1. Technical Field
The present invention relates generally to client-server computing over the Internet and more particularly to a method to validate approval for a security or diagnostic scan of a target server before the scan takes place.
2. Description of the Related Art
It is commonplace today for computer users to connect their machines to other computers, known as xe2x80x9cservers,xe2x80x9d throughout a network. The network may be a private network, such as a corporate intranet of networked computers that is accessible only to computer users within that corporation, or it may be a public network, such as the Internet. The Internet is a vast collection of computing resources, interconnected as a network, from sites around the world. The World Wide Web (the xe2x80x9cWebxe2x80x9d) is the Internet""s multimedia information retrieval system, which is that portion of the Internet that uses the Hypertext Transfer Protocol (xe2x80x9cHTTPxe2x80x9d) as a protocol for exchanging messages. HTTP is an application protocol providing users access to files (e.g., text, graphics, images, sound, video, etc.) using a standard page description language known as Hypertext Markup Language (HTML). HTML provides basic document formatting and allows the developer to specify xe2x80x9clinksxe2x80x9d to other servers and files. In the Internet paradigm, a network path to a server is identified by a so-called Uniform Resource Locator (URL) having a special syntax for defining a network connection. Use of an HTML-compatible browser (e.g., Netscape Navigator or Microsoft Internet Explorer) at a client machine involves specification of a link via the URL. In response, the client makes a request to the server identified in the link and, in return, receives in return a document or other object formatted according to HTML.
A given collection of files located at a Web server is sometimes referred to as a Web site. Site operators often desire to monitor the quality-of-service they provide to users, for example, to address and rectify service problems. Moreover, it is also known in the art to implement Web site diagnostic services whereby a given target server is xe2x80x9cscannedxe2x80x9d or analyzed to evaluate some given metric. Thus, for example, it may be desired to scan a given server for security vulnerability. A security scan thus might evaluate the server""s configuration and identify the various software programs (and their version numbers) supported on the platform. If the security of the server is vulnerable based on some given exposure level criteria, an appropriate report may be generated so that corrective action (e.g., upgrade to a newer software version for a given program) may be taken.
A site operator may also desire to scan its server for reasons or evaluating performance, capacity or other operations. Such a scan may identify any number or type of metric, such as broken links, HTML syntax errors, aggregate file size, number of files, response times, browser incompatibility, and the like.
While security scans may have a valid purpose, they may also be used maliciously. A scan may be used to collect information (e.g., software versions) about the server that might later be helpful in allowing an interloper to bypass system safeguards. Thus, a scan may be used to find a deficiency in the server""s security that may be later exploited in a full scale attack directed at the weakness. More likely, a given security scan may be designed to simply make the server so busy that it cannot otherwise service normal requests. Such xe2x80x9cdenial of servicexe2x80x9d attacks succeed by diminishing the server""s ability to perform its required processing.
Thus, as with many technologies, network scanning tools hold the potential for misuse. A tool that is intended to aid an administrator in securing the Web site may, in the hands of an unscrupulous hacker, be used to find potential weaknesses in security to be later exploited. Purveyors of network scanning tools thus have a significant interest in preventing misuse of such tools so that only authorized scanning of Web sites is allowed.
It is known in the prior art to provide a scanning tool with a license key that allows the tool to be used on only certain IP addresses. While this technique prevents misuse, it is not particularly flexible in that it requires hardcoding of the addresses in the license key. Other proposed methods involve obtaining permission from a third party, usually a vendor of the scanning product, before scanning of a site can take place.
There remains a need to provide a flexible validation method to assure that only authorized scans take place from a given Web site. The present invention addresses this need.
A scanning tool executing on a host computer may be used to scan a server only if the server (or a proxy) first exposes to the host a certificate that, upon processing by the host, indicates that the server may be scanned (and under what conditions). The certificate preferably encrypts a scan permission and is made available from a given port on the server (or the proxy). The identity of the given port may vary. Whenever the host desires to perform a scan of the server, the host searches the port for the certificate. The certificate is then decrypted to determine whether the scan permission exists. If so, the scan then proceeds, preferably in accordance with any conditions set forth in the decrypted scan permission. Thus, according to the invention, the target server must give the host permission to scan in the first instance.
The scan permission typically includes access information that must be used by the host to effect the scan. Otherwise, the nature and scope of the scan permission may be quite variable. The target server may only authorize a given scan at a particular time, or with respect to a particular system, subsystem, resource or program. The scan permission may only be valid over a given time period.
The target server may authorize a trusted third party to act as a proxy to issue the certificate. A trusted third party, for example, is a certifying authority that acts as a broker of certificates on behalf of target servers.
In summary, a primary object of this invention is to control the manner by which a given server scan may be authorized and carried out.
A particular object is to place the ability to grant access to a target server, as well as the time of any such access, in the direct control of the target server administrator.
Yet another related object is to afford a simple method for validating the legitimacy of a security scan or other access request with respect to a target machine operating in an open computer network.
The foregoing has outlined some of the more pertinent objects and features of the present invention. These objects should be construed to be merely illustrative of some of the more prominent features and applications of the invention. Many other beneficial results can be attained by applying the disclosed invention in a different manner or modifying the invention as will be described. Accordingly, other objects and a fuller understanding of the invention may be had by referring to the following Detailed Description of the Preferred Embodiment.