Skip to main content

Advertisement

Springer Nature Link
Log in

NetGlean: A Methodology for Distributed Network Security Scanning

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Network vulnerability analysis tools today do not provide a complete security awareness solution. Currently, network administrators utilize multiple analysis tools in succession or randomly in a patchwork fashion that provides only temporary assurance. This paper introduces NetGlean as a methodology for distributed network security scanning with a holistic approach to network analysis. NetGlean uses new and existing techniques in a continual, autonomous, evolutionary manner to provide powerful real-time and historical views of large and complex networks. This paper introduces the methodology and describes one implementation NetGleanIP, a scanner for IP and converged networks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Jeff Forristal and Greg Shipley, Vulnerability Assessment Scanners, Network Computing, January 8, 2001. http://www.nwc.com/1201/1201f1b1.html.

  2. Fyodor, The Art of Port Scanning, www.insecure.org/nmap/nmap_doc.html, December 2, 2002.

  3. Fyodor, Remote OS Detection via TCP/IP Stack FingerPrinting, http://www.insecure.org, April 10, 1999.

  4. Thomas Ptacek and Timothy Newsham, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, January 1998.

  5. Richard Forno and Kenneth R. van Wyk, Incident Response. O’Reilly & Associates, Inc: August, 2001.

  6. Kapil Sharma, Security Scanners, Linux Gazette, Issue 57. September 2000.

  7. Blackburn Skaggs, Shenoi Manes, Network Vulnerability Analysis, Proceedings of the IEEE 45th Midwest Symposium on Circuits and Systems, Tulsa, OK, August 4–7, 2002.

  8. J. Novotny, A. Meehan, D. Schulte, G. Manes, and S. Shenoi, Evidence Acquisition Tools for Cyber Sex Crimes Investigations, Proceedings of the SPIE Conference on Sensors and C3I Technologies for Homeland Defense and Law Enforcement (Vol. 4708), Orlando, Florida, April 2002.

  9. Farrow, System Fingerprinting With Nmap, Network Magazine, November 5, 2000.

  10. Arkin Ofir and Fyodor Yarochkin, Xprobe v2.0: A ‘Fuzzy’ Approach to Remote Active Operating System Fingerprinting. The Sys-Security Group, August 2002. http://www.sys-security.com.

  11. Valeur Vigna, J. Zhou, and R. A. Kemmerer, Composable Tools For Network Discovery and Security Analysis, http://www.cs.ucsb.edu/~rsg/pub/2002_vigna_valeur_zhou_kemmerer_acsac02.pdf, November 20, 2002.

  12. Arkin Ofir, ICMP Usage in Scanning. The Sys-Security Group, June 2001. http://www.sys-security.com.

  13. Steve Gibson, The Strange Tale of the Denial of Service Attacks Against GRC.COM, Gibson Research Corporation: March 5, 2002.

  14. Tom Harris, How Fingerprint Scanners Work, http://www.howstuffworks.com/fingerprint-scanner.htm, December 2, 2002.

  15. El-Semary, A Framework for Network Intelligence and Security, Ph.D. Disseration, University of Tulsa, 2004.

  16. Coretez Geovanni, Passive Mapping: An Offensive Use of IDS, Endeavor Systems, April 11, 2000.

  17. Dawkins Manes and Shenoi Hale, Identifying & Tracking Attacks on Networks: C3I Displays & Related Technologies, Proceedings of the SPIE Conference on Sensors and C3I Technologies for Homeland Defense and Law Enforcement (Vol. 5071), Orlando, Florida, April 2003.

  18. Nessus Information and Documentation. http://www.nessus.org/.

  19. Nazario Jose, Passive System Fingerprinting using Network Client Applications, Crimelabs Research, January 19, 2001. http://www.crimelabs.net/docs/passive.pdf.

Download references

Author information

Authors and Affiliations

  1. Center for Information Security, Department of Computer Science, University of Tulsa, Keplinger Hall, Tulsa, Oklahoma, 74104, USA

    Gavin W. Manes, Dominic Schulte, Seth Guenther & Sujeet Shenoi

Authors
  1. Gavin W. Manes
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Dominic Schulte
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Seth Guenther
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Sujeet Shenoi
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Gavin W. Manes.

Additional information

Gavin W. Manes is a Research Assistant Professor at the Center for Information Security and the University of Tulsa. His research interests are information assurance, digital forensics, telecommunications security, and critical infrastructure protection.

Dominic Schulte graduate with his Masters of Computer Science from the University of Tulsa in May 2003. Currently he works as an information security professional.

Seth Guenther graduate with his Masters of Computer Science from the University of Tulsa in May 2003. Currently he works as an information security professional.

Sujeet Shenoi is the F.P.Walter Professor of Computer Science at the University of Tulsa, Tulsa, Oklahoma. His research interests are in information assurance, digital forensics, critical infrastructure protection, and intelligent control.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Manes, G.W., Schulte, D., Guenther, S. et al. NetGlean: A Methodology for Distributed Network Security Scanning. J Netw Syst Manage 13, 329–344 (2005). https://doi.org/10.1007/s10922-005-6263-2

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-005-6263-2

Keywords