Researchers tout newfangled tool to predict network vulnerabilities

It seems like that for as many network security threats there are , there tends to be an equal number of new methods to stop them.  Today we find a promising new tool from researchers at the National Institute of Standards and Technology (NIST) that uses security metrics and network pathways to predict attack risks that could ultimately help IT folks keep ahead of network security battles. For a moment anyway.

In research announced this week, NIST scientists said they are building a patent-pending tool that generates and analyzes data from attack graphs.  Attack graphs generally show how a hacker or anyone out to do harm to your network would exploit system vulnerabilities.

Network Security

NIST computer scientist Anoop Singhal said his team at George Mason University determines risk by using these attack graphs and NIST's National Vulnerability Database (NVD). This repository includes a collection of security-related software weaknesses that attackers can exploit. NVD data was collected from software vendors and scores are assigned from most to least insecure by experts.

According to Singhal in a simple system there is an attacker on a computer, a firewall, router, an FTP server and a database server. The goal for the attacker is to find the simplest path into the jackpot-the database server. Attack Graph Analysis determines three potential attack paths. For each path in the graph, the NIST researchers assign an attack probability based on the score in the NVD database.

Because it takes multiple steps to reach the goal, the probabilities of each component are multiplied to determine the overall risk. One path takes only three steps. The first step has an 80% chance of being hacked, the second, a 90% chance. The final step requires great expertise, so there is only a 10% probability it can be breached. By multiplying the three probabilities together, that path is pretty secure with a less than 10% chance of being hacked, Singhal said.

Ideally users would make network and security adjustments based on this tool that could help them better secure networked assets.  The next step is for the NIST researchers to expand their research to handle large-scale enterprise networks.

Layer 8 in a box

Check out these related stories:

Researchers tout new-fangled network worm weapon

Can computer scientist dream team clean up e-voting?

Network security issues dog FDIC

A look into the dark underbelly of data breaches

Credit card transaction security fortified by new risk assessment system

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey: The results are in