Penetration Testing of a Networked System

Abstract

Methods and systems for penetration testing of a networked system comprising a set of network-nodes by a penetration testing system (e.g. to enforce first and / or second rules) are disclosed herein. The penetration testing system comprises: (i) reconnaissance agent software module (RASM) installed on multiple nodes (each of which is a RASM-hosting node) of the networked system to be penetration-tested and (ii) a penetration testing software module (PTSM) installed on a remote computing device (RCD). Internal data from each of the RASM-hosting nodes is collected and transmitted to the RCD. Analysis of the internal data collected from multiple RASM-hosting network nodes determines a method for an attacker to compromise the networked system. The first and second rules are defined herein. Alternatively or additionally, one or more of the RASM instances are pre-installed on one or more RASM-hosting nodes before the penetration testing commences.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This patent application claims the benefit of U.S. Provisional Patent Application No. 62 / 451,850 filed on Jan. 30, 2017, which is incorporated herein by reference in its entirety.BACKGROUNDA Discussion of FIGS. 1A-1C, 2-3[0002]There is currently a proliferation of organizational networked systems. Every type of organization, be it a commercial company, a university, a bank, a government agency or a hospital, heavily relies on one or more networks interconnecting multiple computing nodes. Failures of the networked system of an organization or even of only a portion of it might cause a significant damage, up to completely shutting down all operations. Additionally, much of the data of the organization (and for some organizations even all data) exists somewhere on its networked system, including all confidential data comprising its “crown jewels” such as prices, details of customers, purchase orders, employees' salaries, technical formulas, ...

AI Technical Summary

Benefits of technology

The patent describes a method to test the vulnerability of a networked system by either actually hacking it or simulating a hack to avoid exposing the system to risk. The approach involves using software architecture features to minimize the processing load on the system and update threat-databases only on the remote computing device. This pre-installation process makes the testing process simpler and more reliable, and ensures that unexpected side-effects are not introduced during the testing.

Problems solved by technology

Failures of the networked system of an organization or even of only a portion of it might cause a significant damage, up to completely shutting down all operations.

Loss of such data or leaks of such data to outside unauthorized entities might be disastrous for the organization.

Many organizational networks are connected to the Internet at least through one network node, and consequently they are subject to attacks by computer hackers or by hostile adversaries.

Even an organizational network that is not connected to the Internet might be attacked by an employee of the organization.

Quite often the newspapers are reporting incidents in which websites crashed, sensitive data was stolen or service to customers was denied, where the failures were the results of hostile penetration into an organization's networked system.

Thus, many organizations invest a lot of efforts and costs in preventive means designed to protect their networked systems against potential threats.

However, it is difficult to tell how effective such products really are in achieving their stated goals of blocking hostile attacks, and consequently most CISO's (Computer Information Security Officers) will admit (maybe only off the record), that they don't really know how well they can withstand an attack from a given adversary.

Such people are hard to find and therefore many organizations give up establishing their own penetration testing teams and resort to hiring external expert consultants for carrying out that role (or completely give up penetration testing).

But external consultants are expensive and therefore are typically called in only for brief periods separated by long time intervals in which no such testing is done.

This makes the penetration testing ineffective as security vulnerabilities caused by new forms of attacks that appear almost daily are discovered only months after becoming serious threats to the organization.

Additionally, even rich organizations that can afford hiring talented experts for in-house penetration testing teams do not achieve good protection.

Testing for security vulnerabilities of a large networked system containing many types of computers, operating systems, network routers and other devices is both a very complex and a very tedious process.

The process is prone to human errors of missing testing for certain threats or misinterpreting the damages of certain attacks.

Also, because a process of full testing of a large networked system against all threats is quite long, the organization might again end with a too long discovery period after a new threat appears.

This implies that a side-effect of executing an actual attack penetration test might be actually compromising the tested networked system.

While this implementation achieves the goal of avoiding the risk of not compromising the tested networked system, it is highly expensive and also difficult to accurately implement, and therefore rarely used.

While the prior art automated penetration testing systems provide great advantages over manual penetration testing systems, they still do not provide a fully satisfactory solution, as they suffer from some deficiencies, examples of which are explained below.

Prior art automated penetration testing systems face difficulties in their reconnaissance function's ability to collect internal data of network nodes.

Unless the internal node was already compromised by the penetration testing system, it might be difficult or even impossible for it to determine such internal fact.

But a prior art penetration testing system that does not have access to that internal data of the network node might miss the detection of a security vulnerability related to a specific firmware version.

This deficiency is mainly problematic for simulated penetration testing systems, but is also relevant to actual attack penetration testing systems, as even active probing by the penetration testing system may not be enough for obtaining internal data of a network node that was not yet compromised when the attempt to probe is performed from outside of the probed network node.

Another deficiency is relevant only to actual attack penetration testing systems that might actually compromise the tested networked system during the test.

This characteristic of actual attack penetration testing systems is by itself a security vulnerability.

As the testing process might compromise the networked system, there is a risk that the recovery function of the penetration testing system, that is supposed to undo the compromising and make the tested networked system safe again, might fail in fully doing that, and the tested networked system might be left with one or more compromised components without the CISO of the owning organization being aware of it.

Additionally, even if the penetration testing system's recovery function is faultless, the testing still makes the tested networked system vulnerable and exposed to attacks during the test, before the recovery function is activated.

Images