System and method for network vulnerability detection and reporting

US 8,135,823 B2
Filed: 05/14/2007
Issued: 03/13/2012
Est. Priority Date: 01/15/2002
Status: Active Grant

First Claim

Patent Images

1. A method of objectively assessing the security of a network, said method comprising:

assigning a vulnerability risk level to each of a plurality of vulnerabilities found on the network, utilizing a computer;

assigning a vulnerability risk level to each of a plurality of nodes on the network based on vulnerabilities found on each of the plurality of nodes;

assigning an exposure risk level to each exposure found on the network;

providing a security score that is dependent on at least the vulnerability risk levels of the vulnerabilities, the vulnerability risk levels of the nodes, and a number of nodes on the network;

wherein the security score is at least dependent upon V, which is derived from a formula of form V=min (b,(cV_hH_h+dV_mH_m+eV_lH_l)/H_n)), where V is a vulnerability loss, min(. . .) is a standard minimum function, V_his a number of high level vulnerabilities detected, H_h, is a number of hosts on which high level vulnerabilities are detected, V_m, is a number of medium level vulnerabilities detected, H_mis a number of hosts on which medium level vulnerabilities are detected, V_lis a number of low level vulnerabilities detected, H_lis a number of hosts on which low level vulnerabilities are detected, and H_nis a total number of hosts on the network.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.

278 Citations

16 Claims

1. A method of objectively assessing the security of a network, said method comprising:
- assigning a vulnerability risk level to each of a plurality of vulnerabilities found on the network, utilizing a computer;
  
  assigning a vulnerability risk level to each of a plurality of nodes on the network based on vulnerabilities found on each of the plurality of nodes;
  
  assigning an exposure risk level to each exposure found on the network;
  
  providing a security score that is dependent on at least the vulnerability risk levels of the vulnerabilities, the vulnerability risk levels of the nodes, and a number of nodes on the network;
  
  wherein the security score is at least dependent upon V, which is derived from a formula of form V=min (b,(cV_hH_h+dV_mH_m+eV_lH_l)/H_n)), where V is a vulnerability loss, min(. . .) is a standard minimum function, V_his a number of high level vulnerabilities detected, H_h, is a number of hosts on which high level vulnerabilities are detected, V_m, is a number of medium level vulnerabilities detected, H_mis a number of hosts on which medium level vulnerabilities are detected, V_lis a number of low level vulnerabilities detected, H_lis a number of hosts on which low level vulnerabilities are detected, and H_nis a total number of hosts on the network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising the step of assigning an exposure risk level to each of a plurality of exposures found on the network, and wherein the security score is further dependent on the exposure risk levels.
  - 3. The method of claim 2, wherein the security score is based on selected vulnerabilities and exposures that affect internal network security.
  - 4. The method of claim 3, wherein the selected exposures include rogue applications, wireless access points, trojan horses, and backdoors.
  - 5. The method of claim 2, wherein the security score is derived from a formula of form F=a−
    - V−
      
      E, wherein F is the security score, a is a constant, V is the vulnerability loss, and E is an exposure loss.
  - 6. The method of claim 5, wherein E is derived from a formula E=min(f, Σ
    - _(y=1→
      
      H_n₎{gR_y+hW_y+iT_y}), where E is the exposure loss, min( . . . ) is the standard minimum function, Σ
      
      is a summation symbol, R_yis a number of Rogue applications found on a host y, W_yis a number of wireless access points found on the host y, and T_yis a number of trojan horses or backdoors found on the host y.

7. A system, the system comprising:
- a computer;
  
  a network security score calculation module adapted to run computer instructions for calculating a network security score, the network security score being calculated according to defined vulnerabilities and exposures found in a network and defined numerical weights for each defined vulnerability and exposure;
  
  a plurality of network security calculation instruction sets, the plurality of network security calculation instruction sets adapted to define the vulnerabilities and exposures included in the calculation, and to define the numerical weights for each vulnerability and exposure; and
  
  a calculation selection module adapted to allow a computer user to select one of the plurality of network security calculation instruction sets to be run by the network security score calculation module;
  
  wherein the system is operable such that the network security score is at least dependent upon V, which is derived from a formula of form V=min (b,(cV_hH_h+dV_mH_m+eV_lH_l)/H_n)), where V is a vulnerability loss, min(. . .) is a standard minimum function, V_his a number of high level vulnerabilities detected, H_his a number of hosts on which high level vulnerabilities are detected, V_mis a number of medium level vulnerabilities detected, H_mis a number of hosts on which medium level vulnerabilities are detected, V_lis a number of low level vulnerabilities detected, H_lis a number of hosts on which low level vulnerabilities are detected, and H_nis a total number of hosts on the network.
- View Dependent Claims (8)
- - 8. The system of claim 7, wherein the plurality of network security calculation instruction sets includes a first set of network security calculation instruction sets adapted to provide a network security score that focuses on security vulnerabilities and exposures that affect external security of the network and a second set of network security calculation instruction sets adapted to provide a network security score that focuses on security vulnerabilities and exposures that affect internal security of the network.

9. A computer program product embodied on a non-transitory tangible computer readable medium, said computer program product comprising:
- computer code for assigning a vulnerability risk level to each of a plurality of vulnerabilities found on a network;
  
  computer code for assigning a vulnerability risk level to each of a plurality of nodes on the network based on vulnerabilities found on each of the plurality of nodes;
  
  computer code for assigning an exposure risk level to each exposure found on the network; and
  
  computer code for providing a security score that is dependent on at least the vulnerability risk levels of the vulnerabilities, the vulnerability risk levels of the nodes, and a number of nodes on the network;
  
  wherein the computer program product is operable such that the security score is at least dependent upon V, which is derived from a formula of form V=min (b,(cV_hH_h+dV_mH_m+eV_lH_l)/H_n)), where V is a vulnerability loss, min(. . . ) is a standard minimum function, V_his a number of high level vulnerabilities detected, H_his a number of hosts on which high level vulnerabilities are detected, V_mis a number of medium level vulnerabilities detected, H_mis a number of hosts on which medium level vulnerabilities are detected, V_lis a number of low level vulnerabilities detected, H_lis a number of hosts on which low level vulnerabilities are detected, and H_nis a total number of hosts on the network.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computer program product of claim 9, further comprising computer code for assigning an exposure risk level to each of a plurality of exposures found on the network, and wherein the security score is further dependent on the exposure risk levels.
  - 11. The computer program product of claim 10, wherein the security score is based on selected vulnerabilities and exposures that affect internal network security.
  - 12. The computer program product of claim 11, wherein the selected exposures include rogue applications, wireless access points, trojan horses, and backdoors.
  - 13. The computer program product of claim 9, wherein the security score is further dependent upon E, which is derived from a formula E=min(f, Σ
    - _(y=1→
      
      H_n₎{gR_y+hW_y+iT_y}), where E is an exposure loss, min( . . . ) is the standard minimum function, Σ
      
      is a summation symbol, R_yis a number of Rogue applications found on a host y, W_yis a number of wireless access points found on the host y, and T_yis a number of trojan horses or backdoors found on the host y.

14. A method, comprising:
- assigning a vulnerability risk level to each of a plurality of vulnerabilities found on a network;
  
  utilizing a computer;
  
  identifying a number of nodes on the network; and
  
  providing a security score that is dependent on at least one of the vulnerability risk levels and the number of nodes on the network;
  
  wherein the security score is derived from a formula of form F =a−
  
  V−
  
  E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss.

15. A computer program product embodied on a non-transitory tangible computer readable medium, comprising:
- computer code for assigning a vulnerability risk level to each of a plurality of vulnerabilities found on a network;
  
  computer code for identifying a number of nodes on the network; and
  
  computer code for providing a security score that is dependent on at least one of the vulnerability risk levels and the number of nodes on the network;
  
  wherein the computer program product is operable such that the security score is derived from a formula of form F=a−
  
  V−
  
  E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss.

16. A system, comprising:
- a computer for assigning a vulnerability risk level to each of a plurality of vulnerabilities found on a network, utilizing a computer, identifying a number of nodes on the network, and providing a security score that is dependent on at least one of the vulnerability risk levels and the number of nodes on the network;
  
  wherein the system is operable such that the security score is derived from a formula of form F=a−
  
  V−
  
  E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Cole, David M., Hanzlik, Dennis J., Caso, Erik
Primary Examiner(s)
SALAD, ABDULLAHI ELMI

Application Number

US11/748,439
Publication Number

US 20070283441A1
Time in Patent Office

1,765 Days
Field of Search

709224-225, 726 23- 25, 714 47- 48
US Class Current

709/224
CPC Class Codes

G02B 2006/12097   Ridge, rib or the like

G02B 2006/12116   Polariser; Birefringent

G02B 5/3083   Birefringent or phase retar...

G02B 6/105   having optical polarisation...

G02B 6/12011   characterised by the arraye...

G02B 6/12023   characterised by means for ...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/0218   Distributed architectures, ...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

System and method for network vulnerability detection and reporting

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

278 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for network vulnerability detection and reporting

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

278 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links