Abstract: Security vulnerabilities of one or more target hosts are assessed by a remote or local host via a server. The hosts and the server are coupled to the internet and communicate via hypertext pages and email. A user at an arbitrary host on the internet inputs data identifying the user and/or the arbitrary host, and the target host. A network address is obtained for the user and a certification file such as Internic can be checked to determine a network address of the user and confirm that the user is authorized to assess the security vulnerabilities of the target host. A facts file is built on the server by polling the services available at the target host, including inquiries to the various ports of the TCP subsystem, for building a table of services and responses. A security algorithm compares the responses to stored data for identifying likely security vulnerabilities.
Type:
Grant
Filed:
June 24, 1998
Date of Patent:
February 6, 2001
Assignee:
Richard S. Carson & Assoc., Inc.
Inventors:
Robert E. Todd, Sr., Aaron C. Glahe, Adam H. Pendleton