ACM TechNews
How Secure Is Your Network? NIST Model Knows
National Institute of Standards and Technology (07/22/08)
National Institute of Standards and Technology (NIST) computer scientists
are helping managers safeguard valuable information more efficiently by
applying security metrics to computer network pathways to assign a probable
risk of attack to guide IT managers in securing their networks. "We
analyze all of the paths that system attackers could penetrate through a
network, and assign a risk to each component of the system," says NIST
computer scientist Anoop Singhal. "Decision makers can use our assigned
probabilities to make wise decisions and investments to safeguard their
network." NIST researchers evaluate each route and assign it a risk based
on how challenging it would be for a hacker. The paths are determined
using a technique called attack graphs, which was jointly developed by
Singhal and research colleagues at George Mason University using NIST's
National Vulnerability Database (NVD) to determine risk. The NVD
repository includes a collection of security-related software weaknesses
hackers could exploit. For example, in a simple system composed of a
firewall, a router, a FTP server, and a database server, an attacker would
try to find the simplest path to the database server. Attack graph
analysis would detect three potential attack paths and assign an attack
probability based on the score in the NVD database. Reaching the objective
would require multiple steps, so the probabilities of each component are
multiplied to determine the overall risk. The next step is to expand the
research to handle large-scale enterprise networks.
http://www.nist.gov/public_affairs/techbeat/tb2008_0722.htm#network
© Copyright 2008 Information, Inc. This service may be reproduced for internal distribution.