Network security 101

The National Vulnerability Database (NVD) ' a program of the National Institute of Standards and Technology ' contains a wealth of data on vulnerabilities, including flaws in software, misconfigurations, impact metrics and security checklists. What's more, the database is updated hourly.

The NVD has so much data that it can be difficult for many departments and agencies to know how to make the best use of it. That's why NIST researchers are developing a proactive tool that IT employees can use to check the status of their own networks.

'We analyze all of the paths that system attackers could penetrate through a network and assign a risk to each component of the system,' said NIST researcher Anoop Singhal.

Singhal said the tool being developed analyzes all of the components of a network ' including firewalls, servers, clients and software. NIST researchers evaluate each route into and through a network and assign it a risk based on how challenging it is to a hacker. The risk is assigned by referring to the NVD database.

The downside is there is no actual product yet. Although researchers have applied for a patent on the analytical procedure, Singhal said the team does not yet have a target date for delivering a tool that could be used by information technology employees.

About the Author

Patrick Marshall is a freelance technology writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected