System and method for network vulnerability detection and reporting

US 8,615,582 B2
Filed: 02/15/2012
Issued: 12/24/2013
Est. Priority Date: 01/15/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

sending a set of TCP packets to one or more computer devices in a plurality of computer devices on a network;

sending a set of UDP packets to one or more computer devices in the plurality of computer devices;

identifying responsive computer devices among the plurality of computer devices based at least in part on responses received to the sent sets of TCP packets and UDP packets;

identifying vulnerabilities of the responsive computer devices; and

determining a security score for the plurality of computer devices based at least in part on the identified vulnerabilities, wherein the security score is to indicate a relative security of the plurality of computer devices and is dependent on a vulnerability exposure level determined for the plurality of computer devices based at least in part on information included in the responses.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.

279 Citations

19 Claims

1. A method comprising:
- sending a set of TCP packets to one or more computer devices in a plurality of computer devices on a network;
  
  sending a set of UDP packets to one or more computer devices in the plurality of computer devices;
  
  identifying responsive computer devices among the plurality of computer devices based at least in part on responses received to the sent sets of TCP packets and UDP packets;
  
  identifying vulnerabilities of the responsive computer devices; and
  
  determining a security score for the plurality of computer devices based at least in part on the identified vulnerabilities, wherein the security score is to indicate a relative security of the plurality of computer devices and is dependent on a vulnerability exposure level determined for the plurality of computer devices based at least in part on information included in the responses.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising sending a set of ICMP packets to one or more computer devices in the plurality of computer devices, wherein responsive computer devices are identified based at least in part on responses received to the sent set of ICMP packets.
  - 3. The method of claim 2, wherein:
    - the set of ICMP packets are sent to each computer device in the plurality of computer devices and a first set of responsive computer devices is identified in the plurality of computer devices responsive to the ICMP packets;
      
      the set of TCP packets are sent to at least the computer devices in the plurality of computer devices not included in the first set of responsive computer devices and a second set of responsive computer devices is identified responsive to the TCP packets;
      
      the set of UDP packets are sent to at least the computer devices in the plurality of computer devices not included in at least one of the first and second sets of responsive computer devices and a third set of responsive computer devices is identified in the plurality of computer devices responsive to the UDP packets.
  - 4. The method of claim 1, further comprising determining a device-specific security score for each of the responsive computer devices.
  - 5. The method of claim 1, wherein the security score is a score for the network of computer devices.
  - 6. The method of claim 1, wherein the security score is further dependent on vulnerability risk levels of the identified vulnerabilities.
  - 7. The method of claim 6, wherein the security score is derived from a formula of form F=a−
    - V−
      
      E, wherein F is the security score, a is a constant, V is an indicia of the vulnerability risk levels, and E is an indicia of the vulnerability exposure level.
  - 8. The method of claim 7, wherein the indicia V is dependent on a weighted sum of vulnerability risk levels of the identified vulnerabilities.
  - 9. The method of claim 8, wherein the indicia V is derived from a formula of form V=min(f, Σ
    - _(x-1-n)(V_w,x)), where min( . . . , . . . ) is the typical standard minimum function, Σ
      
      is a summation symbol, V_w,xis a vulnerability weight value of a computer device x, n is the number of computer devices in the plurality, and f is a maximum vulnerability loss value.
  - 10. The method of claim 9, wherein the vulnerability weight value V_w,xof a vulnerability is dependent at least on the vulnerability risk level of the vulnerability.
  - 11. The method of claim 1, further comprising identifying attributes of the responsive computer devices from the information.
  - 12. The method of claim 11, wherein each identified attribute is at least one of an operating system of the computer device, active ports of the computer device, and a service of the computer device.
  - 13. The method of claim 11, wherein identifying vulnerabilities of the responsive computer devices includes scanning each responsive computer devices for vulnerabilities included in a respective set of vulnerabilities relevant to the identified attributes of the respective responsive computer device.
  - 14. The method of claim 1, further comprising:
    - stripping information from responses received to the sent sets of TCP packets and UDP packets; and
      
      storing the stripped information in association with the corresponding responsive computer device.
  - 15. The method of claim 14, wherein the stored stripped information is used in the identifying of vulnerabilities on the associated corresponding computer device.
  - 16. The method of claim 1, wherein TCP packets in the sets of TCP packets include TCP SYN packets.
  - 17. The method of claim 1, wherein UDP packets in the sets of UDP packets are sent to particular ports of the one or more responsive computer devices and are adapted to solicit a response from a particular service identified as potentially using the corresponding particular port.

18. At least one non-transitory, machine-accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- send a set of TCP packets to one or more computer devices in a plurality of computer devices on a network;
  
  send a set of UDP packets to one or more computer devices in the plurality of computer devices;
  
  identify responsive computer devices among the plurality of computer devices based at least in part on responses received to the sent sets of TCP packets and UDP packets;
  
  identify vulnerabilities of the responsive computer devices; and
  
  determining a security score for the plurality of computer devices based at least in part on the identified vulnerabilities, wherein the security score is to indicate a relative security of the plurality of computer devices and is dependent on a vulnerability exposure level determined for the plurality of computer devices based at least in part on information included in the responses.

19. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a network security engine, adapted when executed by the at least one processor device to;
  
  send a set of TCP packets to one or more computer devices in a plurality of computer devices on a network;
  
  send a set of UDP packets to one or more computer devices in the plurality of computer devices;
  
  identify responsive computer devices among the plurality of computer devices based at least in part on responses received to the sent sets of TCP packets and UDP packets;
  
  identify vulnerabilities of the responsive computer devices; and
  
  determine a security score for the plurality of computer devices based at least in part on the identified vulnerabilities, wherein the security score is to indicate a relative security of the plurality of computer devices and is dependent on a vulnerability exposure level determined for the plurality of computer devices based at least in part on information included in the responses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
McClure, Stuart C., Kurtz, George, Keir, Robin, Beddoe, Marshall A., Morton, Michael J., Prosise, Christopher M., Cole, David M., Abad, Christopher
Primary Examiner(s)
SALL, EL HADJI MALICK

Application Number

US13/397,514
Publication Number

US 20120151594A1
Time in Patent Office

678 Days
Field of Search

709/224, 709/200, 726/23, 726/25
US Class Current

709/224
CPC Class Codes

G02B 2006/12097   Ridge, rib or the like

G02B 2006/12116   Polariser; Birefringent

G02B 6/105   having optical polarisation...

G02B 6/12011   characterised by the arraye...

G02B 6/12023   characterised by means for ...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

System and method for network vulnerability detection and reporting

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

279 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for network vulnerability detection and reporting

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

279 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links