System and method for performing remote security assessment of firewalled computer

US 9,432,392 B2
Filed: 12/29/2014
Issued: 08/30/2016
Est. Priority Date: 08/15/2008
Status: Active Grant

First Claim

Patent Images

1. A method for remotely conducting a scan on a network resource, the method comprising:

providing a scanner engine in communication with a communication network;

providing a network resource in communication with the communication network, the network resource being protected by a firewall;

establishing a network connection between the scanner engine and the network resource, the network connection being configured to provide a tunnel for bi-directional communication between the scanner engine and the network resource, wherein the communication via the tunnel is independent of the port status of the firewall;

delivering client artifacts from the scanner engine to the network resource through the bi-directional tunnel;

receiving results data from the network resource at the scanner engine via the bi-directional tunnel, the results data based upon determinations related to the existence of software components; and

analyzing the results data to assess a current posture of the-network resource, the current posture being assessed in part based upon the determinations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.

20 Citations

View as Search Results

20 Claims

1. A method for remotely conducting a scan on a network resource, the method comprising:
- providing a scanner engine in communication with a communication network;
  
  providing a network resource in communication with the communication network, the network resource being protected by a firewall;
  
  establishing a network connection between the scanner engine and the network resource, the network connection being configured to provide a tunnel for bi-directional communication between the scanner engine and the network resource, wherein the communication via the tunnel is independent of the port status of the firewall;
  
  delivering client artifacts from the scanner engine to the network resource through the bi-directional tunnel;
  
  receiving results data from the network resource at the scanner engine via the bi-directional tunnel, the results data based upon determinations related to the existence of software components; and
  
  analyzing the results data to assess a current posture of the-network resource, the current posture being assessed in part based upon the determinations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method according to claim 1, further comprising providing an assessment runtime supervisor operable to establish the bi-directional tunnel between the scanner engine and the network resource and to set up an assessment environment between the scanner engine and the network resource.
  - 3. A method according to claim 1, wherein the client artifacts are delivered in response to indications that are adapted to conform with a network protocol supported by the network resource.
  - 4. A method according to claim 1, wherein an operating system executed by the scanner engine differs from an operating system of the network resource.
  - 5. A method according to claim 1, wherein the client artifacts-comprise information indicative of the current operating system executed by-the network resource.
  - 6. A method according to claim 5, wherein the information is indicative of system configuration information, system services information, or file system information.
  - 7. A method according to claim 1, wherein assessing a current posture of the network resource comprises determining a current security vulnerability posture of the network resource.
  - 8. A method according to claim 1, wherein the client artifacts are delivered via a component operable on the network resource operating system.

9. A system for remotely conducting a scan on a network resource, the system comprising:
- at least one processor; and
  
  ,at least one storage device storing a set of computer executable instructions formed into each of a plurality of components, each component comprising;
  
  a connection process for establishing a network connection between a scanner process and a network resource across a communication network, the network connection being configured to provide a tunnel for bi-directional communication independent of authorized access between the scanner engine and the network resource;
  
  a loading process for loading a plurality of assessment rules for use by the scanner process; and
  
  ,a delivery process for delivering client artifacts from the scanner process to the network resource via the bi-directional tunnel, the delivery process based in part upon function calls originating at a standard assessment library that is accessible by the scanner process.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. A system according to claim 9, each component further comprising:
    - an assessment runtime supervisor process operable to establish the bi-directional tunnel between the scanner process and the target device network resource and to setup an assessment environment between the scanner process and the network resource;
      
      a receiving process for receiving results data from the network resource based upon the delivered client artifacts, the results data being received via the tunnel;
      
      a passing process for passing the results data to the standard assessment library; and
      
      ,a rules analysis process for analyzing the results data according to the plurality of assessment rules at the standard assessment library to assess a current posture of the network resource.
  - 11. A system according to claim 9, wherein the function calls originated at the standard assessment library are adapted to conform with a network protocol supported by the network resource.
  - 12. A system according to claim 9, wherein an operating system of the scanner process differs from an operating system of the network resource.
  - 13. A system according to claim 9, wherein the delivered client artifacts are based upon current operating system information of the network resource.
  - 14. A system according to claim 13, wherein the operating system information includes system configuration information, system services information, or file system information.
  - 15. A system according to claim 10, wherein assessing a current posture of the network resource comprises determining a current security vulnerability posture of the network resource.
  - 16. A system according to claim 9, wherein the standard assessment library is operable on the network resource operating system.
  - 17. A system according to claim 9, wherein an assessment runtime supervisor process controls the operation of the scanner process.

18. A method for initiating a scan directed to a network resource, the method comprising:
- providing a scanner engine in communication with a communication network;
  
  providing, in the scanner engine, a first end of a network connection, wherein the first end is configured to establish a tunnel for bi-directional communication to a network resource after providing the network connection to the network resource, wherein communication via a first end of the tunnel is configured for requesting client artifacts from the network resource independent of authorized access between the scanner engine and the network resource;
  
  loading a plurality of assessment rules by a standard assessment library into a memory location on the scanner engine;
  
  adapting function calls to conform with indications received by the scanner engine via a remote scan using the bi-directional tunnel, the indications related to a protocol specific to a network resource, wherein the function calls originate at the standard assessment library;
  
  receiving the artifacts at the scanner engine via the bi-directional tunnel;
  
  passing the artifacts to the standard assessment library; and
  
  ,analyzing the artifacts in accordance with the plurality of assessment rules at the standard assessment library to assess a current security posture.
- View Dependent Claims (19, 20)
- - 19. A method according to claim 18, further comprising providing an assessment runtime supervisor operable to establish the bi-directional tunnel between the scanner engine and the network resource and to setup an assessment environment between the scanner computer and the network resource.
  - 20. A method according to claim 19, wherein the scanner engine implements a first operating system, wherein the first operating system being executed by the scanner-engine differs from an operating system executed by the network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualys Incorporated
Original Assignee
Qualys Incorporated
Inventors
Ali-Ahmad, Wissam, Kandek, Wolfgang, Kruse, Holger, Dewan, Vikas, Mazboudi, Khair-ed-dine, Jampani, Ganesh, Okumura, Kenneth K.
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US14/584,876
Publication Number

US 20150281269A1
Time in Patent Office

610 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2119   Authenticating web pages, e...

G06F 3/048   Interaction techniques base...

H04L 63/0281   Proxies

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

System and method for performing remote security assessment of firewalled computer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for performing remote security assessment of firewalled computer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links