...Calculate the Window of Vulnerability The four parts would be the Discovery-Time, Exploit-Time, Disclosure-Time, and Patch-Time. All four of these must be looked at and evaluated. Discovery Time –is the earliest date that a vulnerability is discovered and recognized to pose a security risk. The discovery date is not publicly known until the public disclosure of the respective vulnerability. Exploit Time -is the earliest date an exploit for a vulnerability is available. We qualify any hacker-tool, virus, data, or sequence of commands that take advantage of a vulnerability as an exploit. Disclosure Time –is the first date a vulnerability is described on a channel where the disclosed information on the vulnerability is (a) freely available to the public, (b) published by trusted and independent channel and (c) has undergone analysis by experts such that risk rating information is included. Patch Time - is the earliest date the vendor or the originator of the software releases a fix, workaround, or a patch that provides protection against the exploitation of the vulnerability. Fixes and patches offered by third parties are not considered as a patch. A patch can be as simple as the instruction from the vendor for certain configuration changes. Note that the availability of other security mechanisms such as signatures for intrusion prevention systems or anti-virus tools are not considered as a patch in this analysis. Unfortunately, the availability of patches usually lags...
Words: 603 - Pages: 3
...this information, the window of vulnerability at the very least is eight days. A network worm called xrystal was detected through the MS-SQL server software package. A default installation of MS-SQL was installed into Windows desktops in which each server did not have a password on the system account. This situation gave access to anyone on the network to run random commands and requests. Xrystal configures a “guest” account to allow file sharing and be able to upload itself to any desired target. It then creates copies of itself using the password-less account, therefore creating an infection. This worm was not found until the day after installation and it will take three days to restore the network. The window of vulnerability of this state is four days. A user opened an email that contained a virus and notified her manager. The manager then notified the IT department, and they immediately began to work on the difficulty. It took the IT team one day to resolve the issue and completely remove the virus and the restore the network. The window of vulnerability was one day. Lastly, an employee who used their VPN at home was surfing the internet on her laptop. She unknowingly downloaded a virus through her browser but did not notice the virus until a couple of days later. After finding out, she took her laptop into the IT department for service and possible extraction of the virus. The IT department was able to remove the virus, so the window of vulnerability there was only three...
Words: 323 - Pages: 2
...Unit 2 Assignment 1 Greg Diamond Without having to spell out in great detail of what should take place should a Security Breech take place on an SMB server, I will instead focus on the assignment and the information they are asking for. Should a breech happen in an SMB server as indicated by data collected by the server software manager the previous day. It is inherent that, those individuals or groups (PVG), put in place to work those tools that were set up for them when the situation came about, ie: patch management tools, remediation tools, etc... Careful analyses as a result of the breech, needs to be reported (as was the case in the assignment) to software manufacture, who indicated that it would take 3 days to have a patch available for deployment. The LAN administrator however, needs at least one week to download and test the patch in a test environment to determine the effectiveness of the patch. Once completed, he will deploy the patch to associated SMB Server as well as others they may be in use. With that stated, it should take 10 days to test and install the patch based on 3 days for the software manufacturer to create the patch, 7 days to test the patch and then deploy to server. There should be metrics set up in the Security documents of an Organization that will clearly define a more accurate assessment of when a patch will come on line to counter a...
Words: 252 - Pages: 2
...A vulnerability is “a flaw in an information technology product that could allow violations of security policy”. (L., 2000) A vulnerability or weakness in a system or network can come about in many different ways such as poor coding, poorly configured access controls, weak security implementations or a basic design flaw. In the scenario there was no date given but it did state the server software manufacturer detected a hole the previous day and a patch will be ready in three days. The LAN administrator will need at least a week to download and test the patch, in which he’ll test the effectiveness of the patch. Once the LAN Admin is satisfied with the patch he will deploy the patch to the SMB Server and any other machines that may be in use on the network. In this case the Window of vulnerability is roughly 11 days from detection to patch implementation. Depending on the severity of the breach and size of the company they may or may not release a public statement in which it would only jeopardize bad publicity. During the time of vulnerability the word about the security breach can spread rather fast and many attacks may follow. Once the patch has been installed the company may then again go public stating the breach has corrected and there are no vulnerabilities. Bibliography L., W. A. (2000, December). Windows of vulnerability: A case study analysis. Retrieved from http://www.cs.umd.edu:...
Words: 252 - Pages: 2
...The Window of Vulnerability The window of vulnerability is a time frame within which defensive measures are reduced, compromised or lacking. When trying to calculate the window of vulnerability you need to look at least 4 different things before being able to figure out the entire vulnerability. Those four things are discovery-time, exploit time, disclosure time and patch time. Discovery time is when someone discovers that a product has security or survivability implications, the flaw then becomes vulnerable. Hopefully it was found before an attacker found the vulnerability and exploited it. Exploit time is the time between the discovery and the patch time. It is when most, if not all, attacks will occur on a network. When attackers find vulnerabilities they can break through the security relatively quickly, and if they are not stopped they can damage a network extremely. Disclosure time is the vulnerability is disclosed when the discoverer reveals details of the problem to a wider audience. Disclosure time and exploit time can be occurring at the same time, it just depends on when the vulnerability was discovered and by whom. Patch time takes the longest because of all the code that needs to be fixed in order to close the vulnerability. Patches can take a few days to fix the problems or can take longer than 3 weeks, it all depends on how bad the vulnerability is and how badly the attackers want to get into the network. Even with patches and other fixes to networks there...
Words: 275 - Pages: 2
...Steven Schmidt 7/8/2013 CALCULATE THE WINDOW OF VULNERABILITY A security breach has been identified within a small Microsoft workgroup LAN. The workgroup consists of three primary workgroups which contain group membership lists of users within the Active Directory infrastructure that currently exists on the SMB Server that is located within the confines of the LAN structure. The security breach, which is defined as any event that results in a violation of any of the CIA (confidentiality, integrity, availability) security principles, was caused by the SMB server being accessed by an unauthorized user due to a security hole that was detected by the server software manufacturer the previous day. The security patch will not be available until possible as long as three days, but hopefully within that timeframe. In addition, the LAN administrator needs at least one week (minimum) to download, test, and install the patch. To calculate the Window of Vulnerability (WoV) for this security breach, the following timeline will be used as a guideline to determine the basis for calculation: However, first it is important to understand the variables considered in this timeline formula. The WoV is the period within which defensive measures are reduced, compromised, or lacking. The WoV covers a timeline from the moment a vulnerability is discovered and identified by the vendor. It also includes the time taken to create, publish, and...
Words: 312 - Pages: 2
...Unit 2 Assignment 1: Calculate the Window of Vulnerability A security breach has been identified in which the SMB server was accessed by an authorized user due to a security hole. The hole was detected by the server software manufacturer the day before. A new patch will be available in three days. However the LAN administrator needs at least a week to download the software, test it, and then install the patch. Based on this information, the window of vulnerability at the very least is eight days. A network worm called Spida was detected through the MS-SQL server software package. A default installation of MS-SQL was installed into Windows desktops in which each server did not have a password on the system account. This gave access to anyone on the network to run random commands. Spida configures a ‘guest’ account to allow file sharing and be able to uploads itself to the target. It then creates copies of itself using the password-less account, therefore creating infection. This worm was not found until the day after installation and it will take three days restore the network. The window of vulnerability of this situation is four days. A user opened an email that contained a virus and notified her manager. The manager then notified the IT department, and they immediately began to work at the problem. It took the IT team one day to resolve the issue and completely remove the virus and the restore the network. The window of vulnerability was one day. Lastly, an employee...
Words: 319 - Pages: 2
...| Unit 2 Assignment 1 | UNIT 2 ASSIGNMENT 1: Calculate the Window of Vulnerability | | Chris Riddle | 12/22/2015 | Instructor: Mr. Sprinkle | To calculate the WoV, we must consider the following (Stefan Frei, 2013): 1. Discovery Time is the earliest date that a vulnerability is found and known to pose a security risk. 2. Exploit Time is the earliest date an exploit for a vulnerability is available. 3. Disclosure Time is the time to make security information available to the public in a standardized, understandable format. The publishing channel must satisfy the following requirements: a. Free Access: the information must be made to the public free of charge. b. Independence: the information must be published by a widely accepted and independent source. c. Validation: the vulnerability has been analyzed by security experts & includes risk rating information. 4. Patch Time is the earliest date the vendor or the originator of the software releases a fix, workaround, or a patch that provides protection against the exploitation of the vulnerability. The time between each of these areas or, the vulnerability’s lifecycle is divided into three risk areas. Black Risk - during the time from discovery to disclosure, only a closed group is aware of the vulnerability. Gray Risk - during the time from disclosure to patch the user of the software waits for the vendor to issue a patch. White Risk - the time from patch availability...
Words: 289 - Pages: 2
...Eric Mcknight 7/6/2012 Unit 2: Assignment 1: Calculate the window of vulnerability. To calculate the window of vulnerability (WOV) we will first need to know the amount of time It will take to get a working solution. In this case, we need a patch to solve the issue. We already know that it will take Microsoft 3 days to get a patch out to us. So, we can start with three days. After that, we need time to test the patch, and publish it out to the active directory update servers. This will usually take a few days according to the book. After it is all tested on the equipment, we need to push out the update to all of the client computers and servers. This will usually take a day or so. Also, depending on if the IT staff works on the weekends to solve the problem that will add another two days to fix the problem. So, to add it up, It takes three days to get the patch, Up to five days to test the patch, and another day or two to publish the patch out to all of the client computers. All in total, this will take around a week to solve this issue. My personal opinion is any IT personal that takes a WEEK to solve a major security breach should be fire. Personally, I would put immediate measures in place to solve the issue such as blocking the mac address, immediately writing scripts and programs to detect intrusions in the hole, and block out the attacker. Taking more than a day or two for testing is major overkill for fixing a major hole. But, that is my...
Words: 287 - Pages: 2
...Unit 2 Assignment 1 Calculate the Window of Vulnerability There are four parts to be considered when calculating the WoV. These four parts are the Discovery-Time, Exploit-Time, Disclosure-Time, and Patch-Time. All four of these must be looked at and evaluated as a part of calculating the amount of time that the server will be vulnerable for. Discovery Time is the earliest date that vulnerability is discovered and recognized to pose a security risk. The discovery date is not publicly known until the public disclosure of the respective vulnerability. Exploit Time is the earliest date an exploit for vulnerability is available. We qualify any hacker-tool, virus, data, or sequence of commands that take advantage of vulnerability as an exploit. Disclosure Time is the first date vulnerability is described on a channel where the disclosed information on the vulnerability is freely available to the public, or is published by trusted and independent channel and has undergone analysis by experts such that risk rating information is included. Patch Time is the earliest date the vendor or the originator of the software releases a fix, workaround, or a patch that provides protection against the exploitation of the vulnerability. Fixes and patches offered by third parties are not considered as a patch. A patch can be as simple as the instruction from the vendor for certain configuration changes. Note that the availability of other security mechanisms such as signatures for intrusion prevention...
Words: 828 - Pages: 4
...Developments in Hacking, Cybercrime, and Malware The major threats that were outlined in the Symantec Security Report were mostly occurring in the United States. This was due to a weakness in the Internet Explorer. Attackers used a Web-Based attack exploited in the Internet Explorer 7 uninitialized Memory Code Execution Vulnerability accounting for 6 percent of the total. This vulnerability was published on February 10, 2009. The second most widely exploited attack was the downloading of a suspicious PDF file. Attackers tried to aim this one towards people trying to get information on the H1N1 virus, since this was the latest news that most consumers wanted information about. The attack exploited vulnerabilities in Foxit Reader. These two types of vulnerabilities took up 79% of the threats aimed at financial institutions. Threats are separated into different types of categories for example; Allowing for remote access, exporting email addresses, and exporting system data). Separating the threats into different categories helps with securing against cyber criminals. The importance of identifying these threats is to combat against them. By observing the malicious activity by region helps different companies prepare for what type of threats are most likely to be used against their systems. For example if there are threats about a PDF document that may contain code to execute a bot that will take all of your contacts and forward them to the Malicious user, you would want to prevent...
Words: 469 - Pages: 2
...violation of any of the CIA (confidentiality, integrity, availability) security principles, was caused by the SMB server being accessed by an unauthorized user due to a security hole that was detected by the server software manufacturer the previous day. The security patch will not be available until possible as long as three days, but hopefully within that timeframe. In addition, the LAN administrator needs at least one week (minimum) to download, test, and install the patch. To calculate the Window of Vulnerability (WoV) for this security breach, the following timeline will be used as a guideline to determine the basis for calculation: First it is important to understand the variables considered in this timeline formula. The WoV is the period within which defensive measures are reduced, compromised, or lacking. The WoV covers a timeline from the moment vulnerability is discovered and identified by the vendor. It also includes the time taken to create, publish, and finally apply a fix to the vulnerability. It is also important to explore the device(s) that were targeted by the attack. In this instance, being the SMB server within the LAN. The SMB server utilizes an application layer network protocol, which can run atop the session layer. It provides shared access to files, printers, serial ports, and network nodes (workstations, laptops, desktops, etc.) and provides a client/server relationship throughout the...
Words: 286 - Pages: 2
...Adware | A software program that collects infor- mation about Internet usage and uses it to present targeted advertisements to users. Asset | Any item that has value to an organization or a person. Attack | An attempt to exploit a vulnerability of a computer or network component Backdoor | An undocumented and often unauthor- ized access method to a computer resource that bypasses normal access controls. Black-hat hacker | A computer attacker who tries to break IT security for the challenge and to prove technical prowess. Cookie | A text file sent from a Web site to a Web browser to store for later use. Cookies contain details gleaned from visits to a Web site Cracker | A computer attacker who has hostile intent, possesses sophisticated skills, and may be interested in financial gain. Dictionary attack | An attack method that takes all the words from a dictionary file and attempts to log on by entering each dictionary entry as a password. Disclosure | 1. Any instance of an unauthorized user accessing protected information. 2. Refers, under HIPAA, to how a covered entity shares PHI with other organizations. Ethical hacker | An information security or network professional who uses various penetration test tools to uncover or fix vulnerabilities. Also called a white-hat hacker. Firewall | A program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration. Gray-hat...
Words: 1378 - Pages: 6
...Comparison of the Security of Windows NT and UNIX† Hans Hedbom1,2, Stefan Lindskog1,2, Stefan Axelsson1 and Erland Jonsson1 1Dept of Computer Engineering 2Dept of Computer Science Chalmers University of Technology S-412 96 Göteborg, SWEDEN {sax, Erland.Jonsson}@ce.chalmers.se University of Karlstad S-651 88 Karlstad, SWEDEN {Hans.Hedbom, Stefan.Lindskog}@hks.se Abstract This paper presents a brief comparison of two operating systems, Windows NT and UNIX. The comparison covers two different aspects. First, we compare the main security features of the two operating systems and then we make a comparison of a selection of vulnerabilities most of which we know have been used for making real intrusions. We found that Windows NT has slightly more rigorous security features than “standard” UNIX but the two systems display similar vulnerabilities. The conclusion is that there are no significant differences in the “real” level of security between these systems. †Presented at the Third Nordic Workshop on Secure IT Systems, NORDSEC’ 5-6 November, 1998, Trondheim, Norway. 98, 1. Introduction It has been claimed that the security of Windows NT is far better than that of previous commercial operating systems. In order to verify (or refute) this statement we have made a brief comparison of the security of Windows NT to that of UNIX. UNIX was selected as a reference since it is well-known and widely spread. Thus, the target systems were (1) a networked Windows NT 4.0 and (2) UNIX with...
Words: 6676 - Pages: 27
...To calculate the window of vulnerability (WOV) we will first need to know the amount of time It will take to get a working solution. In this case, we need a patch to solve the issue. We already know that it will take Microsoft 3 days to get a patch out to us. So, we can start with three days. After that, we need time to test the patch, and publish it out to the active directory update servers. This will usually take a few days according to the book. After it is all tested on the equipment, we need to push out the update to all of the client computers and servers. This will usually take a day or so. Also, depending on if the IT staff works on the weekends to solve the problem that will add another two days to fix the problem. So, to add it up, It takes three days to get the patch, Up to five days to test the patch, and another day or two to publish the patch out to all of the client computers. All in total, this will take around a week to solve this issue. My personal opinion is any IT personal that takes a WEEK to solve a major security breach should be fire. Personally, I would put immediate measures in place to solve the issue such as blocking the mac address, immediately writing scripts and programs to detect intrusions in the hole, and block out the attacker. Taking more than a day or two for testing is major overkill for fixing a major hole. But, that is my...
Words: 273 - Pages: 2