System and method for network vulnerability detection and reporting

US 8,621,073 B2
Filed: 02/15/2012
Issued: 12/31/2013
Est. Priority Date: 01/15/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

identifying a set of active computer devices on a network;

assessing each computer device in the set against a first vulnerability in a plurality of known vulnerabilities, wherein each vulnerability in the plurality of known vulnerabilities has a corresponding vulnerability script adapted to perform an automated assessment of a computer device against the respective vulnerability, and assessing each computer device against the first vulnerability includes executing a first vulnerability script;

storing, in memory, results of the assessments of each computer device in the set against the first vulnerability as returned from the executed first vulnerability script; and

providing at least a portion of the results for use by a second vulnerability script in an automated assessment of at least a portion of the computer devices in the set against a second vulnerability included in the plurality of known vulnerabilities, wherein the results identify that the portion of the computer devices include one or more of a set of characteristics capable of being exploited during execution of the second vulnerability script to determine whether the second vulnerability is present on at least the portion of the computer devices in the set.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.

155 Citations

18 Claims

1. A method comprising:
- identifying a set of active computer devices on a network;
  
  assessing each computer device in the set against a first vulnerability in a plurality of known vulnerabilities, wherein each vulnerability in the plurality of known vulnerabilities has a corresponding vulnerability script adapted to perform an automated assessment of a computer device against the respective vulnerability, and assessing each computer device against the first vulnerability includes executing a first vulnerability script;
  
  storing, in memory, results of the assessments of each computer device in the set against the first vulnerability as returned from the executed first vulnerability script; and
  
  providing at least a portion of the results for use by a second vulnerability script in an automated assessment of at least a portion of the computer devices in the set against a second vulnerability included in the plurality of known vulnerabilities, wherein the results identify that the portion of the computer devices include one or more of a set of characteristics capable of being exploited during execution of the second vulnerability script to determine whether the second vulnerability is present on at least the portion of the computer devices in the set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein identifying the set of active computer devices includes detecting the set of active computer devices as responsive within a plurality of computer devices on the network.
  - 3. The method of claim 2, wherein identifying the set of active computer devices includes transmitting a set of ICMP packets, a set of TCP packets, and a set of UDP packets to at least a portion of the plurality of computer devices and monitoring responses to the sent packet sets.
  - 4. The method of claim 1, wherein each vulnerability script is a FASL-based script.
  - 5. The method of claim 1, wherein each vulnerability script is adapted to copy itself to a global memory location for access by other vulnerability scripts.
  - 6. The method of claim 1, wherein each computer device in the set is assessed against the first vulnerability in parallel using the first vulnerability script.
  - 7. The method of Claim, 1, wherein the assessment results include identification of failure or success of the first vulnerability script to exploit the first vulnerability.
  - 8. The method of claim 7, wherein exploiting the first vulnerability includes compromising a target computer device using the first vulnerability script.
  - 9. The method of claim 1, wherein the first vulnerability script comprises an instantiation of a vulnerability object class.
  - 10. The method of claim 9, wherein the vulnerability object class includes an identifier attribute identifying a corresponding vulnerability, a machine identifier attribute identifying at least one machine possessing the corresponding vulnerability, an exploited machine identifier attribute identifying machines on which data was discovered allowing the discovery of the corresponding vulnerability, and a vulnerability description attribute describing the corresponding vulnerability.
  - 11. The method of claim 1, wherein the assessment results are stored in a data record associated with the first vulnerability.
  - 12. The method of claim 11, wherein providing at least a portion of the results includes preparing a data record including the portion of the results and adapted to be called by other vulnerability scripts including the second vulnerability script.
  - 13. The method of claim 1, wherein the previously-assessed computer device is included in the portion of the computer devices in the set.
  - 14. The method of claim 1, wherein the assessing each computer device in the set against a first vulnerability includes assessing a first port of each computer device and the assessment results identify at least one other open port on at least one of the assessed computer devices.
  - 15. The method of claim 14, wherein the identification of the at least one other open port is included in the portion of the results and used by the second vulnerability script in the automated assessment of the portion of the computer devices in the set against the second vulnerability.

16. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- identifying a set of active computer devices on a network;
  
  assessing each computer device in the set against a first vulnerability in a plurality of known vulnerabilities, wherein each vulnerability in the plurality of known vulnerabilities has a corresponding vulnerability script adapted to perform an automated assessment of a computer device against the respective vulnerability, and assessing each computer device against the first vulnerability includes executing a first vulnerability script;
  
  storing, in memory, results of the assessments of each computer device in the set against the first vulnerability as returned from the executed first vulnerability script; and
  
  providing at least a portion of the results for use by a second vulnerability script in an automated assessment of at least a portion of the computer devices in the set against a second vulnerability included in the plurality of known vulnerabilities, wherein the results identify that the portion of the computer devices include one or more of a set of characteristics capable of being exploited during execution of the second vulnerability script to determine whether the second vulnerability is present on at least the portion of the computer devices in the set.

17. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a network security engine, adapted when executed by the at least one processor device to;
  
  identify a set of active computer devices on a network;
  
  assess each computer device in the set against a first vulnerability in a plurality of known vulnerabilities, wherein each vulnerability in the plurality of known vulnerabilities has a corresponding vulnerability script adapted to perform an automated assessment of a computer device against the respective vulnerability, and assessing each computer device against the first vulnerability includes executing a first vulnerability script;
  
  store, in memory, results of the assessments of each computer device in the set against the first vulnerability as returned from the executed first vulnerability script; and
  
  provide at least a portion of the results for use by a second vulnerability script in an automated assessment of at least a portion of the computer devices in the set against a second vulnerability included in the plurality of known vulnerabilities, wherein the results identify that the portion of the computer devices include one or more of a set of characteristics capable of being exploited during execution of the second vulnerability script to determine whether the second vulnerability is present on at least the portion of the computer devices in the set.
- View Dependent Claims (18)
- - 18. The system of claim 17, further comprising a scan engine adapted to execute either of the first or second vulnerability script in connection with a vulnerability scan of a particular computer device on the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
McClure, Stuart C., Kurtz, George, Keir, Robin, Beddoe, Marshall A., Morton, Michael J., Prosise, Christopher M., Cole, David M., Abad, Christopher
Primary Examiner(s)
SALL, EL HADJI MALICK

Application Number

US13/397,653
Publication Number

US 20120151596A1
Time in Patent Office

685 Days
Field of Search

709/224, 709/200, 726/23, 726/25
US Class Current

709/224
CPC Class Codes

G02B 2006/12097   Ridge, rib or the like

G02B 2006/12116   Polariser; Birefringent

G02B 6/105   having optical polarisation...

G02B 6/12011   characterised by the arraye...

G02B 6/12023   characterised by means for ...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

System and method for network vulnerability detection and reporting

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for network vulnerability detection and reporting

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links