Pre-Grant Publication Number: 20070271363
Please help the USPTO examine the application by evaluating the relevance of the publicly submitted prior art to the patent application.
Peer-to-Patent forwards the Top 10 most relevant prior art submissions and their annotations to the United States Patent and Trademark Office.
Review this prior art and click on the thumbs up (or down) to indicate whether this submission should be forwarded to the USPTO.
If you login then you can add an annotation by typing in the box at the bottom of the screen to comment on the relevance of the prior art to the claims of the patent application.
Review this prior art and click on the thumbs up (or down) to indicate whether this submission should be forwarded to the USPTO.
If you login then you can add an annotation by typing in the box at the bottom of the screen to comment on the relevance of the prior art to the claims of the patent application.
Prior Art Detail
Summary / Description
| Summary / Description | The reference describes a method for vulnerability assessment in a network. The method includes pinging devices to discover devices within the network. Subsequently, port scans are performed on the discovered devices and banners are collected and the information from the collected banners is stored as entries in a first database. An analysis of the entries is performed to determine potential vulnerabilities. The results of the analysis are stored in a second database. Note that the first database and the second database are coupled to the same NVA engine (The NVA engine corresponds to network scanner in ‘363). |
Basic Information
| Type of Prior Art | Issued Patents - US |
| Country | United States of America |
| Patent/Application # | 6324656 |
| Kind Code | United States (US) - United STATES Patent - A |
| Patentee Name | Cisco Technology, Inc. |
| Relevant Pages, Columns, or Lines | |
| URL | |
| Filing Date | November 27, 2001 |
| Additional Information | |
Notes / To Do
| Notes | This reference also has related applications (with same assignee and same inventors) US 6301668 and US 6415321. The description of these related applications also applies to this case '363. |
Excerpt
Excerpt [Col. 2, Lines 6-15]: According to one aspect of the present invention, a method for network vulnerability assessment includes pinging devices on a network to discover devices with a connection to the network. Port scans are then performed on the discovered devices, and banners are collected as a result of the port scans. Information from the collected banners is stored as entries in a first database. Analysis is performed on the entries in the first database by comparing the entries with a rule set to determine potential vulnerabilities. The results of the analysis are then stored in a second database.
[Col. 4, lines 52-59]: NVA engine 20 can further perform active exploits on internal network 10 in order to confirm the potential vulnerabilities identified in datamine database 26. NVA engine 40 is operable to perform a similar vulnerability assessment function as NVA engine 20. However, NVA engine 40 is placed outside of internal network 10 and is external to router 18 and firewall 16.
[Col. 5, lines 29-40]: In operation, NVA engine 20 is operable to perform a network vulnerability assessment of internal network 10. The assessment can include, as discussed with respect to FIG. 1, a discovery phase and data collection phase. By executing such processes, NVA engine 20 can identify the configuration of internal network 10 and uncover the various dimensions within internal network 10. For example, in the embodiment of FIG. 2, NVA engine 20 can identify the device type 70 of each device or system coupled to internal network 10. NVA engine 20 can further identify the operating system 74 of each device and the services 78 available on each device. Such data can be incorporated into port database 22, for example, as entries populating fields of port database 22.
[Col. 5, lines 58-62]: FIGS. 3A and 3B are flow diagrams of one embodiment of a method for network vulnerability assessment according to the present invention. Such a method can be executed, for example, by NVA engine 20 of FIG. 2. At step 90, host discovery is performed. |
Relevance
Claims
1
A system comprising:
a network;
a first network scanner; and
a second network scanner;
wherein the first network scanner, and the second network scanner dynamically scan the network,
wherein a network address discovered by the second network scanner and not discovered by the first network scanner is inserted into a database read by the first network scanner and the second network scanner.
Relevance
The following text indicates that the NVA engine in the reference is similar to the network scanner in claim 1 of '363, as it discovers devices in the network by pinging. In light of the description that an NVA engine 20 can be deployed in the internal network and another NVA engine 40 can be deployed external to router and firewall, it may be obvious to somebody skilled in the art that multiple NVA engines (corresponding to first and second scanners) may be deployed in the internal network.
[Col. 2, Lines 6-15]: According to one aspect of the present invention, a method for network vulnerability assessment includes pinging devices on a network to discover devices with a connection to the network. Port scans are then performed on the discovered devices, and banners are collected as a result of the port scans. Information from the collected banners is stored as entries in a first database. Analysis is performed on the entries in the first database by comparing the entries with a rule set to determine potential vulnerabilities. The results of the analysis are then stored in a second database.
[Col. 4, lines 52-59]: NVA engine 20 can further perform active exploits on internal network 10 in order to confirm the potential vulnerabilities identified in datamine database 26. NVA engine 40 is operable to perform a similar vulnerability assessment function as NVA engine 20. However, NVA engine 40 is placed outside of internal network 10 and is external to router 18 and firewall 16.
The following text indicates that the NVA engine in the reference is similar to the network scanner in claim 1 of '363, as it discovers devices in the network by pinging. In light of the description that an NVA engine 20 can be deployed in the internal network and another NVA engine 40 can be deployed external to router and firewall, it may be obvious to somebody skilled in the art that multiple NVA engines (corresponding to first and second scanners) may be deployed in the internal network.
[Col. 2, Lines 6-15]: According to one aspect of the present invention, a method for network vulnerability assessment includes pinging devices on a network to discover devices with a connection to the network. Port scans are then performed on the discovered devices, and banners are collected as a result of the port scans. Information from the collected banners is stored as entries in a first database. Analysis is performed on the entries in the first database by comparing the entries with a rule set to determine potential vulnerabilities. The results of the analysis are then stored in a second database.
[Col. 4, lines 52-59]: NVA engine 20 can further perform active exploits on internal network 10 in order to confirm the potential vulnerabilities identified in datamine database 26. NVA engine 40 is operable to perform a similar vulnerability assessment function as NVA engine 20. However, NVA engine 40 is placed outside of internal network 10 and is external to router 18 and firewall 16.
Claim Chart
Some
12
The system of Claim 1, wherein the dynamically scanning is performed by using an Internet Control Message Protocol ping.
Relevance
[Col. 2, Lines 6-9]: According to one aspect of the present invention, a method for network vulnerability assessment includes pinging devices on a network to discover devices with a connection to the network.
[Col. 2, Lines 6-9]: According to one aspect of the present invention, a method for network vulnerability assessment includes pinging devices on a network to discover devices with a connection to the network.
Claim Chart
All
