed by extracting parameters associated with the commands, and executing the risk-assessment modules indicated by the commands utilizing the associated parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
McDonald, John R., Rahmanovic, Tarik, Osborne, Anthony C., Magdych, James S., Tellier, Brock E., Herath, Nishad P.
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Cervetti, David Garcia

Application Number

US09/895,508
Time in Patent Office

1,880 Days
Field of Search

713/201, 726/25
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

Network-based risk-assessment tool for remotely detecting local computer vulnerabilities

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Network-based risk-assessment tool for remotely detecting local computer vulnerabilities

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links