Network security 101
- By Patrick Marshall
- Aug 01, 2008
The National Vulnerability Database (NVD) ' a program of the National Institute of Standards and Technology ' contains a wealth of data on vulnerabilities, including flaws in software, misconfigurations, impact metrics and security checklists. What's more, the database is updated hourly.
The NVD has so much data that it can be difficult for many departments and agencies to know how to make the best use of it. That's why NIST researchers are developing a proactive tool that IT employees can use to check the status of their own networks.
'We analyze all of the paths that system attackers could penetrate through a network and assign a risk to each component of the system,' said NIST researcher Anoop Singhal.
Singhal said the tool being developed analyzes all of the components of a network ' including firewalls, servers, clients and software. NIST researchers evaluate each route into and through a network and assign it a risk based on how challenging it is to a hacker. The risk is assigned by referring to the NVD database.
The downside is there is no actual product yet. Although researchers have applied for a patent on the analytical procedure, Singhal said the team does not yet have a target date for delivering a tool that could be used by information technology employees.
Patrick Marshall is a freelance technology writer for GCN.