Systems and methods for assessing computer security

US 7,328,454 B2
Filed: 04/24/2003
Issued: 02/05/2008
Est. Priority Date: 04/24/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

storing a Xamin.dll file, a Xamin.exe file, and a Xamincli.exe file in a common directory, the Xamin.dll file performing backend processing for the Xamin.exe file and the Xamincli.exe file;

adding a command line version of a security program to a client system'"'"'s login script on a primary domain controller, such that the client system'"'"'s Internet activity is evaluated upon login to a domain;

receiving a call for the Xamin.dll file;

performing a security evaluation of the client system by manual run or by login script;

if the security evaluation is performed by manual run, then executing the Xamin.exe file from the client system and writing an output created by the Xamin.exe file to the client system;

if the security evaluation is performed by login script, then i) establishing a logon connection between a host system and the client system through a network, ii) executing the Xamin.exe file from the host system, and iii) writing the output created by the Xamin.exe file to the host system;

scanning for operating system characteristics including operating system version, build, and service pack version;

scanning security information including screen saver activity, password protection, timeout, legal notice text and caption, default background image display, automatic logon, last user displayed, shutdown procedure, restricted sessions, minimum password length, minimum and maximum password age, password history, lockout duration, lockout window, lockout threshold, installation of registry key, and password filtering;

parsing data obtained by scanning the client system; and

generating output files containing the parsed data.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method includes establishing a logon connection between a host system and one or more client systems through a network; assessing computer security at the host system by scanning each client system after logon; parsing data obtained by scanning each client system; and generating output files containing parsed data.

Implementations may include scanning for one or more of: Ethernet adapters, operating system, computer name, antivirus installation, security information, mounted drives, local user information, services, audit policies, shared drives, trusted domains, Internet uniform locators, installed applications, images and movies.

Citations

17 Claims

1. A computer-implemented method, comprising:
- storing a Xamin.dll file, a Xamin.exe file, and a Xamincli.exe file in a common directory, the Xamin.dll file performing backend processing for the Xamin.exe file and the Xamincli.exe file;
  
  adding a command line version of a security program to a client system'"'"'s login script on a primary domain controller, such that the client system'"'"'s Internet activity is evaluated upon login to a domain;
  
  receiving a call for the Xamin.dll file;
  
  performing a security evaluation of the client system by manual run or by login script;
  
  if the security evaluation is performed by manual run, then executing the Xamin.exe file from the client system and writing an output created by the Xamin.exe file to the client system;
  
  if the security evaluation is performed by login script, then i) establishing a logon connection between a host system and the client system through a network, ii) executing the Xamin.exe file from the host system, and iii) writing the output created by the Xamin.exe file to the host system;
  
  scanning for operating system characteristics including operating system version, build, and service pack version;
  
  scanning security information including screen saver activity, password protection, timeout, legal notice text and caption, default background image display, automatic logon, last user displayed, shutdown procedure, restricted sessions, minimum password length, minimum and maximum password age, password history, lockout duration, lockout window, lockout threshold, installation of registry key, and password filtering;
  
  parsing data obtained by scanning the client system; and
  
  generating output files containing the parsed data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising scanning for Ethernet adapters.
  - 3. The method of claim 1, further comprising scanning for computer name.
  - 4. The method of claim 1, further comprising scanning for antivirus installation including last virus scan and last virus update.
  - 5. The method of claim 1, further comprising scanning for mounted drive information including:
    - file system type, case preservation, case sensitive support, unicode support, persistent access control list (ACL) support, file compression support, compression of volume, encrypting file system (EFS) support, object identification support, and reparse points support.
  - 6. The method of claim 1, further comprising scanning for local user information including:
    - username, full name, privileges, disabled, locked out, comment, user comment, password required, password change capability, password age, password expiration, password expiration date, last logon date, and support of reparse points.
  - 7. The method of claim 1, further comprising scanning for services including service name and status of the service.
  - 8. The method of claim 1, further comprising scanning for audit policy information including auditing enabled, type of auditing, event auditing, object access auditing, privilege use auditing, process tracking auditing, policy change auditing, account management auditing, directory service access auditing, and account logon auditing.
  - 9. The method of claim 1, further comprising scanning for shared drive information including share name, share type and share comments.
  - 10. The method of claim 1, further comprising scanning for trusted domain information.
  - 11. The method of claim 1, further comprising scanning for uniform resource locators.
  - 12. The method of claim 1, further comprising scanning for installed applications.

13. A computer system, comprising:
- means for storing a Xamin.dll file, a Xamin.exe file, and a Xamincli.exe file in a common directory, the Xamin.dll file performing backend processing for the Xamin.exe file and the Xamincli.exe file;
  
  means for adding a command line version of a security program to a client system'"'"'s login script on a primary domain controller, such that the client system'"'"'s Internet activity is evaluated upon login to a domain;
  
  means for receiving a call for the Xamin.dll file;
  
  means for performing a security evaluation of the client system;
  
  if the security evaluation is performed by a manual run, then means for executing the Xamin.exe file from the client system and for writing an output created by the Xamin.exe file to the client system;
  
  if the security evaluation is performed by login script, then i) means for establishing a logon connection between a host system and the client system through a network, ii) means for executing the Xamin.exe file from the host system, and iii) means for writing the output created by the Xamin.exe file to the host system;
  
  means for scanning for operating system characteristics including operating system version, build, and service pack version;
  
  means for scanning security information including screen saver activity, password protection, timeout, legal notice text and caption, default background image display, automatic logon, last user displayed, shutdown procedure, restricted sessions, minimum password length, minimum and maximum password age, password history, lockout duration, lockout window, lockout threshold, installation of registry key, and password filtering;
  
  means for parsing data obtained by scanning the client system; and
  
  means for generating output files containing parsed data.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, further comprising means for scanning for Ethernet adapters.
  - 15. The system of claim 14, further comprising means for scanning for a computer name.

16. A computer program stored on computer-readable storage media, the computer program, executed by a processor, causes the processor to:
- store a Xamin.dll file, a Xamin.exe file, and a Xamincli.exe file in a common directory, the Xamin.dll file performing backend processing for the Xamin.exe file and the Xamincli.exe file;
  
  add a command line version of a security program to a client system'"'"'s login script on a primary domain controller, such that the client system'"'"'s Internet activity is evaluated upon login to a domain;
  
  receive a call for the Xamin.dll file;
  
  perform a security evaluation of the client system by manual run or by login script;
  
  if the security evaluation is performed by manual run, then execute the Xamin.exe file from the client system and write an output created by the Xamin.exe file to the client system;
  
  if the security evaluation is performed by login script, then i) establish a logon connection between a host system and the client system through a network, ii) execute the Xamin.exe file from the host system, and iii) write the output created by the Xamin.exe file to the host system;
  
  scan for operating system characteristics including operating system version, build, and service pack version;
  
  scan security information including screen saver activity, password protection, timeout, legal notice text and caption, default background image display, automatic logon, last user displayed, shutdown procedure, restricted sessions, minimum password length, minimum and maximum password age, password history, lockout duration, lockout window, lockout threshold, installation of registry key, and password filtering;
  
  parse data obtained by scanning the client system; and
  
  generating output files containing the parsed data.
- View Dependent Claims (17)
- - 17. The computer program of claim 16, wherein the computer-readable storage medium is a disk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures II LLC (Intellectual Ventures LLC)
Original Assignee
At&T Delaware Intellectual Property, Inc. (AT&T, Inc.)
Inventors
Strickland, Jeffrey Thomas, Ensminger, John David, Hester, Terry Allen
Primary Examiner(s)
Lanier, Benjamin E.

Application Number

US10/422,134
Publication Number

US 20040250116A1
Time in Patent Office

1,748 Days
Field of Search

726/22, 726/23, 726/24, 726/25, 713/188
US Class Current

726/25
CPC Class Codes

H04L 63/1433 Vulnerability analysis

Systems and methods for assessing computer security

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for assessing computer security

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links