Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2008-01-29
2008-01-29
Zand, Kambiz (Department: 2134)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S023000, C726S024000
Reexamination Certificate
active
10043654
ABSTRACT:
To answer the security needs of the market, a preferred embodiment was developed. A preferred embodiment provides real-time network security vulnerability assessment tests, possibly complete with recommended security solutions. External vulnerability assessment tests can emulate hacker methodology in a safe way and enable study of a network for security openings, thereby gaining a true view of risk level without affecting customer operations. Because this assessment can be performed over the Internet, both domestic and worldwide corporations benefit. A preferred embodiment's physical subsystems combine to form a scalable holistic system that can be able to conduct tests for thousands of customers any place in the world. The security skills of experts can be embedded into a preferred embodiment systems and automated the test process to enable the security vulnerability test to be conducted on a continuous basis for multiple customers at the same time. A preferred embodiment can reduce the work time required for security practices of companies from three weeks to less than a day, as well as significantly increase their capacity. Component subsystems typically include a Database, Command Engine, Gateway, multiple Testers, Report Generator, and an RMCT.
REFERENCES:
patent: 5850386 (1998-12-01), Anderson et al.
patent: 5892903 (1999-04-01), Klaus
patent: 6006016 (1999-12-01), Faigon et al.
patent: 6088804 (2000-07-01), Hill et al.
patent: 6185689 (2001-02-01), Todd, Sr. et al.
patent: 6226372 (2001-05-01), Beebe et al.
patent: 6253337 (2001-06-01), Maloney et al.
patent: 6269330 (2001-07-01), Cidon et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6292822 (2001-09-01), Hardwick
patent: 6298445 (2001-10-01), Shostack et al.
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6324656 (2001-11-01), Gleichauf et al.
patent: 6484315 (2002-11-01), Ziese
patent: 6574737 (2003-06-01), Kingsford et al.
patent: 6766458 (2004-07-01), Harris et al.
patent: 6782527 (2004-08-01), Kouznetsov et al.
patent: 2001/0034847 (2001-10-01), Gaul, Jr.
patent: 2002/0026591 (2002-02-01), Hartley et al.
Srinivasan, “Binding Protocols for the ONC RPC Version 2,” Network Working Group RFC 1833, Aug. 1995, pp. 1-3.
Ptacek et al., “Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection”, http://www.insecure.org/stf/secnet—ids/secnet—ids.html., Secure Network Inc., Jan. 1998.
Li et al., Proceedings of 2000 Internal Parallel and Distributed Processing Symposium (IPDPS'00), May 2000, pp. 431-438. http://www.cs.wm.edu/hpcs/WWW/HTML/publications/abs00-2.html.
Zhang et al., “Modeling and characterizing Parallel Computing Performance on Heterogeneous Networks of Workstations”, Proceedings of 7th IEEE Symposium on Parallel and Distributed Processing (SPDP'95), Oct. 1995.
Mache, “Parallel I/O and Communication -Sensitive Scheduling on High Performance Parallel Computers”, Ph.D. thesis., Jan. 6, 1999. http:/www.lclark.edu/˜jmache/diss.html.
http://web.archive.org/web/19990117014320/http://java.sun.com/products/jdbc/overview.html, 1999.
Falsafi et al., “Cost/Performance of a Parallel Computer Simulator”, Computer Science Department, University of Wisconsin Madison, pp. 173-182, 1994, Workshop on Parallel Computer Simulator.
Polk, “Automated Tools for Testing Computer Systems Vulnerability”, http://www.nsi.org/Library/Compsec/CSECTOOL.TXT, 1993.
Gillmor, S., “Qualys is Proactive about Network Security,” InfoWorld Daily News, Sep. 10, 2002 [online], [retrieved on Sep. 11, 2002]. Retrieved from Lexis Nexis (TM). Accession No. 711:0:64193595.
Internet Scanner, User Guide, Version 6.1; Jan. 2001; 177 pages.
Internet Security Systems, System Scanner; 2 pages, 2004.
Internet Security Systems, “Network and Host-based Vulnerability Assessment”; www.archive.org/web/20010207011324; Feb. 7, 2001; 10 pages.
FOLDOC, Free On-Line Dictionary of Computing; Application Program Interface; http://foldoc.linuxguruz.org; Dec. 8, 2004; 2 pages.
Gula, Ron, “Dedicated and Distributed Vulnerability Management”; Tenable Network Security; www.tenablesecurity.com; Dec. 2002 (updated Jun. 2003); 10 pages.
Humphries, Jeffrey W., “Secure Mobile Agents for Network Vulnerability Scanning”; 2000 IEEE; pp. 19-25.
The Nessus Project; Demonstration: The First Step; web.archive.org/web/20001217161000; Dec. 8, 2004; 45 pages.
Polk, W. Timothy; “Automated Tools for Testing Computer Systems Vulnerability”; nsi.org/Library/Compsec/CSECTOOL.TXT; Dec. 2, 2004; 24 pages.
Rezabek, John, “The Anatomy of a Web Attack”; Internet Security Systems; web.archive.org/web20010202212700; 28 pages, 2001.
SANS Institute 2002, “Distributed scan model for Enterprise-Wide Network Vulnerability Assessment”; As part of the Information Security Reading Room; 8 pages, 2002.
Barnett, “NOOSE-Networked Object-Oriented Security Examiner”; 2000 LISA XIV, Dec. 3-8, 2000, New Orleans, LA; pp. 369-378.
Business Wire; SecureLogix Makes Complete Network Security a Reality, www.businesswire.com/webbox/bw.080999/192210202.htm; Dec. 2, 2004; 2 pages.
SATAN Reference (Security Administrator Tool for Analyzing Networks); web.archive.org/web/20010218052520; Dec. 6, 2004; 27 pages.
SATAN Control Panel (Security Administrator Tool for Analyzing Networks); www.fish.com/satan/demo; Dec. 6, 2004; 7 pages.
Source Force: Rnmap home; web.archive.org/web/20010201055400; Dec. 8, 2004; 2 pages.
Stewart, Andrew J., “Distributed Metastasis: A Computer Network Penetration Methodology”; www.packetfactory.net; Aug. 12, 1999; 11 pages.
Shuja, Faiz Ahmad, “Distributed Vulnerability Assessment with Nessus”; GSEC Practical Assignment; SANS Institute 2004; Oct. 2003; 25 pages.
WINS Server; web.archive.org/web/19991013120451; Dec. 8, 2004; 3 pages.
Sygate Technologies Portscan FAQ; web.archive.org/web/20010204065400; Dec. 6, 2004; 3 pages.
Norton AntiVirus Corporate Edition, Implementation Guide; Documentation version 7.5; 40 pages, 1999.
Bunker Eva Elizabeth
Bunker, V Nelson Waldo
Laizerovich David
Van Schuyver Joey Don
Achilles Guard Inc.
Howison & Arnott , L.L.P.
Tran Tongoc
Zand Kambiz
LandOfFree
Network security testing does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network security testing, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network security testing will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3945110