Abstract
The exploitation of vulnerabilities in operating systems and applications has become a frequent and increasing problem in IT environments. This paper assesses the extent of the problem by examining the scale of vulnerability reports issued by a number of popular advisory sources. It then proceeds to determine the workload implications that this introduces from system administrators, benchmarking the number of vulnerabilities that would need to be addressed and patched within a reference environment over a 12-month period. It is concluded that further advances are required in order to facilitate more targeted vulnerability notification, and where possible, the automated rectification of the problems themselves.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35586-3_46
Chapter PDF
Similar content being viewed by others
Keywords
References
SANS Institute. 2001. “How To Eliminate The Ten Most Critical Internet Security Threats”, Version 1.32, January 18 2001. http://www.sans.org/topten.htm
Computer Security Institute. 2000. “2000 CSI/FBI Computer Crime and Security Survey”, Computer Security Issues & Trends, vol. VI, no. 1. Spring 2000.
Microsoft Corporation. 2000. “The Definition of a Security Vulnerability”, http://www.microsoft.com/technet/secrity/vulnrbl.asp, December 2000.
Longstaff, T.A, Ellis, J.T., Hernan, S.V., Lipson, H.F., McMillan, R.D., Pesante, L.H. and Simmel, D. 1997. “Security of the Internet”, The Froehlich/Kent Encyclopedia of Telecommunications, vol. 15. Marcel Dekker, New York: pp.231–255.
Arbaugh, W.A., Fithen, W.L., and McHugh, J. 2000. “Windows of Vulnerability: A Case Study Analysis”, IEEE Computer, vol. 33, no. 12, pp52 – 59.
Noack, D. 2000. “The Back Door Into Cyber-Terrorism”, APBnews.com, 2 June 2000.
Furnell, S.M., Chiliarchaki, P. and Dowland, P.S. 2001. “Security analysers: Administrator Assistants or Hacker Helpers?”, Information Management and Computer Security, vol. 9, no.2: 93–101.
CERT/CC. 2001. “The CERT Coordination Center FAQ”, CERT Coordination Center, http://www.cert.org/faq/cert_faq.html, May 2001.
CVE. 2000. “Introduction to CVE, The Key to Information Sharing”, MITRE Corporation. http://cve.mitre.org/docs/docs2000/key_to_info_shar.pdf
CVE. 2001. “CVE (version 20010507)”. Mitre Corporation. http://cve.mitre.org/cve/downloads/full-cve.html
Hafner, K and Markoff, J. 1991. Cyberpunk: Outlaws and Hackers on the Computer Frontier. Fourth Estate Limited.
CERT/CC. 2001. “CERT/CC Statistics 1988–2001”, CERT Coordination Center, http://www.cert.org/stats/cert_stats.html, Jun 2001.
Security Focus. 2001. “BUGTRAQ Vulnerability Database Statistics”, http://www.securityfocus.com/vdb/stats.html, Jun 2001.
CSI. 2001. ‘2001 CSI/FBI Computer Crime and Security Survey’, Computer Security Issues & Trends, vol. VII, no. 1. Computer Security Institute. Spring 2001.
CNET. 2001. “Patchwork Security — Software “fixes” routinely available but often ignored”, CNET News.com report. 24 January 2001. http://news.cnet.com/news/0-1007-201-4578373-0.html
eEye-Digital Security. 2001. “Retina: The Network Security Scanner”, http://www.eeye.com/html/assets/pdf/retina_whitepaper.pdf
Forristal, J. and Shipley, G. 2001. “Vulnerability Assessment Scanners: Detection Result”, Network Computing, http://www.networkcomputing.com/1201/1201f1bl.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Alayed, A., Furnell, S.M., Barlow, I.M. (2002). Addressing Internet Security Vulnerabilities. In: Ghonaimy, M.A., El-Hadidi, M.T., Aslan, H.K. (eds) Security in the Information Society. IFIP Advances in Information and Communication Technology, vol 86. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35586-3_9
Download citation
DOI: https://doi.org/10.1007/978-0-387-35586-3_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-1026-7
Online ISBN: 978-0-387-35586-3
eBook Packages: Springer Book Archive