- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
In this column, I review three important aspects of early warnings in CIRT management: notification of vulnerabilities, notification of threats and notification of incidents.
Vulnerabilities
A computer incident response team (CIRT) relies on operations managers to maintain adequate defenses by maintaining up-to-date system and application software. The subject of patch management is complex and will be discussed in another series, but I can remind readers that there are many resources on which to draw for notification of newfound vulnerabilities. Each network-equipment and system-software vendor generally provides a notification service; many organizations have one of their employees subscribe to these to keep up with the news.
A better approach, less susceptible to interruption, is to set up a special e-mail address for all the subscriptions and to assign one or more people to read that mail every day. If one of the team members is away on assignment or on vacation, be sure that a replacement person takes over the task of scanning the notices to spot anything that is relevant to your network configuration. Instead of forwarding the messages to an individual’s mailbox, all of them can be kept in a separate mailbox accessible to everyone on the team.
There are also many newsletters that summarize vulnerabilities; I particularly like “@RISK: The Consensus Security Alert” from the SANS Institute; you can subscribe at no cost using:
https://portal.sans.org
Finally, regular readers will recall that the Common Vulnerabilities and Exposures (CVE) dictionary ( http://cve.mitre.org/ ) is a superb compendium of standardized names for vulnerabilities and exposures. MITRE writes, “CVE aspires to describe
and name all publicly known facts about computer systems that could allow somebody to violate a reasonable security policy
for that system.”
http://cve.mitre.org/about/terminology.html
MITRE also uses the term “exposure” and defines it as “security-related facts that may not be considered to be vulnerabilities by everyone.” You can download the CVE in various formats or you can use the ICAT Metabase ( http://icat.nist.gov/icat.cfm ) to search the CVE for various subsets of vulnerabilities (e.g., by product, version, type, and so on). At the time of this writing (late June) there were 6,663 vulnerabilities in the CVE. As a side note, of these, 1,383 involved buffer overflows (about one-fifth).
M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.
The Leader in Network Knowledge
Comment