WO2005124572A1 - 脆弱性検査システム - Google Patents
脆弱性検査システム Download PDFInfo
- Publication number
- WO2005124572A1 WO2005124572A1 PCT/JP2005/005994 JP2005005994W WO2005124572A1 WO 2005124572 A1 WO2005124572 A1 WO 2005124572A1 JP 2005005994 W JP2005005994 W JP 2005005994W WO 2005124572 A1 WO2005124572 A1 WO 2005124572A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- computer
- agent
- vulnerability inspection
- scenario
- inspection system
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Definitions
- the present invention relates to a vulnerability inspection system for inspecting a system for vulnerability to an attack via a network, and more particularly to a vulnerability inspection system that can automate the construction of a vulnerability inspection environment and can easily create an agent.
- JP 2002-229945, JP 2002-229946, JP 2002-268985, JP 2002-52 1775, JP 2003-108521, JP 2003-256234, JP JP-A-2004-02479 and JP-A-2004-130314 are referred to as techniques related to a vulnerability inspection system for inspecting a system for vulnerability to an attack via a network.
- FIG. 6 is a block diagram showing an example of a vulnerability inspection system described in JP-A-2002-229945.
- 1 is a management computer system
- 2, 3, 4 and 5 are attacking computer systems that carry out a DDoS (Distr iaded DOS attack) attack
- 6 is an inspection target.
- a well-meaning combination computer system for requesting services such as requests 8 is a communication device such as a communication network router or layer 3 switch, 9 is a firewall unit having a firewall function, and 10 is DNS.
- WWW World Wide Web
- SMTP Simple Mai I Transfer Protocol
- 1, 2, 3, 4 and 5 constitute the inspection computer system 50
- 9, 10, 11 and 12 constitute the computer system under inspection 51, respectively.
- the management computer system 1 is connected to each of the attacking computer systems 2, 3, 4 and 5, and the attacking computer systems 2. 1 "is connected to the communication device 8 of the network.
- the well-intentioned computer system 7 is also connected to the communication device 8.
- the communication device 8 is mutually connected to the DNS server 10, the WWW server 11 and the SMTP server 12 via the firewall unit 9.
- the communication device 8, the firewall unit 9, the DNS server 10, the WWW server 11 and the SMTP server 12 are physically independent of the network shown in "NTO 1" in FIG. It is mutually connected to the measurement computer system 6 by a dedicated network shown in NT 02 ".
- FIG. 7 is an explanatory diagram showing the configuration of the actual DDoS tool.
- FIG. 7 shows an Attatsu power unit for instructing an attack via a network indicated by "ATI 1" and “AT 12", and “HL” in FIG. 11 1 ",” HL 1 2 “and” HL 13 "The handler section that relays the attacks shown in”, “AG 11", “AG 12", “AG 13” and “AG 14" in Fig. 7.
- the agent that executes the attack shown in Fig. 1 has a refurbishment structure.
- the attacker unit shown in “AT11” in Fig. 7 starts the attack, and the handler unit shown in "HL11” in Fig. 7 is activated.
- the attack instruction is relayed, and the agent section shown as “AG11” in FIG. 7 starts attacking the target computer system.
- the attacking computer systems 2 to 5 receiving an attack instruction from the management computer system 1 include a firewall unit 9, a DNS server 10, and a WWW constituting the computer system 51 to be inspected via the communication device 8. Attach DD os attack to server 11 and & ( ⁇ 1 server 12).
- the measurement computer system 6 connected by a dedicated network indicated by “NT 02” in FIG. 6 provides a firewall unit 9, a DNS server 10, It measures the consumption rate of the resources of the WWW server 11 and the SMT P12 (CPU (Central Processing Unit), memory, OS (Operating System), network, etc.).
- SMT P12 Central Processing Unit
- memory Operating System
- OS Operating System
- the behavior of the computer system 51 under inspection is measured while being attacked via a dedicated network as shown by ⁇ NT 02 '' in FIG. Is accurate.
- the behavior is measured by SNMP (Simple Network Management Protocol).
- agent section that runs on the offensive computer system such as "AG11" in Fig. 7, is not standardized, and it takes time to create a new agent.
- An object of the present invention is to provide a vulnerability inspection system which can automate the construction of a vulnerability inspection environment and can easily create an agent.
- the present invention is a.
- the computer that operates based on the control agent acquires information necessary for the scenario and an agent from the server via the network based on the scenario instructed to start, and executes an environment for executing the scenario. Prepare in the computer and prepare for vulnerability inspection, and execute the vulnerability inspection after the preparation is completed. This makes it possible to automate the construction of a vulnerability inspection environment.
- the vulnerability inspection system In the vulnerability inspection system,
- the computer operating based on the control agent
- the agent executed from the server is executed according to the progress of the scenario. This makes it possible to automate the construction of a vulnerability inspection environment.
- each of the computers executes the vulnerability check. This makes it possible to automate the construction of a vulnerability inspection environment.
- Each computer manages the progress of the scenario while synchronizing with a control agent executed by another computer, and executes the agent acquired from the server according to the progress of the scenario. I do. This makes it possible to automate the construction of a vulnerability inspection environment.
- One of the plurality of computers is a bona fide computer that makes a service request to various servers during the vulnerability check. This makes it possible to automate the construction of a vulnerability inspection environment.
- the computer that operates based on the agent Upon receiving the init command, the computer that operates based on the agent acquires the configuration file specified in the scenario from the server via the network and performs initialization. For this reason, the user can relatively easily create an agent, and the extensibility is improved.
- a computer that operates based on the agent executes a process defined in the configuration file when receiving a start command. For this reason, the user can relatively easily create an agent, and the extensibility is improved.
- the vulnerability inspection system In the vulnerability inspection system,
- the computer that operates based on the age: count stops an operation that is being performed when it receives a stop command. For this reason, the user can relatively easily create an agent, and the extensibility is improved.
- the computer operating based on the agent When the computer operating based on the agent receives the post command, the computer stores the result in the server via the network. For this reason, the user can relatively easily create the agent, and the extensibility is improved.
- the content executed by the agent is described in chronological order, or a plurality of steps executed by the agent are collectively described as an execution unit, and the execution unit is described in combination. This makes it possible to automate the construction of an environment for vulnerability inspection.
- Steps for branching, waiting, repeating, or performing a condition determination are described. This makes it possible to automate the construction of a vulnerability inspection environment.
- the vulnerability inspection system of the present invention it is possible to automate the construction of an environment for vulnerability inspection.
- FIG. 1 is a block diagram showing an embodiment of a vulnerability inspection system according to the present invention.
- FIG. 2 is an explanatory diagram explaining the functions that operate in each computer.
- Fig. 3 is a flowchart illustrating the operation of the console at the time of vulnerability inspection.
- FIG. 4 is a flowchart for explaining the operation of each computer at the time of vulnerability inspection.
- FIG. 5 is an explanatory diagram showing an example of a state transition according to an instruction of an agent.
- FIG. 2 is a block diagram showing an example of a vulnerability inspection system described in Japanese Patent Publication No.
- FIG. 7 is an explanatory diagram showing the configuration of an actual DDoS tool.
- FIG. 1 is a block diagram showing an embodiment of a vulnerability inspection system according to the present invention.
- Fig. 1 13 is a scenario in which information and tools such as software, agents, and configuration files necessary for vulnerability inspection are stored
- 14 is a scenario in which the contents and schedule of vulnerability inspection are described.
- a console that is created and stored in a server, 15, 16, 17 and 18 are computers on which a control agent having a minimum communication function is installed in advance
- 100 is an Internet And a general-purpose network such as a LAN (Local Area Network).
- LAN Local Area Network
- the server 13 and the console 14 are interconnected to the network 100, and the computers 15, 16, 17 and 18 are also interconnected to the network 100.
- FIG. 1 is an explanatory diagram explaining the functions that operate in each computer 15 to 18;
- Fig. 3 is a flowchart explaining the operation of the console 14 at the time of vulnerability inspection;
- FIG. 9 is a flowchart illustrating the operation of computers 15 to 18.
- OS operating system
- AG 21 control indicated by “AG 21” in FIG. 2
- Agent is running on the OS.
- control agent causes each of the computers 15 to 18 to perform the role of the computer of the attacking side or the role of the computer of the inspected side (the side to be attacked) based on the description of the scenario. And configure the system The computer on which the control agent operates can execute an arbitrary role.
- step S001 in FIG. 3 the console 14 determines whether an already created scenario or a newly created scenario stored in the server 13 is selected and the start instruction is given. . If it is determined that the scenario start instruction has been given, in step S002 in FIG. 3, the console 14 controls each computer 15 to 18 that operates on each computer 15 to 18 via the network 100. The agent is notified of the scenario for which the start was instructed, specifically, the name or URL (Uniform Resource Locator) of the scenario for which the start was instructed.
- the console 14 controls each computer 15 to 18 that operates on each computer 15 to 18 via the network 100.
- the agent is notified of the scenario for which the start was instructed, specifically, the name or URL (Uniform Resource Locator) of the scenario for which the start was instructed.
- step S101 in FIG. 4 the control agents operating on the respective computers 15 to 18 and, specifically, the respective computers 15 to 18 are notified from the console 14 of the scenario name or URL. It is determined whether or not it has been received. If it is determined that the notification has been received, the control agent downloads and acquires the scenario body from the server 13 via the network based on the notification in step S102 in FIG.
- control agent sends, from the server 13, information and tools such as software, agents, or configuration files necessary for executing the scenario based on the acquired description of the scenario. Download and get.
- the agent obtained from the server 13 is an agent that executes the role of the attacking computer, or executes the role of the inspected (attacked) combi- ter (specifically, resources). (Measures the consumption rate of CPU, memory, OS, network, etc.).
- step S104 in FIG. 4 the control agent builds an environment for executing the scenario in each computer and prepares for vulnerability inspection.
- step S105 in FIG. 4 the control agent notifies the control agent operating on another computer via the network 100 that the preparation for the vulnerability check has been completed. To notify.
- step S106 in FIG. 4 the control agent determines whether or not all control agents have been prepared for vulnerability inspection. If it is determined that the preparation of the vulnerability inspection for all the control agents is completed, the vulnerability inspection is executed according to the description of the scenario in step S107 in FIG.
- control agent manages the progress of the scenario while synchronizing with the control agent running on another computer, and the control agent sends the control agent to the agent in accordance with the progress of the scenario. Execute the processing such as attack.
- step S108 in FIG. 4 the control agent determines whether or not the scenario has been completed. Specifically, the control agent determines whether or not all the descriptions of the scenario have been executed. If it is determined that the scenario has not been completed, the process returns to step S107 in FIG. If it is determined that the scenario has ended, in step S109 of FIG. 4, the control agent Int saves the result to the server 13 via the network 100 as necessary. .
- the control agent causes the computer to be inspected (subject to attack) to execute its role
- the consumption rate of the measured resources is calculated based on the above-mentioned results. Is stored in the server 13 via the network 100.
- the control agent operating on each computer acquires necessary information and agents from the server based on the scenario instructed to start, builds an environment in the computer to execute the scenario, and prepares for vulnerability inspection.
- the control agent operating on each computer acquires necessary information and agents from the server based on the scenario instructed to start, builds an environment in the computer to execute the scenario, and prepares for vulnerability inspection.
- FIG. 1 illustrates one server, one console, and four computers, each of which is connected to a network, the number is, of course, not limited at all.
- control agent causes each computer to execute the role of the computer on the attacking side, or executes the role of the computer on the inspected side (the side receiving the attack) based on the description of the scenario.
- the role of a well-intentioned computer that makes service requests such as http requests to various servers during vulnerability inspection may be performed, or other roles may be performed. I do not care.
- a console 14 is separately provided for creating a scenario and instructing start of the scenario for simplicity of explanation, but the console 14 is provided in one or all of the computers 15 to 18. Functions may be provided.
- each agent has a function of executing various instructions such as "init”, “star”, “sstop”, and "post”.
- the computer operating based on the agent When the computer operating based on the agent receives the " ⁇ ni 'command, the computer downloads the configuration file specified in the scenario from server 13 and obtains it, initializes it, and executes the" star ⁇ ' command. When it is received, it performs the processing specified based on the acquired configuration file.
- the computer operating based on the agent stops the processing being executed when receiving the "stop” command, and sends the result to the server via the network 100 when receiving the "post” command. 1 Save to 3.
- FIG. 5 is an explanatory diagram showing an example of a state transition according to such an agent command.
- step S204 the agent receives the "post" command in the stop state shown in step S204 in FIG. 5
- the data is stored in step S205 in FIG. 5, and the state transits to the data stored state.
- step S202 in FIG. To the initialized state shown in (1).
- the user can relatively easily create the agent and improve the extensibility. I do.
- the content executed by the agent may be simply described in chronological order, or a plurality of steps executed by the age agent may be grouped as an execution unit, and the execution unit may be combined to create a scenario. Of course, you can write it.
- Extensible Markup Language format (XML: extens ible Markup Language) without ⁇ Wa be written in ⁇ .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004-183403 | 2004-06-22 | ||
JP2004183403A JP2006011510A (ja) | 2004-06-22 | 2004-06-22 | 脆弱性検査システム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005124572A1 true WO2005124572A1 (ja) | 2005-12-29 |
Family
ID=35509898
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/005994 WO2005124572A1 (ja) | 2004-06-22 | 2005-03-23 | 脆弱性検査システム |
Country Status (2)
Country | Link |
---|---|
JP (1) | JP2006011510A (ja) |
WO (1) | WO2005124572A1 (ja) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2010271931A (ja) * | 2009-05-21 | 2010-12-02 | Hitachi Ltd | データ処理システム、データ処理方法、およびデータ処理プログラム |
JP6690346B2 (ja) * | 2016-03-25 | 2020-04-28 | 日本電気株式会社 | セキュリティリスク管理システム、サーバ、制御方法、プログラム |
JP7215525B2 (ja) * | 2020-04-08 | 2023-01-31 | 日本電気株式会社 | 端末、制御方法、及びプログラム |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000010806A (ja) * | 1998-06-25 | 2000-01-14 | Hitachi Ltd | 分散プログラム実行方法及び複数コンピュータ立ち上げ方法 |
JP2004021525A (ja) * | 2002-06-14 | 2004-01-22 | Canon Inc | ネットワークサーバへの負荷テストシステム |
JP2004118291A (ja) * | 2002-09-24 | 2004-04-15 | Hitachi Kokusai Electric Inc | ソフトウェア管理システム及び障害管理装置 |
-
2004
- 2004-06-22 JP JP2004183403A patent/JP2006011510A/ja active Pending
-
2005
- 2005-03-23 WO PCT/JP2005/005994 patent/WO2005124572A1/ja active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000010806A (ja) * | 1998-06-25 | 2000-01-14 | Hitachi Ltd | 分散プログラム実行方法及び複数コンピュータ立ち上げ方法 |
JP2004021525A (ja) * | 2002-06-14 | 2004-01-22 | Canon Inc | ネットワークサーバへの負荷テストシステム |
JP2004118291A (ja) * | 2002-09-24 | 2004-04-15 | Hitachi Kokusai Electric Inc | ソフトウェア管理システム及び障害管理装置 |
Also Published As
Publication number | Publication date |
---|---|
JP2006011510A (ja) | 2006-01-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9872205B2 (en) | Method and system for sideband communication architecture for supporting manageability over wireless LAN (WLAN) | |
EP2836954B1 (en) | Opportunistic system scanning | |
CN106844137A (zh) | 服务器的监控方法和装置 | |
US20100057865A1 (en) | Transferable Debug Session in a Team Environment | |
JP2019509681A (ja) | クラウド検証及びテスト自動化 | |
US6804773B1 (en) | System and method for transferring information over a network | |
JP2014506045A (ja) | ネットワーク刺激エンジン | |
KR20060051932A (ko) | 소프트웨어를 실행 동안 업데이트하는 시스템, 방법 및컴퓨터-판독가능 매체 | |
US11061792B2 (en) | Test system for testing a computer of a computer system in a test network | |
CN111181787B (zh) | 一种bmc参数配置方法、装置、设备、介质 | |
US11575689B2 (en) | System, method, and computer program product for dynamically configuring a virtual environment for identifying unwanted data | |
CN107172075B (zh) | 基于网络隔离的通信方法、系统及可读存储介质 | |
US20040221298A1 (en) | Network device drivers using a communication transport | |
US20060109800A1 (en) | Communication management network system and method for managing a communication network | |
WO2005124572A1 (ja) | 脆弱性検査システム | |
JP2009237807A (ja) | 脆弱性診断実施装置および診断スケジュール作成プログラム | |
Hiep et al. | Dynamic policy management system for high availability in a multi-site cloud | |
Rząsa et al. | Improving accuracy of a network model basing on the case study of a distributed system with a mobile application and an API | |
JP2004021525A (ja) | ネットワークサーバへの負荷テストシステム | |
CN116340675A (zh) | 一种基于调试器的网络请求抓包方法及系统 | |
JP2002140242A (ja) | ネットワーク管理装置およびネットワーク管理方法および記憶媒体 | |
JP2004021524A (ja) | ネットワークサーバへの負荷テストシステム | |
JP2003338819A (ja) | ネットワーク管理装置およびネットワーク管理方法および記憶媒体 | |
JP2002229945A (ja) | コンピュータ・システムの脆弱性検査システム | |
Sharma et al. | Remote Monitoring System for Network Management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |