The assignee for this patent application is
Reporters obtained the following quote from the background information supplied by the inventors: "In many network environments, illegal or unauthorized users may exploit vulnerabilities in the network to gain access, deny access, or otherwise attack systems in the network. As such, to detect and remediate such network vulnerabilities, existing network security systems typically conduct vulnerability analysis in the network through manual inspection or network scans. For example, as discussed in co-pending U.S. patent application Ser. No. 11/016,761, the contents of which are incorporated by reference above, passive and active vulnerability scans may be conducted separately or in combination with one another to identify vulnerabilities in a network. In particular, active vulnerability scanners typically send packets or other messages to various devices in the network that the active vulnerability scanners may be auditing. In many instances, to effectively perform a vulnerability scan, the active vulnerability scanners typically need access to certain information in the audited devices, including a registry that contains settings and configurations associated with operating systems, kernels, device drivers, or other applications that may be running on the audited devices.
"As such, because vulnerability scans typically involve an active vulnerability scanner remotely accessing a device that the active vulnerability scanner may be auditing, the active vulnerability scanner must access the registries for such devices remotely. However, improper or malicious manipulation of the information contained in the registry for any particular device in a network can cause many different problems or other vulnerabilities in the device and the network. Thus, many networks disable services that enable remote access to device registries to protect the devices and the network from undesirable, unauthorized, or malicious activity. Furthermore, many operating systems (e.g., Windows Vista.TM.) have default configurations that automatically disable the services that enable remote access to device registries. For example,
"Accordingly, many existing network systems tend to avoid using services that enable remote access to a device registry due to the security risks that such services can introduce to a network. However, the device registry often contains vital information that may be necessary to perform a complete network audit. For example, as noted above, the device registry can contain information that describes an operating system version, system file locations, or other information that be valuable to identifying vulnerabilities needed to properly and completely audit the network. Therefore, because existing network security systems tend to disable or restrict access to services that can be used to remotely access device registries, existing network security systems often cannot obtain important information from the device registries that may be needed to suitably audit a network. Furthermore, when existing network security systems enable the services provide remote access to the device registries, attackers or other malicious users may exploit the security risks that such services introduce.
"Therefore, a need exists for a network security system that can remotely scan device registries during a network audit without exposing the device registries to malicious activity."
In addition to obtaining background information on this patent application, VerticalNews editors also obtained the inventor's summary information for this patent application: "Accordingly to one aspect of the invention, the system and method for enabling remote registry service security audits described herein may include scanning a network to construct a model or topology of the network. In particular, the model or topology of the network may include characteristics describing various devices in the network, which may be analyzed to determine whether a remote registry service has been enabled on the devices. For example, the security audits may include performing one or more credentialed policy scans to enable the remote registry service for certain devices that have disabled the remote registry service, auditing the devices in response to enabling the remote registry service, and then disabling the remote registry service on the devices. Thus, the system and method described herein may enable remotely scanning information contained in device registries during a security audit without exposing the device registries to malicious activity.
"According to one aspect of the invention, the system and method described herein may include a vulnerability management system that maintains a model of a network, wherein the model of the network may include a plurality of devices discovered in the network that have a remote registry service. Further, an active vulnerability scanner may actively scan the network to detect one or more vulnerabilities in the network. For example, the active vulnerability scanner may identify one or more of the devices discovered in the network that have disabled the remote registry service and then communicate activation messages to the identified devices to enable the remote registry service on the identified devices. The active vulnerability scanner may then interact with the remote registry service enabled on the identified devices to obtain registry information from the identified devices and then communicate deactivation messages to the identified devices in response to obtaining the registry information from the identified devices. As such, the deactivation messages may disable the remote registry service on the identified devices, which may prevent subsequent malicious or unauthorized attempts to manipulate the remote registry service.
"Other objects and advantages of the invention will be apparent to those skilled in the art based on the following drawings and detailed description.
BRIEF DESCRIPTION OF THE DRAWINGS
"FIG. 1 illustrates a schematic diagram of an exemplary prior art system that does not enable remote registry service security audits.
"FIG. 2 illustrates a schematic diagram of an exemplary system for enabling remote registry service security audits, according to one aspect of the invention.
"FIG. 3 illustrates a flowchart of an exemplary method for scanning a network using a passive vulnerability scanner in the system for enabling remote registry service security audits, according to one aspect of the invention.
"FIG. 4 illustrates another schematic diagram of the system for enabling remote registry service security audits, according to one aspect of the invention.
"FIG. 5 illustrates another schematic diagram of the system for enabling remote registry service security audits, according to one aspect of the invention.
"FIGS. 6-7 illustrate exemplary screenshots showing information that the system for enabling remote registry service audits can obtain using a passive vulnerability scanner and an active vulnerability scanner, according to one aspect of the invention.
"FIG. 8 illustrates another schematic diagram of the system for enabling remote registry service security audits, according to one aspect of the invention.
"FIG. 9 illustrates an exemplary method for enabling remote registry service security audits, according to one aspect of the invention."
For more information, see this patent application: Deraison, Renaud. System and Method for Enabling Remote Registry Service Security Audits. Filed
Keywords for this news article include:
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- Obama Administration Releases Proposal to Regulate For-Profit Colleges
- Elizabeth Vargas' Husband Marc Cohn Addresses Rumors
- Keurig Adds Peet's coffee, Alters Starbucks deal
- U.S. to Relinquish Gov't Control Over Internet
- Quiznos Files for Chapter 11
- SoCalGas Reaches Record Spend on Diversity Suppliers
- Koch Brothers Step up Anti-Obamacare Campaign
- U.S. Consumer Sentiment Falls in Early March
- Is Malaysian Airlines Flight 370 in Andaman Sea?
- Vybz Kartel Convicted of Murder