Network security testing

US 7,325,252 B2
Filed: 01/10/2002
Issued: 01/29/2008
Est. Priority Date: 05/18/2001
Status: Active Grant

First Claim

Patent Images

1. A network security testing apparatus comprising:

at least one first tester for generating a security vulnerability attack simulation comprised of a plurality of waves of tests for iteratively testing for network security vulnerabilities of a network system under test, the at least one first tester is adapted to communicably couple to the network system under test, said at least one first tester adapted to iteratively perform a plurality of waves of tests on the system under test to obtain network security vulnerability information;

wherein each test in the plurality of waves of tests are adapted to return the network security vulnerability information regarding the network system under test, the network security vulnerability information provided by each test in the plurality of waves of tests being more specific to the network system under test than the network security vulnerability information provided by a previous test;

wherein each test in the plurality of waves of tests are specifically modified in real-time to adapt to discovered security obstacles of the network system under test detected based on the network security vulnerability information gained from the previous test and to obtain additional network security vulnerability information from the network system under test.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To answer the security needs of the market, a preferred embodiment was developed. A preferred embodiment provides real-time network security vulnerability assessment tests, possibly complete with recommended security solutions. External vulnerability assessment tests can emulate hacker methodology in a safe way and enable study of a network for security openings, thereby gaining a true view of risk level without affecting customer operations. Because this assessment can be performed over the Internet, both domestic and worldwide corporations benefit. A preferred embodiment'"'"'s physical subsystems combine to form a scalable holistic system that can be able to conduct tests for thousands of customers any place in the world. The security skills of experts can be embedded into a preferred embodiment systems and automated the test process to enable the security vulnerability test to be conducted on a continuous basis for multiple customers at the same time. A preferred embodiment can reduce the work time required for security practices of companies from three weeks to less than a day, as well as significantly increase their capacity. Component subsystems typically include a Database, Command Engine, Gateway, multiple Testers, Report Generator, and an RMCT.

Citations

34 Claims

1. A network security testing apparatus comprising:
- at least one first tester for generating a security vulnerability attack simulation comprised of a plurality of waves of tests for iteratively testing for network security vulnerabilities of a network system under test, the at least one first tester is adapted to communicably couple to the network system under test, said at least one first tester adapted to iteratively perform a plurality of waves of tests on the system under test to obtain network security vulnerability information;
  
  wherein each test in the plurality of waves of tests are adapted to return the network security vulnerability information regarding the network system under test, the network security vulnerability information provided by each test in the plurality of waves of tests being more specific to the network system under test than the network security vulnerability information provided by a previous test;
  
  wherein each test in the plurality of waves of tests are specifically modified in real-time to adapt to discovered security obstacles of the network system under test detected based on the network security vulnerability information gained from the previous test and to obtain additional network security vulnerability information from the network system under test.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The network security testing apparatus of claim 1, wherein each of the plurality of iterative tests are more specifically configured to adapt to system configuration of the network system under test based on the network security vulnerability information gained from the previous test and obtain the additional network security vulnerability information from the network system under test.
  - 3. The network security testing apparatus of claim 1, wherein the network security vulnerability information includes information regarding network connectivity from the at least one first tester to the network system under test.
  - 4. The network security testing apparatus of claim 1, wherein the network security vulnerability information includes connection information relating to an IP address used in the previous test.
  - 5. The network security testing apparatus of claim 1, further comprising:
    - at least one second tester that is adapted to communicably couple to the network system under test;
      
      wherein the previous test is executed by said at least one first tester;
      
      wherein determination of whether a subsequent test is executed by said at least one first tester or by said at least one second tester is made based at least partially upon the network security vulnerability information obtained by the previous test in order to adapt to the discovered security obstacles of the network under test.
  - 6. The network security testing apparatus of claim 5, wherein the subsequent test includes execution of a test tool selected from a plurality of test tools based at least partially upon the network security vulnerability information obtained by the previous test.
  - 7. The network security testing apparatus of claim 5, wherein the subsequent test includes execution of a test tool selected from a plurality of test tools based at least partially upon the system environment information.
  - 8. The network security testing apparatus of claim 1, wherein the plurality of tests continue until all relevant information about the system under test has been collected.

9. A network security testing method comprising:
- a) executing a first wave of tests in a security vulnerability attack simulation by at least one first tester to test for network security vulnerabilities of a network system under test, wherein the first wave of tests is targeted at the network system under test, and wherein the at least one first tester is communicably coupled to the network system under test;
  
  b) receiving first information from the first wave of tests about the network system under test, after executing the first wave of tests, the first information comprising network security vulnerability information;
  
  c) executing a second wave of tests in a security vulnerability attack simulation to test for the network vulnerabilities of the network system under test after said receiving first information, wherein the second wave of tests is specifically modified in real time to adapt to discovered security obstacles of the network system under test detected based on the network security vulnerability information gained from the first wave of tests and obtain additional network security vulnerability information from the network system under test based on the first information, the additional network security vulnerability information is more specific to the network system under test than the first information;
  
  d) receiving the additional network security vulnerability information from the second wave of tests about the network system under test, after executing the second wave of tests;
  
  e) repeating steps a)-d) a plurality of times until relevant information about the system under test has been collected; and
  
  f) wherein the network security vulnerability information obtained from each subsequent wave of tests is more specific to the system under test based on the network security vulnerability information provided by each previous test.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The network security testing method of claim 9, wherein the time period between said executing the first wave of tests and said executing the second wave of tests can be negligible.
  - 11. The network security testing method of claim 9, wherein said network security vulnerability information comprises information regarding network connectivity from the first tester to the network system under test.
  - 12. The network security testing method of claim 9, wherein said receiving network security vulnerability information comprises receiving connection information relating to an IP address used in said executing the first test.
  - 13. The network security testing method of claim 9, further comprising determining whether a test in the second wave of tests will be executed by the at least one first tester or by at least one second tester based upon the network security vulnerability information from the first test, before said executing the second test.
  - 14. The network security testing method of claim 13, further comprising selecting the test in the second wave of tests from a plurality of tests based at least partially upon the network security vulnerability information.
  - 15. The network security testing method of claim 9, further comprising selecting the test it the second wave of tests from a plurality of tests based at least partially upon the network security vulnerability information.
  - 16. The network security testing method of claim 9, further comprising:
    - determining whether all possible network security vulnerability information regarding the system under test has been received in light of the plurality of tests; and
      
      executing additional tests until all possible network security vulnerability information regarding the system under test has been received in light of the plurality of tests.

17. A computer program product for network security testing stored in a computer-readable medium, comprising:
- a) instructions for executing a first wave of tests in a security vulnerability attack simulation by at least one first tester to test for network security vulnerabilities of a network system under test, wherein the first wave of tests is targeted at the network system under test, and wherein the at least one first tester is communicably coupled to the network system under test;
  
  b) instructions for receiving first information from the first wave of tests about the network system under test, after executing the first wave of tests, the first information comprising network security vulnerability information;
  
  c) instructions for executing a second wave of tests to test for the network security vulnerabilities of the network system undet test after said receiving first information, wherein the second wave of tests is specifically modified in real time to adapt to the discovered security obstacles of the network system under test detected based on the network security vulnerability information gained from the first wave of tests and obtain additional network security vulnerability information from to the network system under test based on the first information, the additional network security vulnerability information is more specific to the network system under test than the first information;
  
  d) instructions for receiving the additional network security vulnerability information from the second wave of tests about the network system under test, after executing the second wave of tests;
  
  e) instructions for repeating steps a)-d) a plurality of times until all relevant information about the system under test has been collected; and
  
  f) instructions for wherein the network security vulnerability information obtained from each subsequent wave of tests is more specific to the system under test based on thc network security vulnerability information provided by each previous test.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17, wherein the time period between executing the first wave of tests and executing the second wave of tests can be negligible.
  - 19. The computer program product of claim 17, wherein said network security vulnerability information comprises information regarding network connectivity from the at least one first tester to the network system under test.
  - 20. The computer program product of claim 17, wherein receiving network security vulnerability information comprises receiving session establishability information relating to an IP address used in executing the first test.
  - 21. The computer program product of claim 17, further comprising instructions for determining whether a test in the second wave of tests will be executed by the at least one first tester or by at least one second tester based upon the network security vulnerability information from the first test, before said executing the second test.
  - 22. The computer program product of claim 21, further comprising instructions for selecting the test in the second wave of tests from a plurality of tests based at least partially upon the network security vulnerability information.
  - 23. The computer program product of claim 17, further comprising instructions for selecting the test in the second wave of tests from a plurality of tests based at least partially upon the network secutity vulnerability information.
  - 24. The computer program product of claim 17, further comprising:
    - instructions for determining whether all possible network security vulnerability information regarding the system under test has been received in light of the plurality of tests; and
      
      instructions for executing additional tests until all possible network security vulnerability information regarding the system under test has been received in light of the plurality of tests.

25. A network security testing apparatus comprising:
- a plurality of testers for generating a security vulnerability attack simulation comprised of a plurality of waves of tests for iteratively testing for network security vulnerabilities of a network system under test to obtain network security vulnerability information;
  
  wherein each of said plurality of testers is adapted to communicably couple to the network system under test;
  
  wherein a test of the network system under test is performed by a selected tester of said plurality of testers, said selection of said selected tester to adapt in real time to discovered security obstacles of the network system wider test based on the network security vulnerability information gained from a previous test to obtain more specific network security vulnerability information from the network system under test;
  
  wherein said plurality of testers has a load balance characteristic describing a degree of balance of loads of testers of said plurality of testers; and
  
  wherein the selected tester is selected from said plurality of testers based additionally on optimizing the load balance characteristic.
- View Dependent Claims (26, 27)
- - 26. The network security testing apparatus of claim 25,wherein each tester of said plurality of testers has at least one quality of communicable coupling to the system under test;
    - andwherein the selected tester is selected from said plurality of testers based at least partially on the selected tester'"'"'s quality of communicable coupling.
  - 27. The network security testing apparatus of claim 26, wherein the quality of communicable coupling includes:
    - cost per bit;
      
      absolute speed; and
      
      geographical proximity of the selected tester to the system under test.

28. A network security testing method comprising:
- selecting at least one tester from a plurality of testers for generating a security vulnerability attack simulation comprised of a plurality of waves of tests for iteratively testing for network security vulnerabilities of a network system under test to obtain network security vulnerability information, said selection of said at least one tester to adapt in real time is modified to discovered security obstacles of the network system under test detected based on network security vulnerability information gained from a previous test to obtain more specific network security vulnerability information from network system under test;
  
  executing a test by the selected tester, wherein the test is targeted at a the network system under test, and wherein the selected tester is communicably coupled to the network system under test;
  
  wherein the plurality of testers has a load balance characteristic describing a degree of balance of loads of testers of the plurality of testers; and
  
  wherein said selecting a selected tester from a plurality of testers is further based at least partially on optimizing the load balance characteristic.
- View Dependent Claims (29, 30)
- - 29. The network security testing method of claim 28,wherein each tester of the plurality of testers has at least one quality of communicable coupling to the network system under test;
    - andwherein said selecting a selected tester from a plurality of testers is further based at least partially on the selected tester'"'"'s quality of communicable coupling.
  - 30. The network security testing method of claim 29, wherein the quality of communicable coupling includes:
    - cost per bit;
      
      absolute speed; and
      
      geographical proximity of the selected tester to the system under test.

31. A computer program product for network security testing stored in a computer-readable medium, comprising:
- instructions for at least one selected tester from a plurality of testers for generating a security vulnerability attack simulation comprised of a plurality of waves of tests for iteratively testing for network security vulnerabilities of a network system under test to obtain network security vulnerability information, said selection of said at least one tester to adapt in real time is modified to discover security obstacles of the network system under test detected based on network security vulnerability information gained from a previous test to obtain more specific network security vulnerability information from network system under test;
  
  instructions for executing a test by the selected tester, wherein the test is targeted at a system tinder test, and wherein the selected tester is communicably coupled to the network system under test;
  
  wherein the plurality of testers has a load balance characteristic describing a degree of balance of loads of testers of the plurality of testers; and
  
  wherein the selecting a selected tester from a plurality of testers is further based at least partially on optimizing the load balance characteristic.
- View Dependent Claims (32, 33)
- - 32. The computer program product of claim 31,wherein each tester of the plurality of testers has at least one quality of communicable coupling to the system under test;
    - andwherein the selecting a selected tester from a plurality of testers is further based at least partially on the selected tester'"'"'s quality of communicable coupling.
  - 33. The computer program product of claim 32, wherein the quality of communicable coupling includes:
    - cost per bit;
      
      absolute speed; and
      
      geographical proximity of the selected tester to the system under test.

34. A network security testing apparatus comprising:
- at least one first tester that is adapted to communicably couple to a network system under test to generate a security vulnerability attack simulation comprised of a plurality of waves of tests to perform network security vulnerability testing, wherein said at least one first tester is adapted to iteratively perform a plurality of waves of tests on the network system under test to obtain network security vulnerability information on the network system under test;
  
  wherein each test in the plurality of waves of tests are specifically modified in real-time to adapt to discovered security obstacles of the network system under test detected based on the network security vulnerability information gained from the previous test and to obtain additional network security vulnerability information from the network system under test;
  
  wherein said at least one first tester is adapted to make a first attempt to communicably couple to the network system under test before executing the test to obtain network security vulnerability information;
  
  wherein said at least one first tester is adapted to make a second attempt to communicably couple to the system under test alter executing the test to obtain network security vulnerability information; and
  
  wherein the combination of success of the first attempt and failure of the second attempt are interpreted as detection of the test by the network system under test;
  
  wherein the combination of success of the first attempt and failure of the second attempt are interpreted as detection of the test by the network system under test.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alert Logic Incorporated
Original Assignee
Achilles Guard, Inc. (Alert Logic Incorporated)
Inventors
Bunker, Eva Elizabeth, Laizerovich, David, Bunker, Nelson Waldo V, Van Schuyver, Joey Don
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Tran; Tongoc

Application Number

US10/043,654
Publication Number

US 20030009696A1
Time in Patent Office

2,210 Days
Field of Search

713/200, 713/201, 726/23, 726/24, 726/25
US Class Current

726/25
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/045   for graphical visualisation...

H04L 43/06   Generation of reports

H04L 43/16   Threshold monitoring

H04L 63/083   using passwords cryptograph...

H04L 63/1433   Vulnerability analysis

Network security testing

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Network security testing

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links