System and method for enabling remote registry service security audits
First Claim
1. A computer system for enabling remote registry service security audits for a plurality of devices in a network having a remote registry service, comprising:
- an active vulnerability scanner device configured to scan the network to detect a vulnerability in the network, wherein the active vulnerability scanner device is configured to;
identify at least one of the plurality of devices in the network that has disabled the remote registry service;
communicate an activation message to the at least one identified device, wherein the activation message enables the remote registry service on the at least one identified device;
interact with the enabled remote registry service on the at least one identified device to obtain registry information; and
communicate a deactivation message to the at least one identified device in response to obtaining the registry information, wherein the deactivation message disables the remote registry service on the at least one identified device.
3 Assignments
0 Petitions
Accused Products
Abstract
The system and method for enabling remote registry service security audits described herein may include scanning a network to construct a model or topology of the network. In particular, the model or topology of the network may include characteristics describing various devices in the network, which may be analyzed to determine whether a remote registry service has been enabled on the devices. For example, the security audits may include performing one or more credentialed policy scans to enable the remote registry service for certain devices that have disabled the remote registry service, auditing the devices in response to enabling the remote registry service, and then disabling the remote registry service on the devices. Thus, the system and method described herein may enable remotely scanning information contained in device registries during a security audit without exposing the device registries to malicious activity.
-
Citations
17 Claims
-
1. A computer system for enabling remote registry service security audits for a plurality of devices in a network having a remote registry service, comprising:
an active vulnerability scanner device configured to scan the network to detect a vulnerability in the network, wherein the active vulnerability scanner device is configured to; identify at least one of the plurality of devices in the network that has disabled the remote registry service; communicate an activation message to the at least one identified device, wherein the activation message enables the remote registry service on the at least one identified device; interact with the enabled remote registry service on the at least one identified device to obtain registry information; and communicate a deactivation message to the at least one identified device in response to obtaining the registry information, wherein the deactivation message disables the remote registry service on the at least one identified device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method of enabling remote registry service security audits for a plurality of devices in a network having a remote registry service, comprising:
-
identifying, by an active vulnerability scanner device configured to scan the network, at least one of the plurality of devices in the network that has disabled the remote registry service; communicating an activation message from the active vulnerability scanner device to the at least one identified device, wherein the activation message enables the remote registry service on the at least one identified device; interacting with the enabled remote registry service on at least one identified device, using the active vulnerability scanner device, to obtain registry information; and communicating a deactivation message from the active vulnerability scanner device to the at least one identified device in response to the active vulnerability scanner device obtaining the registry information, wherein the deactivation message disables the remote registry service on the at least one identified device. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium comprising a memory having instructions stored thereon for enabling remote registry service security audits for a plurality of devices in a network having a remote registry service, which instructions when executed by a processor cause the processor to implement:
an active vulnerability scanner configured to; scan the network to detect a vulnerability in the network; identify at least one of the plurality of devices in the network that has disabled the remote registry service; communicate an activation message to the at least one identified device, wherein the activation message enables the remote registry service on the at least one identified device; interact with the enabled remote registry service on the at least one identified device to obtain registry information; and communicate a deactivation message to the at least one identified device in response to obtaining the registry information, wherein the deactivation message disables the remote registry service on the at least one identified device.
-
17. An active vulnerability scanner device comprising a processor, which when executing instructions stored in a memory of the active vulnerability scanner device, is configured to:
-
scan a network to detect a vulnerability in the network; identify at least one of the plurality of devices in the network that has disabled the remote registry service; communicate an activation message to the at least one identified device, wherein the activation message enables the remote registry service on the at least one identified device; interact with the enabled remote registry service on the at least one identified device to obtain registry information; and communicate a deactivation message to the at least one identified device in response to obtaining the registry information, wherein the deactivation message disables the remote registry service on the at least one identified device.
-
Specification