Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-12-31
2001-03-20
Beausoliel, Jr., Robert W. (Department: 2785)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06205552
ABSTRACT:
TECHNICAL FIELD
The present invention relates in general to communications networks and, in particular, to a method and system for checking a list of addresses within a network to verify the types of devices at each address and reporting upon which of those devices may be vulnerable to security breaches by unauthorized parties via the network.
BACKGROUND
A data network transports information among a number of various devices such as computers, display terminals, routers, printers, hubs, and so forth. Each of the devices interconnected by a given network are coupled to the network, usually through an electrical or optical connection. Furthermore, each device uses a uniform communications protocol enabling any device to transmit data to any other device. The Internet Protocol (IP) is a prevalent communications protocol that is used throughout the worldwide Internet and among self-contained corporate and private networks now known as “Intranets”. Each device connected to an IP-compliant network is identified by a unique address or identification means, such as an IP address.
Although IP provides a good way to interconnect diverse types of data equipment, a problem arises as devices bearing confidential information or controlling important functions are connected to a network. Because IP is a standard protocol in such widespread use, devices attached to an IP network are significantly exposed to potential unauthorized access through the Internet and Intranets. Networked devices such as servers usually include authentication features to prevent unauthorized use of the server through the network. Any weakness in a device's security measures are likely to be found eventually and exploited by parties who desire to gain unauthorized access, alter or damage the IP device, or obtain sensitive information.
To assess the exposure of devices interfaced to a network, scanning software is commercially available that can be used to probe the IP interface of a given device and determine if it is vulnerable. Much like virus-detecting software, the IP scanning software is subject to constant updates as new vulnerability mechanisms are discovered. To test for vulnerability, scanning software operates in a processor connected to the communications network and is invoked upon an IP address of the device to be tested. The use of this scanning software is usually licensed by assessing a charge for each instance of checking an individual IP address, regardless of the outcome of the analysis.
Not all devices connected to a network offer services whereby they may be subject to exploitation. Networked input/output devices, such as display terminals and printers, typically do not pose significant security risks. Exposure analysis is more appropriate for devices like host computers (servers or other shareable devices) that offer services such as TELNET, FTP, WWW, SMTP mail, SNMP NetBIOS, and so forth. This means that exposure analysis need only be directed at addresses corresponding to shareable devices, such as servers.
For scanning to be effective, it should be repeated periodically and therefore should be done as quickly and as efficiently as possible. An internal network in a large corporation may have more than one million IP addresses. The scanning process for all of the addresses in such a list can often take days, weeks or even months depending upon the number of scanning devices used. It is costly, time consuming, and wasteful to attempt to check every possible IP address in a given domain of addresses, particularly if only a small proportion of addresses actually correspond to vulnerable devices.
A typical problem occurs when the addresses of the shareable devices are unknown and are within a large domain of IP addresses. Addresses of various devices in a system often change for many reasons. Further, it has proven difficult to accurately track address changes among devices in a network. Merely scanning a previously compiled list of shareable devices is likely to provide inaccurate or incomplete system vulnerability information. Furthermore, such a list may no longer provide accurate information as to the services provided by each shareable device. A scanning operation may be incomplete if only the services previously listed are checked for system vulnerability.
It would thus be desirable to devise a method that could significantly reduce the time and cost involved in scanning for vulnerable devices in an IP network. Further, it would be desirable to scan a given shareable device for only those services provided by that shareable device rather than taking the time to scan for all possible services. Finally, it would be desirable to obtain reports summarizing the results of such scanning in a timely fashion before damage is incurred through any security exposures.
SUMMARY OF THE INVENTION
The present invention achieves a timely and cost effective system vulnerability scanning of shareable devices by first eliminating the unused IP addresses, as well as those corresponding to non-shareable devices, and then using the scanning software only upon those devices at the addresses already identified as being shareable. The scanning can be further restricted to only the services offered by each individual shareable device. Reports may then be generated listing the devices found by IP address along with any vulnerabilities detected.
REFERENCES:
patent: 5109484 (1992-04-01), Hughes et al.
patent: 5551053 (1996-08-01), Nadolski et al.
patent: 5805801 (1998-09-01), Holloway et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5931946 (1999-08-01), Terada et al.
Farmer et al, “The COPS Security Checker System,” Purdue University Technical Report CSD-TR-993, Sep. 1991.*
Farmer et al. “SATAN-Administrator Tool for Analyzing Networks,” HTML documentation files, http://www.cerf-net/satan/docs/, Dec. 1995.*
Guha et al, “Network Security via reverse engineering of TCP code: vulnerability analysis and proposed solutions,” IEEE Network, pp. 40-48, Jul. 1997.*
“Internet scanner user guide,” Version 5.2, pp. 1-150, 1997.
Beausoliel, Jr. Robert W.
MCI Worldcom, Inc.
Revak Christopher
LandOfFree
Method and apparatus for checking security vulnerability of... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for checking security vulnerability of..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for checking security vulnerability of... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2442006