[ISN] 'Attack graphs' predict computer security

From: InfoSec News <alerts_at_private>
Date: Mon, 28 Jul 2008 02:45:57 -0500 (CDT)
http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=209601075

By R. Colin Johnson
EE Times
07/25/2008

PORTLAND, Ore. - "Attack graphs" help predict the risk that hackers can 
crack a computer system's security, plus identify its most vulnerable 
resources, according to the National Institute of Science and Technology 
(NIST).

By analyzing and assigning probabilities to every path a hacker could 
use to penetrate a computer system, NIST hopes attack graphs will help 
IT managers identify weak points that need to be patched to safeguard 
valuable data.

Attack graphs, developed by NIST jointly with George Mason University, 
calculate the vulnerability of each path into a computer system using 
NIST's National Vulnerability Database (NVD). By assigning a probable 
risk to various computer network pathways, the researchers hope to 
secure computer systems from multistep attacks.

Each step in an attack is graphed with an assigned probability, 
depending on its security level. For instance, its firewall, router and 
various servers are each assigned a probability of being hacked, based 
on information in the NVD.

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Mon Jul 28 2008 - 00:45:57 PDT

This archive was generated by hypermail 2.2.0 : Mon Jul 28 2008 - 00:50:20 PDT