System and method for enabling remote registry service security audits
First Claim
1. A system for enabling remote registry service security audits, comprising:
- a vulnerability management system that maintains a model of a network, wherein the model of the network includes a plurality of devices discovered in the network that have a remote registry service; and
an active vulnerability scanner that actively scans the network to detect one or more vulnerabilities in the network, wherein the active vulnerability scanner is configured to;
identify one or more of the plurality of devices discovered in the network that have disabled the remote registry service;
communicate one or more activation messages to the devices that have disabled the remote registry service, wherein the activation messages enable the remote registry service on the identified devices;
interact with the enabled remote registry service on the identified devices to obtain registry information from the identified devices; and
communicate one or more deactivation messages to the identified devices in response to obtaining the registry information from the identified devices, wherein the deactivation messages disable the remote registry service on the identified devices.
3 Assignments
0 Petitions
Accused Products
Abstract
The system and method for enabling remote registry service security audits described herein may include scanning a network to construct a model or topology of the network. In particular, the model or topology of the network may include characteristics describing various devices in the network, which may be analyzed to determine whether a remote registry service has been enabled on the devices. For example, the security audits may include performing one or more credentialed policy scans to enable the remote registry service for certain devices that have disabled the remote registry service, auditing the devices in response to enabling the remote registry service, and then disabling the remote registry service on the devices. Thus, the system and method described herein may enable remotely scanning information contained in device registries during a security audit without exposing the device registries to malicious activity.
81 Citations
20 Claims
-
1. A system for enabling remote registry service security audits, comprising:
-
a vulnerability management system that maintains a model of a network, wherein the model of the network includes a plurality of devices discovered in the network that have a remote registry service; and an active vulnerability scanner that actively scans the network to detect one or more vulnerabilities in the network, wherein the active vulnerability scanner is configured to; identify one or more of the plurality of devices discovered in the network that have disabled the remote registry service; communicate one or more activation messages to the devices that have disabled the remote registry service, wherein the activation messages enable the remote registry service on the identified devices; interact with the enabled remote registry service on the identified devices to obtain registry information from the identified devices; and communicate one or more deactivation messages to the identified devices in response to obtaining the registry information from the identified devices, wherein the deactivation messages disable the remote registry service on the identified devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for enabling remote registry service security audits, comprising:
-
maintaining a model of a network in a vulnerability management system, wherein the model of the network includes a plurality of devices discovered in the network that have a remote registry service; identifying, by an active vulnerability scanner that actively scans the network, one or more of the plurality of devices discovered in the network that have disabled the remote registry service; communicating one or more activation messages from the active vulnerability scanner to the devices that have disabled the remote registry service, wherein the activation messages enable the remote registry service on the identified devices; interacting with the enabled remote registry service on the identified devices, wherein the active vulnerability scanner interacts with the enabled remote registry service on the identified devices to obtain registry information from the identified devices; and communicating one or more deactivation messages from the active vulnerability scanner to the identified devices in response to the active vulnerability scanner obtaining the registry information from the identified devices, wherein the deactivation messages disable the remote registry service on the identified devices. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification