System and method for network vulnerability detection and reporting

US 7,664,845 B2
Filed: 03/10/2003
Issued: 02/16/2010
Est. Priority Date: 01/15/2002
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processor;

a scanning module executable by the processor to scan a target network to identify security vulnerabilities within specific host computers of the target network, wherein the scanning module is responsive to identification of a security vulnerability within a host computer by generating a vulnerability record that specifies the vulnerability and the host computer;

a vulnerability record management module executable by the processor to provide functionality for assigning the vulnerability records to specific users for correction of the security vulnerabilities specified therein, and to further provide functionality for tracking a status of each such vulnerability record; and

a fix verification module executable by the processor to perform a vulnerability-record-specific vulnerability test to evaluate whether the security vulnerability specified by the vulnerability record has been corrected within a corresponding host computer;

wherein the system is operable such that the vulnerability record is capable of being used to track user actions taken with respect to remedying the vulnerability;

wherein the vulnerability record management module is executable by the processor to inhibit closure of the vulnerability record for which the fix verification module has not yet verified correction of the security vulnerability;

wherein use of the vulnerability record enables the avoidance of a rescanning of the host computer to determine whether the security vulnerability has been corrected;

wherein the vulnerability record includes a plurality of fields including a user to which the vulnerability record has been assigned;

wherein the scanning module tests a target host computer for each of a plurality of vulnerabilities, and the fix verification module performs the vulnerability-record-specific vulnerability test of the target host computer without re-testing for all of the plurality of vulnerabilities.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.

139 Citations

18 Claims

1. A system comprising:
- a processor;
  
  a scanning module executable by the processor to scan a target network to identify security vulnerabilities within specific host computers of the target network, wherein the scanning module is responsive to identification of a security vulnerability within a host computer by generating a vulnerability record that specifies the vulnerability and the host computer;
  
  a vulnerability record management module executable by the processor to provide functionality for assigning the vulnerability records to specific users for correction of the security vulnerabilities specified therein, and to further provide functionality for tracking a status of each such vulnerability record; and
  
  a fix verification module executable by the processor to perform a vulnerability-record-specific vulnerability test to evaluate whether the security vulnerability specified by the vulnerability record has been corrected within a corresponding host computer;
  
  wherein the system is operable such that the vulnerability record is capable of being used to track user actions taken with respect to remedying the vulnerability;
  
  wherein the vulnerability record management module is executable by the processor to inhibit closure of the vulnerability record for which the fix verification module has not yet verified correction of the security vulnerability;
  
  wherein use of the vulnerability record enables the avoidance of a rescanning of the host computer to determine whether the security vulnerability has been corrected;
  
  wherein the vulnerability record includes a plurality of fields including a user to which the vulnerability record has been assigned;
  
  wherein the scanning module tests a target host computer for each of a plurality of vulnerabilities, and the fix verification module performs the vulnerability-record-specific vulnerability test of the target host computer without re-testing for all of the plurality of vulnerabilities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the scanning module is configurable with host credentials for scanning the target host computer, and wherein the fix verification module re-uses the host credentials to perform the vulnerability-record-specific vulnerability test of the target host computer.
  - 3. The system of claim 2, wherein the host credentials include an administrative-level username and password for the target host computer.
  - 4. The system of claim 1, wherein the vulnerability record management module provides a user interface through which an administrator can assign each vulnerability record to a selected user within a pool of users, and can view the statuses of the assigned vulnerability records.
  - 5. The system of claim 1, wherein the vulnerability record management module provides a user option to verify a selected vulnerability record, and the fix verification module is responsive to user actuation of the user option by performing the vulnerability test of a single host computer associated with the selected vulnerability record.
  - 6. The system of claim 1, wherein the scanning module tests a target host computer for each of a plurality of vulnerabilities, and the fix verification module performs the vulnerability-record-specific vulnerability test of the target host computer without re-testing for all of the plurality of vulnerabilities.
  - 7. The system of claim 1, wherein the user actions are tracked utilizing an audit trail.
  - 8. The system of claim 1, wherein the user actions include an assignment action.
  - 9. The system of claim 1, wherein the user actions include a verification action.
  - 10. The system of claim 1, wherein each of the plurality of fields of the vulnerability record are stored in separate databases.

11. A method of network security vulnerability testing, comprising:
- scanning each of a plurality of host computers on a target network to test for an existence of known security vulnerabilities within the host computers, the scanning performed by a processor;
  
  in response to detection of a security vulnerability within a host computer, generating a vulnerability record that is specific to the host computer, the vulnerability record specifying the detected security vulnerability; and
  
  providing a user interface through which user actions taken with respect to the vulnerability record may be tracked, and through which a vulnerability-record-specific fix verification test may be initiated to determine whether the detected security vulnerability specified by the vulnerability record has been corrected within the host computer;
  
  wherein the vulnerability record provides functionality for assigning the vulnerability record to a specific user for correction of the security vulnerability specified therein, and further provides functionality for tracking a status of the vulnerability record;
  
  wherein use of the vulnerability record enables the avoidance of a rescanning of the host computer to determine whether the detected security vulnerability has been eliminated;
  
  wherein the vulnerability record includes a plurality of fields including a user to which the vulnerability record has been assigned;
  
  wherein closure of the vulnerability record for which the vulnerability-record-specific fix verification test has not yet verified correction of the security vulnerability is inhibited;
  
  wherein the vulnerability-record-specific fix verification test is performed without re-testing for all security vulnerabilities assessed during scanning.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the vulnerability-record-specific fix verification test tests the host computer for the existence of the detected security vulnerability only, without testing for other security vulnerabilities.
  - 13. The method of claim 11, wherein the user interface provides an option for an administrative user to assign the vulnerability record to a selected user for correcting the detected security vulnerability.
  - 14. The method of claim 11, wherein the vulnerability-record-specific fix verification test is performed using host credentials used during scanning of the host computer.
  - 15. The method of claim 14, wherein the host credentials include an administrative-level username and password for the host computer.

16. A computer readable medium having computer code stored thereon, the computer readable medium, comprising:
- computer code for scanning a plurality of host computers on a target network to test for an existence of known security vulnerabilities within the host computers;
  
  computer code for generating a vulnerability record that is specific to a host computer in response to detection of a security vulnerability within a host computer, the vulnerability record specifying the detected security vulnerability; and
  
  computer code for inhibiting closure of the vulnerability record for a vulnerability which has not yet been corrected;
  
  wherein the vulnerability record provides functionality for assigning the vulnerability record to a specific user for correction of the security vulnerability specified therein, and further provides functionality for tracking a status of the vulnerability record;
  
  wherein the computer code is operable such that the vulnerability record is capable of being used to track user actions taken with respect to correcting the vulnerability;
  
  wherein computer code is operable such that a vulnerability-record-specific fix verification test is initiated to determine whether the detected security vulnerability specified by the vulnerability record has been corrected within the host computer;
  
  wherein computer code is operable such that use of the vulnerability record enables the avoidance of a rescanning of the host computer to determine whether the detected security vulnerability has been corrected;
  
  wherein the vulnerability record includes a plurality of fields including a user to which the vulnerability record has been assigned;
  
  wherein computer code is operable such that the vulnerability-record-specific fix verification test is performed without re-testing for all security vulnerabilities assessed during scanning.
- View Dependent Claims (17, 18)
- - 17. The computer readable medium of claim 16, wherein the tracking is carried out utilizing a separate fix verification module.
  - 18. The computer readable medium of claim 16, wherein the tracking is carried out utilizing a user interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Cole, David M., Caso, Erik, Kuykendall, Dan, Kurtz, George R.
Primary Examiner(s)
Etienne; Ario
Assistant Examiner(s)
Burgess; Barbara N

Application Number

US10/387,358
Publication Number

US 20030217039A1
Time in Patent Office

2,535 Days
Field of Search

709/223, 709/224, 709/203, 709/217, 709/227, 709/250, 713/166, 726/22, 726/25, 705/7
US Class Current

709/224
CPC Class Codes

G02B 2006/12097   Ridge, rib or the like

G02B 2006/12116   Polariser; Birefringent

G02B 5/3083   Birefringent or phase retar...

G02B 6/105   having optical polarisation...

G02B 6/12011   characterised by the arraye...

G02B 6/12023   characterised by means for ...

G06Q 10/063   Operations research, analys...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/0218   Distributed architectures, ...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

System and method for network vulnerability detection and reporting

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

139 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

System and method for network vulnerability detection and reporting

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

139 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others