US 9,813,439 B2
Evaluation node for reporting status via a secure link
Aaron M. Hughes, Kingwood, TX (US)
Assigned to Vidoc Razor, LLC, Kingwood, TX (US)
Filed by Vidoc Razor, LLC, Kingwood, TX (US)
Filed on Sep. 11, 2015, as Appl. No. 14/851,164.
Prior Publication US 2017/0078320 A1, Mar. 16, 2017
Int. Cl. G06F 17/30 (2006.01); H04L 29/06 (2006.01)
CPC H04L 63/1433 (2013.01) [H04L 63/029 (2013.01); H04L 63/0236 (2013.01); H04L 63/0272 (2013.01); H04L 63/0428 (2013.01); H04L 63/08 (2013.01)] 10 Claims
OG exemplary drawing
 
9. A computer implemented method for assessing network vulnerability, the computer implemented method comprising:
receiving a sequence of packets at a report generator, the sequence of packets originating from a source address, each containing at least a portion of a predetermined knock;
determining, that at least two data fields of the sequence of packets match the predetermined knock;
in response to the determining, opening a security port to packets from the source address and receiving authentication credentials over a virtual private network tunnel established from the security port to the source address, wherein the authentication credentials are previously determined and shared at the report generator and at an evaluator node present on a network under test at the source address;
receive at least one summary report from the source address over the virtual private network tunnel, wherein the summary report comprises at least a response or an implicit non-response of at least one node on the network under test;
in response to receiving the at least one summary report, generating a first actionable report to include a qualitative description of the at least one node based on the at least one summary report, the qualitative description based on at least one security bulletin, wherein the at least one security bulletin comprises a first criterion to match to a first node responses, wherein generating the first actionable report further comprises storing the at least summary report among a set of summary reports from the source address as a raw assessment, and subsequently, receiving at least one second security bulletin and parsing the raw assessment based on the at least one second security bulletin to obtain a second actionable report that differs from the first actionable report;
receiving a packet from the source address, the packet indicating the virtual private network tunnel is complete, and in response, removing the authentication credentials from a list of valid authentication credentials
subsequent to receiving the least one summary report, receiving a second security bulletin, the second at least one security bulletin comprises a second criterion to match to a second node response, wherein the second node response is not described in the at least one security bulletin, and a second qualitative description corresponding to the second node response;
determining that the at least one summary report matches the second security bulletin; and
in response to determining that the at least one summary report matches the second security bulletin, transmitting an actionable report that indicates that a node referenced in the at least one summary report exhibits the second node response not described in the at least one security bulletin.