Due to the wide spread adoption of networks, corporate offices and business solutions, there is a need of robust security in the field of network communication, due to which, network security has gained enormous popularity over the last few years. Network communication and e-commerce are introducing new threats to an organization by viruses, trojans, junk mail (SPAM) senders, intruders and the like. Network refers to public network such as the Internet and private network such as Intranet. Network security involves all the activities that an organization undertakes to protect the information or data in terms of integrity, confidentiality, authentication, access controls, etc. Security measures are used to prevent non-trusted external sources, such as Internet users, as well as internal sources that can help in breaching the security of internal network or intranet. For security purpose, organizations devise various network security strategies. Network security strategies include various technical features for identifying threats and choosing the various tools to combat them. For example, the organization can carry out a detailed risk assessment and penetration testing to determine the nature and extent of existing and potential threats in the organization.
A Data Processing Unit (DPU) is a system that can process unprocessed or semi-processed data (information) and can convert the data into a processed format. Examples of the DPU include, but are not limited to, computers, laptops, palmtops, and mobile phones, compiler, a scanner, and an interpreter. The DPU can process data through various means such as decoding, encoding, compiling, and translating.
A secure DPU should only permit authorized users to access data (information) present on it and to carry out legitimate and useful tasks. In other words, the DPU should not be vulnerable. Vulnerability refers to a flaw in the DPU that can allow a hacker or an un-authorized person to transgress at least one of access control, confidentiality, integrity, and audit mechanisms of the DPU or access the data and applications that the DPU hosts. Vulnerability can result from design flaws in the network of DPUs or carelessness of a programmer while designing the network or applications running on the DPUs or by the users (humans) working on the DPUs. Vulnerable DPUs may allow a hacker to access data or misuse an application by using various means such as bypassing access control checks or executing commands on the system hosting the application. Vulnerabilities can assume significant proportions when the program containing the vulnerability operates with special prerogatives or provides easy access to user data or facilities.
One method for protecting a vulnerable DPU is by employing access controls, deploying firewalls, constant vigilance, including careful system maintenance such as applying software patches and careful auditing. Also, there exist other methods to detect vulnerabilities associated with the network of DPUs such as the vulnerability assessment and penetration testing method that involves a human to carry out the penetration testing method. The penetration testing method is a way of detecting vulnerabilities associated with the network by simulating an attack by a hacker and may involve active or passive exploitation of security vulnerabilities. Penetration testing is carried out on the network from the position of a potential hacker and involves an active analysis of the network for any weaknesses, technical flaws, or vulnerabilities. The vulnerabilities that are identified are presented to the user or the network administrator with an assessment of their impact on the network. Thereafter, a solution can be arrived upon to eliminate the vulnerability. Though the security tools or penetration testing and other methodologies can provide an auditor of the network with an overview of possible vulnerabilities present, they can not replace human judgment entirely.
The existing methods determine vulnerabilities associated with one or more DPUs (hosts) in the network and patch them. But, the network can still be compromised when the communication links connecting the Internet, the communication links among the hosts and the communication links between the users of the hosts, are not secure. A hacker can gain access to secure and confidential data flowing via communication links by tapping the communication links and possibly can gain privilege access to the critical hosts. Further, the network can be still be compromised when the users (humans) using the DPUs are not security conscious i.e. they are not fully aware of security standards or do not follow them. For example, a naive or vulnerable user can leak information to a spoof website or provide information to an unauthorized person by mistake or on purpose. Further, in order to compromise a critical DPU or to gain access to critical information present at a DPU, the hacker can compromise other intermediate and possibly non critical resources on the network (such as humans, other DPUs, and communication links). Thereafter, he can gain access to the critical DPU in an indirect manner through the compromised resources. Invariably, these systems involve extensive manual participation in accessing the vulnerabilities of the network.
The existing methods although provide ability to launch exploits automatically on one or more DPUs (hosts) in the network and compromise them but they still need manual intervention in collecting the relevant information and vulnerabilities about the network, then manually plan the attack and then manually launch the attack to get access to DPUs. Hence automated planning of attacks is still missing from existing methodologies.
There is no prior art that describes a non-manual intervened or automatic method, system and computer program product allowing integration of different methods, systems and computer programs, correlating their results, planning the exploitation and performing penetration testing automatically and without any human intervention.
Finally, there is no prior art that describes a non-manual intervened or automatic method, system and computer program product to perform penetration testing for a network of DPUs, inclusive of communication links in the network and users working on the DPUs (hosts).
In light of the foregoing discussion, there is a need to provide a method, system and computer program product to assess all vulnerabilities associated with the network of DPUs inclusive of communication links in the network and users working on the DPUs (hosts) and to perform an automated planning and execution of penetration testing on the network.