Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-12-23
2003-06-03
Wright, Norman M. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C709S224000
Reexamination Certificate
active
06574737
ABSTRACT:
The present invention is directed to a method, apparatus, system, article of manufacture, and/or signal for penetrating a computer or computer network, and in particular for finding network vulnerabilities which should be corrected.
BACKGROUND OF THE INVENTION
Computer networks are often vulnerable to unwanted attackers who can find out about, access, and interrupt service. When attempting to make a computer or computer network secure against unauthorized access, it is common to hire someone to perform penetration tests. These persons, sometimes referred to as tiger teams, execute a variety of strategies in an attempt to gain control of systems within the computer or network, to access data, and to determine which parts of the computer or network are vulnerable to attack. They generally begin without any “key” or other access to the network, so they must discover vulnerabilities in much the same way as the unwanted computer hacker.
As an example, an imaginary tiger team may include Joe, Fred, and Mark, each of whom is expert in a specific system with a computer network. For example, Joe is knowledgeable with Windows NT, Fred knows UNIX systems, and Mark is familiar with NetWare. These are some of the common operating systems found in today's computer networks. The team is hired to test a company's network, meaning that they are asked to break into the network and produce a report on their results. They first gather as much information as possible about the network, hopefully learning the type of operating system that each computer in the network uses, which can be most useful. Once these and other systems are identified, each member of the tiger team goes after the type of machine they know best.
Mark may be first to achieve success. By accessing an improperly configured NetWare system, he is able to download its bindery, then crack an ill-chosen password and obtain the login name on the account. He tells Joe and Fred the login name and password to see if they have any luck with it. This is because the same user sometimes uses the same name and password on multiple systems. Sure enough, Joe is able to use the name and password that Mark stole from the NetWare system to access three different UNIX systems. The success and efficiency of the tiger team, however, is low because of the independent nature of each team member's contribution. In other words, only minimal information is shared between the team members, thus resulting in poor penetration tests.
Even automated penetration software such as ISS Group's Internet Security Scanner and Secure Network's Ballista fall short of tiger team effectiveness. These automated tests decrease the labor cost of manual penetration tests, but they execute a variety of probes serially and independently in order to determine what vulnerabilities each computer has. They employ attack strategies at only one “level” of penetration, meaning that if they run a number of penetration strategies, they are all run in series and independently without any strategy benefiting from the success of other strategies.
The need for a better solution for penetration testing is constantly growing relative to the number of businesses using networked computers. Network computing has provided a significant leap forward in the computer industry, and in the possibilities for information flow, but at the same time it has created a tremendous number of security problems.
BRIEF SUMMARY OF THE INVENTION
Accordingly, it is an object of the present invention to exceed the effectiveness of a team of information security experts who conduct network penetration tests, and at a cost which makes frequent tests more practical.
Another object of the present invention is to provide faster penetration by using weaknesses discovered in one system to break into other systems.
Yet another object of the present invention is to provide a more effective penetration test, having higher accuracy. The present invention can rate vulnerabilities more accurately as medium or high risks, instead of low risks, because of its improved ability to invade a computer or network.
The present invention overcomes the inefficiencies of the prior art by offering a package that runs several types of penetration or break-in techniques automatically and in parallel, with the modules feeding their individual results to other modules in order to improve the overall penetration test. This “multi-level” approach is more than simply a parallel processing scheme since it can establish both hierarchies and priorities among the techniques to be run, and it can decide which information to share, thereby improving penetration efficiency and effectiveness.
These and other objects are achieved by providing a computer network penetration test system, comprising a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer, and at least one other of said scan modules requiring an input before performing a network scan operation; a controller for instructing said one scan module to perform a scan of the computer and for producing said input to said one other scan module based on said output.
These and other objects are also achieved by providing a method of performing a penetration test on a computer network, comprising performing a first computer network scan to gather information about a secured network resource in the computer network; performing a second computer network scan to gather information about a second secured network resource in the computer network; and automatically sharing output data from the first computer network scan with the second computer network scan.
These and other objects can also be achieved by providing an article of manufacture bearing a machine readable program for carrying out the steps of scanning a computer network using a plurality of scan modules; and automatically sharing information from at least one of the scan modules to at least one other of the scan modules.
REFERENCES:
patent: 5557742 (1996-09-01), Smaha
patent: 5892903 (1999-04-01), Klaus
patent: 5931946 (1999-08-01), Terada et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6088804 (2000-07-01), Hill et al.
patent: 6154844 (2000-11-01), Touboul et al.
patent: 6185689 (2001-02-01), Todd, Sr. et al.
patent: 6219805 (2001-04-01), Jones et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6353385 (2002-03-01), Molini et al.
patent: 6484203 (2002-11-01), Porras et al.
patent: PCT/US99/09454 (1999-11-01), None
“The Internet Scanner User Guide”, Internet Security Systems, Inc., Version 5.2, pp. 3,4,32,38,43-45,48,56,58,59, 1997.*
Intellitactics, Inc. print out of Internet page “www.intellitactics.com” Last update on Sep. 22, 1999 Printed on Sep. 30, 1999.
The Proverbial Hack Button—Artificial Intelligence Powered Hacking Combined with a Structured Methodology 26thAnnual Computer Security Conference and Exhibition Manual “Shape Your Destiny” Nov. 15-17, 1999 p. 17 col. E7.
ISS Brings Power and Intellegence to Security Assessment With NE Dec. 16, 1998 Atlanta (Business Wire).
SmartScan-Internet Scanner 5.6 Dec. 7, 1998.
“A Software Platform for Testing Intrusion Detection Systems” Puketza N, et al. Database Inspec 'Online Oct. 1997 pp. 46, 48 and 50.
“Product Leaders, Plugging Security Holes, Netect's Netective Simulates Hacker Attacks, Letting Corporate Networks Shore Up Weak Spots” Bruno L. Data Communications, US, McGraw Hill. New York, vol. 27 No. 2 Feb. 1, 1998 pp. 29-30.
“Simulated Attach for Real Network Security” Johnson J T. Data Communications, US, McGraw Hill. New York, vol. 24, No. 16 Nov. 21, 1995, pp. 31-32.
Kingsford Bryan
McQueen Stan
Thrower Woody
Gunnison McKay & Hodgson, L.L.P.
Hodgson Serge J.
Revak Christopher
Symantec Corporation
Wright Norman M.
LandOfFree
System for penetrating computer or computer network does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System for penetrating computer or computer network, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System for penetrating computer or computer network will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3158909