Method and apparatus for auditing network security

US 7,346,929 B1
Filed: 06/13/2000
Issued: 03/18/2008
Est. Priority Date: 07/29/1999
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus for auditing security of a remote computer system, comprising:

a. a secure application server in communication with a global computer network and programmed to receive selectively security audit instruction data from the remote computer system via the global computer network;

b. a plurality of scanning machines in communication with the global computer network and programmed to execute selectively a security audit scan of the remote computer system via the global computer network, each scanning machine capable of conducting multiple types of security assessments; and

c. a central computer, having a memory, configured as a database server and as a scheduler, in communication with the secure application server and the plurality of scanning machines, programmed to perform operations comprising;

a. evaluating a database to determine if the security audit scan is currently scheduled to be run on one of the scanning machines;

b. determining which of the plurality of scanning machines is available to perform the security audit scan by examining a schedule for each scanning machine to identify certain ones of the scanning machines that are conducting another security audit scan or are scheduled to conduct another security audit scan, the available scanning machines comprising all of the scanning machines except for the certain scanning machines;

c. copying scan-related information into one of the available scanning machines and instructing the scanning machine to begin the security audit scan; and

d. recording the results of the security audit scan in the memory.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an apparatus for auditing security of a computer system, at least one secure application server is in communication with a global computer network. The secure application server is programmed to receive selectively security audit instruction data from a remote computer system via the global computer network. A plurality of scanning machines each are in communication with the global computer network and are programmed to execute selectively a security audit scan of the remote computer system via the global computer network. A central computer, having a memory, is configured as a database server and as a scheduler. The central computer is in communication with the secure application server and the scanning machine. The central computer is programmed to perform the following operations: evaluate a database to determine if a security audit scan is currently scheduled to be run for a user; determine which of the plurality of scanning machines is available to perform a security audit scan; copy scan-related information into a scanning machine determined to be available and instruct the scanning machine to begin scan; and record the results of the scan in the memory.

62 Citations

View as Search Results

46 Claims

1. An apparatus for auditing security of a remote computer system, comprising:
- a. a secure application server in communication with a global computer network and programmed to receive selectively security audit instruction data from the remote computer system via the global computer network;
  
  b. a plurality of scanning machines in communication with the global computer network and programmed to execute selectively a security audit scan of the remote computer system via the global computer network, each scanning machine capable of conducting multiple types of security assessments; and
  
  c. a central computer, having a memory, configured as a database server and as a scheduler, in communication with the secure application server and the plurality of scanning machines, programmed to perform operations comprising;
  
  a. evaluating a database to determine if the security audit scan is currently scheduled to be run on one of the scanning machines;
  
  b. determining which of the plurality of scanning machines is available to perform the security audit scan by examining a schedule for each scanning machine to identify certain ones of the scanning machines that are conducting another security audit scan or are scheduled to conduct another security audit scan, the available scanning machines comprising all of the scanning machines except for the certain scanning machines;
  
  c. copying scan-related information into one of the available scanning machines and instructing the scanning machine to begin the security audit scan; and
  
  d. recording the results of the security audit scan in the memory.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, wherein the secure application server comprises a Web server.
  - 3. The apparatus of claim 1, wherein the central computer is further programmed to issue a notification the security audit scan is commencing.
  - 4. The apparatus of claim 1, wherein the central computer is further programmed to update the database to indicate that the security audit scan is complete.
  - 5. The apparatus of claim 1, wherein the central computer is further programmed to send a signal representing completion of the security audit scan.
  - 6. The apparatus of claim 1, wherein when the central computer performs the operation in which the central computer records the results of the security audit scan, the central computer also copies the results to the database and copies a report to a file system on a database machine when the security audit scan is complete.

7. A method of auditing security of a remote computer system, comprising the steps of:
- a. receiving an instruction to perform a security audit scan on the remote computer system;
  
  b. determining which of a plurality of scanning machines is available to perform the security audit scan by examining a schedule for each of the scanning machines to identify certain ones of the scanning machines that are conducting another security audit scan or are scheduled to conduct another security audit scan, the available scanning machines comprising all of the scanning machines except for the certain scanning machines, and wherein each of the scanning machines is capable of conducting a plurality of security assessments; and
  
  c. instructing one of the available scanning machines to access the remote computer system via a global computer network to perform the security audit scan of the remote computer system.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 8. The method of claim 7, further comprising the step of recording a result of the security audit scan in a computer memory.
  - 9. The method of claim 7, further comprising the step of receiving at the available scanning machine scan related information for the security audit scan of the remote computer system.
  - 10. The method of claim 9, wherein the scan related information comprises at least one security assessment to be conducted during the security audit scan.
  - 11. The method of claim 9, wherein the scan related information comprises an identity of at least one remote computer system upon which to conduct the security audit scan.
  - 12. The method of claim 7, further comprising the step of sending a message to a user interface that the security audit scan is being conducted.
  - 13. The method of claim 7, wherein the security audit scan comprises a vulnerability assessment.
  - 14. The method of claim 7, wherein the security audit scan comprises a penetration study.
  - 15. The method of claim 7, further comprising the step of recording a result of the security audit scan in a database.
  - 16. The method of claim 15, wherein the result comprises at least one vulnerability of the remote computer system detected by the available scanning machine during the security audit scan.
  - 17. The method of claim 16, wherein the result further comprises a list of at least one security assessment conducted during the security audit scan.
  - 18. The method of claim 7, further comprising the step of determining if the available scanning machine is currently conducting the security audit scan on the remote computer system.
  - 19. The method of claim 7, further comprising the step of receiving from the available scanning machine a notification at a central computer that the security audit scan of the remote computer system is complete.
  - 20. The method of claim 19, further comprising the step of reporting at least one result of the security audit scan to a user interface.
  - 21. The method of claim 20, wherein the at least one result of the security audit scan is reported in response to receiving the notification at the central computer that the security audit scan is complete.

22. A method of auditing computer system security, comprising the steps of:
- a. receiving a schedule request for a security audit scan of a remote computer system, wherein the security audit scan of the remote computer system is scheduled to be conducted after the schedule request is received;
  
  b. recording the scheduled security audit scan in a database;
  
  c. accessing the database to determine when the scheduled security audit scan of the remote computer system is to be executed;
  
  d. in response to a determination that the scheduled security audit scan of the remote computer system is to be executed in a predetermined period of time performing the following steps;
  
  i. determining which of a plurality of scanning machines is available to perform the scheduled security audit scan by examining a schedule for each of the scanning machines to identify ones of the scanning machines that are conducting another security audit scan or are scheduled to conduct another security audit scan;
  
  ii. copying security audit scan data into a scanning system;
  
  iii. causing the scanning system to establish communication with the remote computer system via a global computer network; and
  
  iv. causing the scanning system to execute the scheduled security audit scan of the remote computer system via the global computer network.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 23. The method of claim 22, further comprising the step of transmitting a message to a user interface that indicates a result of the scheduled security audit scan.
  - 24. The method of claim 22, further comprising the step of storing a result of the scheduled security audit scan of the remote computer system in the database.
  - 25. The method of claim 24, wherein the result is used for a statistical analysis of security on the remote computer system.
  - 26. The method of claim 22, further comprising the step of determining which of a plurality of scanning systems is available to perform the scheduled security audit scan by examining a schedule of each of the scanning systems to identify certain ones of the scanning systems that are conducting another security audit scan or are scheduled to conduct another security audit scan, the available scanning systems comprising all of the scanning systems except for the certain scanning systems.
  - 27. The method of claim 22, further comprising the step of examining the scanning system to determine if the scheduled security audit scan is in the process of being conducted on the remote computer system.
  - 28. The method of claim 22, wherein the security audit scan data comprises at least one security assessment to be conducted during the scheduled security audit scan.
  - 29. The method of claim 22, wherein the security audit scan data comprises an identity of at least one remote computer system upon which to conduct the scheduled security audit scan.
  - 30. The method of claim 22, further comprising the step of sending a message to a user interface prior to the commencement of the scheduled security audit scan.
  - 31. The method of claim 22, further comprising the step of storing a result of the scheduled security audit scan of the remote computer system.
  - 32. The method of claim 31, wherein the result comprises at least one vulnerability of the remote computer system detected by the scanning system during the scheduled security audit scan.
  - 33. The method of claim 32, wherein the result further comprises a list of at least one security assessment conducted during the scheduled security audit scan.
  - 34. The method of claim 22, further comprising the step of determining if a request for an immediate security audit scan of one of a plurality of computer systems has been received in response to a determination that the scheduled security audit scan of the remote computer system will be executed outside of the predetermined period of time.
  - 35. The method of claim 22, further comprising the step of receiving from the scanning system a notification at a central computer that the scheduled security audit scan of the remote computer system is complete.

36. A method of conducting a security audit scan of a remote computer system comprising the steps of:
- a. receiving a request to schedule the security audit scan of the remote computer system;
  
  b. recording a scheduled security audit scan in a database;
  
  c. accessing the database to determine when the scheduled security audit scan of the remote computer system is to be executed; and
  
  d. in response to a determination that the scheduled security audit scan of the remote computer system is to be executed, performing the following steps;
  
  1. determining which of a plurality of scanning machines is available to perform the scheduled security audit scan by examining a schedule for each of the scanning machines to identify certain ones of the scanning machines that are conducting another security audit scan or are scheduled to conduct another security audit scan; and
  
  causing one of the available scanning machines to access the remote computer system and execute the scheduled security audit scan.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 37. The method of claim 36, further comprising the step of receiving at the available scanning machine scan related information from a central computer for the scheduled security audit scan of the remote computer system.
  - 38. The method of claim 37, wherein the scan related information comprises at least one security assessment to be conducted during the scheduled security audit scan.
  - 39. The method of claim 36, further comprising the step of sending a message to a user interface that the scheduled security audit scan is being conducted.
  - 40. The method of claim 36, wherein the scheduled security audit scan comprises a vulnerability assessment.
  - 41. The method of claim 36, further comprising the step of recording a result of the scheduled security audit scan in the database.
  - 42. The method of claim 41, wherein the result comprises at least one vulnerability of the remote computer system detected by the available scanning machine during the scheduled security audit scan.
  - 43. The method of claim 36, further comprising the step of examining the available scanning machine to determine if the scheduled security audit scan is in the process of being conducted on the remote computer system.
  - 44. The method of claim 36, further comprising the step of receiving from the available scanning machine a notification at a central computer that the scheduled security audit scan is complete.
  - 45. The method of claim 36, further comprising the step of reporting at least one result of the scheduled security audit scan to a user interface.
  - 46. The method of claim 45, wherein the at least one result is reported in response to receiving a notification at a central computer that the scheduled security audit scan is complete.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (SoftBank Group Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Hammond, Nicolas J.
Primary Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US09/592,404
Time in Patent Office

2,835 Days
Field of Search

713/201, 713/200, 713/188, 709/224, 705/53, 718/100, 726/25
US Class Current

726/25
CPC Class Codes

G06F 21/552 involving long-term monitor...

H04L 63/1433 Vulnerability analysis

Method and apparatus for auditing network security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

46 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for auditing network security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

46 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others