Newsletter:

Skip Navigation LinksHome > News > Security > NIST researchers map network security risks

Site Map |

NIST researchers map network security risks

24 July 2008 05:06PM
Tags: nist | data | security | network | risk

U.S. computer scientists are analysing and mapping computer network pathways according to the probability of a data breach.

By applying security metrics to computer network pathways, the researchers expect to help managers protect information more efficiently.

The researchers evaluated each path along which a hacker could access a network, and assigned it a risk level based on how challenging it is to the hacker.

The paths and risks involved were determined using a newly-developed technique called “attack graphs” and the National Vulnerability Database (NVD), which is a U.S. government security repository.

“We analyse all of the paths that system attackers could penetrate through a network, and assign a risk to each component of the system,” explained Anoop Singhal, a computer scientist at the National Institute of Standards and Technology (NIST).

“Decision makers can use our assigned probabilities to make wise decisions and investments to safeguard their network.”

The researchers use a simple system in which there is an attacker on a computer, a firewall, router, an FTP server and a database server. The goal for the attacker is to find the simplest path into the database server.

Attack Graph Analysis determines three potential attack paths. For each path in the graph, the NIST researchers assign an attack probability based on the score in the NVD.

One path takes only three steps. The first step has an 80 percent chance of being hacked, the second, a 90 percent chance. The final step requires great expertise, so there is only a 10 percent probability it can be breached.

Because it takes multiple steps to reach the goal, the probabilities of each component are multiplied to determine the overall risk. The example path therefore is found to be reasonably secure, with a less than 10 percent chance of being hacked.

The next step is for the researchers to expand their research to handle large-scale enterprise networks.

   


Ads by Google


Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 


 


Tags

breach broadband cent centre centres data gartner ibm information iphone microsoft national nbn network networks per researchers security services telstra


Product Reviews

CynapsPro Suite 2008
Star Rating
CynapsPro Suite 2008 is another tiered protection mechanism.
Safend Protector
Star Rating
Safend Protector is an offering that is less of a suite of products and more of a unified application.
eEye Digital Security Blink Professional
Star Rating
Blink is an endpoint security product that functions as a network protector.
GFi EndPointSecurity
Star Rating
EndPointSecurity installs a small footprint agent on the machine.
GuardianEdge Device Control
Star Rating
GuardianEdge Device Control is a component of the more robust GuardianEdge Data Protection Platform.
Product Reviews now available on iTnews.com.au

TopTopics
(3747) -  microsoft
(2185) -  telstra
(2078) -  broadband
(1653) -  network
(1483) -  windows
(1395) -  mobile
(1311) -  security
(1180) -  blackberry
(1093) -  apple
(1079) -  nbn
(1022) -  data
(1008) -  subliminal
(795) -  storm
(772) -  television
(737) -  web