Protecting a data processing system from attack by a vandal who uses a vulnerability scanner
First Claim
1. A method for protecting a data processing system against attack by a vandal, the method comprising the steps of:
- blocking, by a hardware blocker, a first instance of a network flow to the data processing system, said first instance of the network flow having been detected by an observation engine of the apparatus and being associated with a first externally visible vulnerability of the data processing system, said first externally visible vulnerability having been determined by a vulnerability scanner of the apparatus,lifting, by the observation engine, a blocking of an earlier-blocked instance of the network flow, wherein the earlier-blocked instance of the network flow had been blocked by the hardware blocker due to having satisfied a description of the earlier-blocked instance provided by the vulnerability scanner responsive to the vulnerability scanner having determined a second externally visible vulnerability of the data processing system such that the earlier-blocked instance of the network flow is associated with the second externally visible vulnerability.
0 Assignments
0 Petitions
Accused Products
Abstract
Method and apparatus for protecting a data processing system such as an Internet server from attack by a vandal who uses an offensive vulnerability scanner to find an externally visible vulnerability of the data processing system. The method includes determining an externally visible vulnerability using a defensive vulnerability scanner, configuring an intrusion detection system to detect a network flow associated with the vulnerability, and blocking that flow by a firewall or a router. The apparatus includes a defensive vulnerability scanner that finds an externally visible vulnerability and provides a description of the vulnerability, an intrusion detection system that detects a network flow that satisfies the description, and a firewall or a router that blocks the flow responsive to detection of the flow by the intrusion detection system.
35 Citations
21 Claims
-
1. A method for protecting a data processing system against attack by a vandal, the method comprising the steps of:
-
blocking, by a hardware blocker, a first instance of a network flow to the data processing system, said first instance of the network flow having been detected by an observation engine of the apparatus and being associated with a first externally visible vulnerability of the data processing system, said first externally visible vulnerability having been determined by a vulnerability scanner of the apparatus, lifting, by the observation engine, a blocking of an earlier-blocked instance of the network flow, wherein the earlier-blocked instance of the network flow had been blocked by the hardware blocker due to having satisfied a description of the earlier-blocked instance provided by the vulnerability scanner responsive to the vulnerability scanner having determined a second externally visible vulnerability of the data processing system such that the earlier-blocked instance of the network flow is associated with the second externally visible vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. Apparatus for protecting a data processing system against attack by a vandal, the apparatus comprising:
-
a vulnerability scanner for determining a first externally visible vulnerability of the data processing system and for providing to an observation engine a description of a first instance of a network flow to the data processing system such that the first instance of the network flow is associated with the first externally visible vulnerability, said first externally visible vulnerability being on a list, said list appearing in a database; the observation engine for detecting the first instance of the network flow satisfying said description and for instructing a hardware blocker to block the detected first instance of the network flow, said instructing being in response to said detecting; and the hardware blocker for blocking the detected first instance of the network flow, said blocking being in response to said instructing, wherein the observation engine is adapted to lift a blocking of an earlier-blocked instance of the network flow, wherein the earlier-blocked instance of the network flow had been blocked by the hardware blocker due to having satisfied a description of the earlier-blocked instance provided by the vulnerability scanner responsive to the vulnerability scanner having determined a second externally visible vulnerability of the data processing system such that the earlier-blocked instance of the network flow is associated with the second externally visible vulnerability, and wherein the second externally visible vulnerability is on the list. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. Apparatus for protecting a data processing system against attack by a vandal, the apparatus comprising:
-
a hardware blocker for blocking a first instance of a network flow to the data processing system, said first instance of the network flow having been detected by an observation engine of the apparatus and being associated with a first externally visible vulnerability of the data processing system, said first externally visible vulnerability having been determined by a vulnerability scanner of the apparatus, wherein the observation engine is adapted to lift a blocking of an earlier-blocked instance of the network flow, wherein the earlier-blocked instance of the network flow had been blocked by the hardware blocker due to having satisfied a description of the earlier-blocked instance provided by the vulnerability scanner responsive to the vulnerability scanner having determined a second externally visible vulnerability of the data processing system such that the earlier-blocked instance of the network flow is associated with the second externally visible vulnerability. - View Dependent Claims (18, 19, 20, 21)
-
Specification