System and method for network vulnerability detection and reporting
First Claim
1. A method comprising:
- causing a first scan to be performed that comprises sending a set of ICMP packets to a plurality of computer devices on a network and identifying a first set of responsive computer devices in the plurality of computer devices responsive to the ICMP packets, wherein the plurality of computer devices are included on a scan list;
revising the scan list to remove the first set of responsive computer devices from the scan list to create a first version of the scan list;
causing a second scan to be performed that comprises sending a set of TCP packets to the computer devices included on the first version of the scan list and identifying a second set of responsive computer devices responsive to the TCP packets;
revising the first version of the scan list to remove the second set of responsive computer devices from the first version to create a second version of the scan list;
causing a third scan to be performed that comprises sending a set of UDP packets to the computer devices included on the second version of the scan list and identifying a third set of responsive computer devices in the plurality of computer devices responsive to the UDP packets, wherein the third set of responsive computer devices are to be removed from the second version of the scan list; and
identifying vulnerabilities of computer devices included on a live list, wherein in at least one of the first, second, and third sets of responsive computer devices are to be added to the live list upon removal from the scan list.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.
-
Citations
20 Claims
-
1. A method comprising:
-
causing a first scan to be performed that comprises sending a set of ICMP packets to a plurality of computer devices on a network and identifying a first set of responsive computer devices in the plurality of computer devices responsive to the ICMP packets, wherein the plurality of computer devices are included on a scan list; revising the scan list to remove the first set of responsive computer devices from the scan list to create a first version of the scan list; causing a second scan to be performed that comprises sending a set of TCP packets to the computer devices included on the first version of the scan list and identifying a second set of responsive computer devices responsive to the TCP packets; revising the first version of the scan list to remove the second set of responsive computer devices from the first version to create a second version of the scan list; causing a third scan to be performed that comprises sending a set of UDP packets to the computer devices included on the second version of the scan list and identifying a third set of responsive computer devices in the plurality of computer devices responsive to the UDP packets, wherein the third set of responsive computer devices are to be removed from the second version of the scan list; and identifying vulnerabilities of computer devices included on a live list, wherein in at least one of the first, second, and third sets of responsive computer devices are to be added to the live list upon removal from the scan list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18)
-
-
14. The method of 13, wherein the security score is further based, at least in part, on the discovered exposures.
-
19. At least one non-transitory, machine-accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
perform a first scan comprising sending a set of ICMP packets to a plurality of computer devices on a network and identifying a first set of responsive computer devices in the plurality of computer devices responsive to the ICMP packets, wherein the plurality of computer devices are included on a scan list; revise the scan list to remove the first set of responsive computer devices from the scan list to create a first version of the scan list; perform a second scan comprising sending a set of TCP packets to the computer devices included on the first version of the scan list and identifying a second set of responsive computer devices responsive to the TCP packets; revise the first version of the scan list to remove the second set of responsive computer devices from the first version to create a second version of the scan list; perform a third scan comprising sending a set of UDP packets to the computer devices included on the second version of the scan list and identifying a third set of responsive computer devices in the plurality of computer devices responsive to the UDP packets, wherein the third set of responsive computer devices are to be removed from the second version of the scan list; and identify vulnerabilities of computer devices included on a live list, wherein in at least one of the first, second, and third sets of responsive computer devices are to be added to the live list upon removal from the scan list.
-
-
20. A system comprising:
-
at least one processor device; at least one memory element; and a network security engine, adapted when executed by the at least one processor device to; send a set of ICMP packets to a plurality of computer devices on a network; identify a first set of responsive computer devices in the plurality of computer devices responsive to the ICMP packets; revise the scan list to remove the first set of responsive computer devices from the scan list to create a first version of the scan list; send a set of TCP packets to the computer devices included on the first version of the scan list; identify a second set of responsive computer devices responsive to the TCP packets; revise the first version of the scan list to remove the second set of responsive computer devices from the first version to create a second version of the scan list; send a set of UDP packets to the computer devices included on the second version of the scan list; identify a third set of responsive computer devices in the plurality of computer devices responsive to the UDP packets, wherein the third set of responsive computer devices are to be removed from the second version of the scan list; and identify vulnerabilities of computer devices included on a live list, wherein in at least one of the first, second, and third sets of responsive computer devices are to be added to the live list upon removal from the scan list.
-
Specification