Network security modeling system and method
First Claim
Patent Images
1. A network security modeling system comprising:
- a network configuration module having network configuration data; and
a simulator coupled to the network configuration module to simulate and analyze networks based on the network configuration data, wherein the simulator includes a network vulnerabilities database, and wherein the network vulnerabilities database includes;
a plurality of known network vulnerabilities, wherein each network vulnerability includes a service to which it applies, defense conditions that might close the vulnerability, and resource and state conditions needed to exercise the vulnerability;
wherein the simulator includes a defender and an attacker user interface.
9 Assignments
0 Petitions
Accused Products
Abstract
A network security modeling system which simulates a network and analyzes security vulnerabilities of the network. The system includes a simulator which includes a network vulnerabilities database and a network configuration module having network configuration data. The simulator determines vulnerabilities of the simulated network based on the network configuration data and the vulnerabilities database.
-
Citations
23 Claims
-
1. A network security modeling system comprising:
-
a network configuration module having network configuration data; and a simulator coupled to the network configuration module to simulate and analyze networks based on the network configuration data, wherein the simulator includes a network vulnerabilities database, and wherein the network vulnerabilities database includes; a plurality of known network vulnerabilities, wherein each network vulnerability includes a service to which it applies, defense conditions that might close the vulnerability, and resource and state conditions needed to exercise the vulnerability; wherein the simulator includes a defender and an attacker user interface. - View Dependent Claims (2, 3)
-
-
4. A network security modeling system comprising:
-
a network configuration module having network configuration data; a simulator coupled to the network configuration module for simulating and analyzing networks based on the network configuration, wherein the simulator includes a network vulnerabilities database; and a mission objectives module coupled to the simulator, wherein the mission objectives module includes critical resource information used to determine network components that are involved in a specific attack scenario. - View Dependent Claims (5, 6, 7, 8)
-
-
9. A method of analyzing a computer network using a security modeling system, wherein the security modeling system includes a database of network vulnerability information, the method comprising:
-
receiving a network configuration of a computer network; simulating the network based on the network configuration; and determining vulnerabilities of the simulated network using the vulnerability information stored in the database, wherein the database includes a plurality of known network vulnerabilities, wherein each network vulnerability includes; a plurality of known network vulnerabilities, wherein each network vulnerability includes a service to which it applies, defense conditions that might close the vulnerability, and resource and state conditions needed to exercise the vulnerability; wherein simulating the network includes; receiving mission objectives; storing the mission objectives; and simulating the network based on the network configuration and the mission objectives. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of opposing attackers of a computer network, comprising:
-
receiving a network configuration, wherein the network configuration comprises computer hardware and software component information; receiving mission objectives including critical resource information used to determine network components that are involved in a specific attack scenario; receiving commands from a network attacker; simulating the network based on the commands received from the network attacker, wherein simulating the network includes determining results as a function of the network configuration, mission objectives and stored vulnerability data for the described computer hardware and software components; and responding to the network attacker, wherein responding to the attacker includes responses selected from a group of responses including imposing barriers, providing response messages and protecting the network. - View Dependent Claims (18, 19, 20)
-
-
21. A network security modeling system for simulating objective networks comprising:
-
a simulator having a plurality of databases, wherein the plurality of databases include mission objectives tables including information used to determine network components that are involved in a specific attack scenario, vulnerability tables, and network configuration tables, wherein the network configuration tables include network configuration data; and a graphical user interface which operates with the simulator to allow input and output to clients. - View Dependent Claims (22, 23)
-
Specification