Apparatus and method for network vulnerability detection and compliance assessment

US 20040193918A1
Filed: 03/28/2003
Published: 09/30/2004
Est. Priority Date: 03/28/2003
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus for use as a network security device, comprising:

a network parameter input module;

a first network scanner module having an input in communication with an output of said network parameter input module; and

a reporting module having an input in communication with an output of said first network scanner module.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates generally to an apparatus and method for detecting vulnerabilities in networks. In particular, the present invention may relate to an apparatus and method for detecting network security flaws in a computer network. The types of computer networks which the present invention may aid in protecting include both local area and other private networks, and networks connected to the internet or a similar wide area public network.

205 Citations

63 Claims

1. An apparatus for use as a network security device, comprising:
- a network parameter input module;
  
  a first network scanner module having an input in communication with an output of said network parameter input module; and
  
  a reporting module having an input in communication with an output of said first network scanner module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The apparatus of claim 1, further comprising a second network scanner module having an input in communication with an output of said network parameter input module and having an output in communication with an input of said reporting module.
  - 3. The apparatus of claim 1, wherein said network parameter input module comprises data input by a user.
  - 4. The apparatus of claim 1, wherein said network parameter input module comprises data provided responsive to a questionnaire.
  - 5. The apparatus of claim 1, wherein said network parameter input module comprises an error checking module to assess validity of provided data.
  - 6. The apparatus of claim 1, wherein said network parameter input module comprises a database of network addresses.
  - 7. The apparatus of claim 1, wherein said network parameter input module comprises a database of user names.
  - 8. The apparatus of claim 1, wherein said network parameter input module comprises a parameter settings database.
  - 9. The apparatus of claim 8, wherein said parameter settings database comprises data relating to at least one parameter selected from the group consisting of network addresses, MAC addresses, network blocks, vulnerabilities of interest, tools to be used for vulnerability detection, maximum tolerances, time of day availability for program execution, scan blackout periods, and frequency of operation.
  - 10. The apparatus of claim 1, wherein said first network scanner module comprises a network scanning tool having an input and an output.
  - 11. The apparatus of claim 1, wherein said first network scanner module comprises at least one tool selected from the group a consisting of nslookup, dig, whois, ping, traceroute, rpcinfo, nbtstat, net use, smbclient, nmblookup, nmap, nessus, whisker, nikto, onesixtyone, lantern, pptp_probe, Gbg, Wget, QTIP, DORIAN, Internet Security Systems Scanner, Cybercop Scanner, and Cisco Security Scanner.
  - 12. The apparatus of claim 1, wherein said first network scanner module comprises a module adapted to create a scan list based on data from said network parameter input module.
  - 13. The apparatus of claim 1, wherein said first network scanner module comprises a module adapted to create an inventory of exposed systems on a network.
  - 14. The apparatus of claim 1, wherein said first network scanner module comprises a module adapted to create an inventory of exposed services on a network.
  - 15. The apparatus of claim 1, wherein said first network scanner module comprises a module adapted to analyze results of probing a network.
  - 16. The apparatus of claim 1, wherein said first network scanner module comprises a module adapted to probe a system to make a status determination regarding identifiable vulnerabilities.
  - 17. The apparatus of claim 1, wherein said reporting module comprises a homogenizing module adapted to receive data in one or more formats and present it in a uniform format.
  - 18. The apparatus of claim 1, wherein said reporting module comprises a client environment database.
  - 19. The apparatus of claim 18, wherein said client environment database comprises data corresponding to at least one from the group consisting of scan parameters used in scanning, operating systems, IP registry, vulnerabilities, scan time, last scan date, next scan date, status of network, discovered MAC addresses, scan activity log, exposed systems, exposed services, scanned domain names, scanned IP, discovered IP, and applications used in scanning.
  - 20. The apparatus of claim 1, wherein said network parameter input module is adapted to infer network testing parameters based on a compliance regime input by a user.
  - 21. The apparatus of claim 20, wherein said compliance regime is selected from the group consisting of an industry standard, a corporate regulation, and a governmental regulation.

22. A method for securing a network, comprising:
- inputting data to a scanning module;
  
  a first step of scanning a network with a first tool of said scanning module; and
  
  presenting results from said first step of scanning.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 23. The method of claim 22, further comprising a second step of scanning a network with a second tool of said scanning module.
  - 24. The method of claim 22, wherein said step of inputting data comprises inputting user data.
  - 25. The method of claim 22, wherein said step of inputting data comprises responding to a questionnaire.
  - 26. The method of claim 22, wherein said step of inputting data comprises checking said data for errors.
  - 27. The method of claim 22, wherein said step of inputting data comprises providing a database of network addresses.
  - 28. The method of claim 22, wherein said step of inputting data comprises providing a database of user names.
  - 29. The method of claim 22, wherein said step of inputting data comprises providing a parameter settings database.
  - 30. The method of claim 29, wherein said parameter settings database comprises data relating to at least one or parameter selected from the group consisting of network addresses, MAC addresses, network blocks, vulnerabilities of interest, tools to be used for vulnerability detection, maximum tolerances, time of day availability for program execution, scan blackout periods, and frequency of operation.
  - 31. The method of claim 22, wherein said first tool comprises a network scanning tool having an input and an output.
  - 32. The method of claim 22, wherein said network scanning tool comprises at least one tool selected from the group consisting of nslookup, dig, whois, ping, traceroute, rpcinfo, nbtstat, net use, smbclient, nmblookup, nmap, nessus, whisker, nikto, onesixtyone, lantern, pptp_probe, Gbg, Wget, QTIP, DORIAN, Internet Security Systems Scanner, Cybercop Scanner, and Cisco Security Scanner.
  - 33. The method of claim 22, wherein said first step of scanning comprises creating a scan list based on data from said network parameter input module.
  - 34. The method of claim 22, wherein said first step of scanning comprises creating an inventory of exposed systems on a network.
  - 35. The method of claim 22, wherein said first step of scanning comprises creating an inventory of exposed services on a network.
  - 36. The method of claim 22, wherein said first step of scanning comprises analyzing results of probing a network.
  - 37. The method of claim 22, wherein said first step of scanning comprises probing a system to make a status determination regarding identifiable vulnerabilities.
  - 38. The method of claim 22, wherein said step of presenting results comprises homogenizing data in one or more formats into a uniform format.
  - 39. The method of claim 22, wherein said step of presenting results comprises generating a client environment database.
  - 40. The method of claim 39, wherein said client environment database comprises data corresponding to at least one from the group consisting of scan parameters used in scanning, operating systems, IP registry, vulnerabilities, scan time, last scan date, next scan date, status of network, discovered MAC addresses, scan activity log, exposed systems, exposed services, scanned domain names, scanned IP, discovered IP, and applications used in scanning.
  - 41. The method of claim 22, wherein said step of inputting data comprises inferring network testing parameters based on a compliance regime input by a user.
  - 42. The method of claim 41, wherein said compliance regime is selected from the group consisting of an industry standard, a corporate regulation, and a governmental regulation.

43. A method of assessing compliance of a computer network, comprising:
- generating a first task set comprising a first plurality of instructions;
  
  generating scan tasks for analyzing a computer network;
  
  selecting predetermined ones of the generated scan tasks in accordance with the first plurality of instructions;
  
  generating a second task set comprising the selected scan tasks;
  
  generating at least one task assignment comprising a portion of the second task set;
  
  analyzing the computer network using the at least one task assignment; and
  
  reporting results of analyzing the computer network.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 44. The method of claim 43, wherein generating the first task set comprises:
    - inputting data regarding the computer network; and
      
      generating the first plurality of instructions based on the inputted data.
  - 45. The method of claim 43, wherein the generating the second task set comprises adding at least one additional scan task required to analyze the computer network.
  - 46. The method of claim 45, wherein the at least one additional task comprises an instruction to listen to packets on the computer network.
  - 47. The method of claim 43, wherein generating the second task set comprises prioritizing the selected scan tasks.
  - 48. The method of claim 43, wherein generating the second task set comprises adding at least one task based on the results of analyzing the computer network.
  - 49. The method of claim 43, wherein the analyzing comprises:
    - selecting at least one scanning tool from a tool library; and
      
      applying the selected scanning tool to the computer network.
  - 50. The method of claim 49, wherein the selecting at least one scanning tool comprises simultaneously selecting a plurality of scanning tools.
  - 51. The method of claim 49, wherein the selecting at least one scanning tool comprises sequentially selecting a plurality of scanning tools.
  - 52. The method of claim 43, wherein the analyzing comprises providing at least one scanning tool, wherein the at least one scanning tool is responsive to instructions within the at least one task assignment.
  - 53. The method of claim 52, wherein the analyzing comprises providing a plurality of scanning tools, at least two of the plurality of scanning tools being operable on different operating systems.
  - 54. The method of claim 52, wherein the analyzing further comprises translating instructions within the at least one task assignment into at least one of a language and a format required by the at least one scanning tool.
  - 55. The method of claim 43, wherein the analyzing comprises determining whether the computer network can be analyzed, wherein the computer network is analyzed if it is determined the computer network can be analyzed.
  - 56. The method of claim 43, wherein the reporting comprises generating native output based on the analyzing of the computer network, the native output comprising results of analyzing the computer network.
  - 57. The method of claim 56, wherein the reporting further comprises translating the generated native output into at least one of a common language and a common format.

58. A system for scanning a computer system, comprising:
- a task management module for generating at least one task assignment, the at least one task assignment comprising instructions for scanning at least one computer network; and
  
  at least one scanning module for receiving the at least one task assignment and for scanning the at least one computer network in accordance with the instructions.
- View Dependent Claims (59, 60, 61, 62, 63)
- - 59. The system of claim 58, wherein the at least one scanning module comprise a plurality of scanning modules.
  - 60. The system of claim 58, wherein the at least one scanning module comprises at least one tool for scanning the at least one computer network.
  - 61. The system of claim 60, wherein the at least one scanning module comprises a plurality of scanning modules.
  - 62. The system of claim 58, wherein the at least one task assignment comprises instructions based on data inputted by a user.
  - 63. The system of claim 58, wherein the at least one task assignment comprises instructions based on a result of the scanning by the at least one scanning module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustwave Holdings Incorporated (Singapore Telecommunications Limited)
Original Assignee
Trustwave Holdings Incorporated (Singapore Telecommunications Limited)
Inventors
Green, Kenneth, Prather, Brian, Schetina, Erik, Patanella, Joseph

Application Number

US10/401,040
Publication Number

US 20040193918A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 43/10 Active monitoring, e.g. hea...

H04L 63/1433 Vulnerability analysis

Apparatus and method for network vulnerability detection and compliance assessment

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

205 Citations

63 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and method for network vulnerability detection and compliance assessment

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

205 Citations

63 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others