Network security 101

The National Vulnerability Database (NVD) ' a program of the National Institute of Standards and Technology ' contains a wealth of data on vulnerabilities, including flaws in software, misconfigurations, impact metrics and security checklists. What's more, the database is updated hourly.

The NVD has so much data that it can be difficult for many departments and agencies to know how to make the best use of it. That's why NIST researchers are developing a proactive tool that IT employees can use to check the status of their own networks.

'We analyze all of the paths that system attackers could penetrate through a network and assign a risk to each component of the system,' said NIST researcher Anoop Singhal.

Singhal said the tool being developed analyzes all of the components of a network ' including firewalls, servers, clients and software. NIST researchers evaluate each route into and through a network and assign it a risk based on how challenging it is to a hacker. The risk is assigned by referring to the NVD database.

The downside is there is no actual product yet. Although researchers have applied for a patent on the analytical procedure, Singhal said the team does not yet have a target date for delivering a tool that could be used by information technology employees.

About the Author

Patrick Marshall is a freelance technology writer for GCN.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected