Method and apparatus for host probing
First Claim
1. A communications network security method for ascertaining the integrity of a first communications network and identifying potential security risks across a perimeter of the first communications network, the method comprising:
- identifying a plurality of routes that define the first communications network;
identifying a plurality of hosts associated with the first communications network as a function of the plurality of routes;
receiving a census of the first communications network as a function of the plurality of hosts to determine a topology of the first communications network;
probing at least one first host of the plurality hosts of the first communications network by generating and transmitting a packet to the first host, the first host being selected from the census results and the packet having at least a source address of a second host which is associated with a second communications network, wherein the source address is selected independent of any request from the second host to the first host; and
determining a security characteristic of the probed first host as a function of a response by the probed first host in receiving the packet, the security characteristic being a measure of connectivity between the first communications network and the second communications network, the measure of connectivity being an indication of connectivity between the first communications network and the second communications network.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for analyzing the perimeter security of communications networks. More particularly, information is identified which defines a particular communications network, e.g., an intranet, and identifying the connected hosts thereto. Utilizing such information, a determination is made with respect to identifying the routes that define the network. Utilizing the routing information, the connectivity of the hosts within the network, e.g., an intranet, is probed to ascertain the integrity of the network and thereby identifying potential security risks across the perimeter defense of the network.
48 Citations
23 Claims
-
1. A communications network security method for ascertaining the integrity of a first communications network and identifying potential security risks across a perimeter of the first communications network, the method comprising:
-
identifying a plurality of routes that define the first communications network; identifying a plurality of hosts associated with the first communications network as a function of the plurality of routes; receiving a census of the first communications network as a function of the plurality of hosts to determine a topology of the first communications network; probing at least one first host of the plurality hosts of the first communications network by generating and transmitting a packet to the first host, the first host being selected from the census results and the packet having at least a source address of a second host which is associated with a second communications network, wherein the source address is selected independent of any request from the second host to the first host; and determining a security characteristic of the probed first host as a function of a response by the probed first host in receiving the packet, the security characteristic being a measure of connectivity between the first communications network and the second communications network, the measure of connectivity being an indication of connectivity between the first communications network and the second communications network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for analyzing network security across a perimeter of a first communications network utilizing a security host, the method comprising:
-
receiving a census of the first communications network; generating and transmitting, from the security host, a packet associated with a host of a second communications network to a particular one host of a plurality of hosts internal to the first communications network, the internal host being selected from the census, and the packet having an IP source address associated with the host of the second communications network, wherein the IP source address is selected independent of any request from the host of the second communications network to the internal host of the first communications network; and determining a security characteristic of the particular one internal host of the first communications network as a function of a response by the internal host to the receipt of the packet, the security characteristic being a measure of connectivity between the first communications network and the second communications network, the measure of connectivity being an indication of connectivity between the first communications network and the second communications network. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A communications system for ascertaining the integrity of a first communications network and identifying potential security risks across a perimeter of the first communications network, the communications system comprising:
-
a first plurality of computers associated with the first communications network; a second plurality of computers associated with a second communications network; and a security host computer which determines a security characteristic of a first computer from the first plurality of computers, the security characteristic being a measure of connectivity between the first communications network and the second communications network by probing the first computer by generating and transmitting a packet to the first computer, the first computer being selected from a census of the first communications network and the packet being generated as a function of both an IP source address associated with a second computer of the second plurality of computers, wherein said IP source address is selected independent of any request from the second computer to the first computer, and an IP address associated with the first computer, and determining the measure of connectivity as a function of a response of the first computer to receiving the packet, the measure of connectivity being an indication of connectivity between the first communications network and the second communications network. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A security host computer for ascertaining the integrity of a first communications network and identifying potential security risks across a perimeter of the first communications network, the security host computer comprising:
-
means for performing a census of the first communications network and determining a topology of the first communications network, the topology being defined by at least one computer, means for probing the at least one computer by generating and transmitting a packet to the computer, the computer being selected from the census results and the packet being generated as a function of (i) the topology, (ii) an IP source address associated with a particular host computer associated with a second communications network, wherein the IP source address is selected independent of any request from the second computer to the first computer, and (iii) an IP address associated with the computer, die second communications network being separate from the first communications network; and a monitor for determining a security level of the computer as a function of a response by the computer to the receipt of the packet, and the security level being a measure of connectivity between the first communications network and the second communications network, the measure of connectivity being an indication of connectivity between the first communications network and the second communications network. - View Dependent Claims (19, 20)
-
-
21. A machine-readable medium having stored thereon a plurality of instructions, the plurality of instructions including instructions that, when executed by a machine, cause the machine to perform of a method for analyzing a first communications network'"'"'s integrity and identifying potential security risks across a perimeter of the first communications network by receiving a census of the first communications network;
- probing a first host of the first communications network by generating and transmitting a packet to the first host, the host being selected from the census results and the packet being derived as a function of a topology of the first communications network and the packet having a source address which is associated with a second host of a second communications network, wherein the source address is selected independent of any request from the second host to the first host; and
determining the first communications network'"'"'s integrity as a function of a response by the probed host in receiving the packet wherein the response indicates a measure of connectivity between the first communications network communicates and the second communications network, and the measure of connectivity being an indication of connectivity between the first communications network and the second communications network. - View Dependent Claims (22, 23)
- probing a first host of the first communications network by generating and transmitting a packet to the first host, the host being selected from the census results and the packet being derived as a function of a topology of the first communications network and the packet having a source address which is associated with a second host of a second communications network, wherein the source address is selected independent of any request from the second host to the first host; and
Specification