You are in the: Small Business Computing Channel

» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

www.ecommerce-guide.com/news/trends/article.php/233131

Back to Article

An Ounce of Prevention By Mark Merkow, CCP, CISSP November 5, 1999 With the September 1999 release of the Common Vulnerabilities and Exposures (CVE) List by MITRE Corporation, consumers and providers of security products alike now stand to benefit through a unified approach to computer security problem enumeration. How CVE Works CVE is needed to clean up the messy world of known computer exploits by uniquely identifying them using an industry-wide naming scheme. This scheme cross-references the naming conventions already adopted by security tool manufacturers, security advisory groups, discussion groups, and hacker underground sites. These new vulnerability identities will serve as primary keys for relational database systems that already contain known exploits. Using these as search criteria, users of the software will be referred to the actual databases that contain the details about the vulnerability (symptoms, remediation steps, etc.). CVE is vital in helping consumers of security tools and systems to effectively compare products using an apples-to-apples approach. You''ll no longer need to concern yourself about which tool tests for which vulnerability. If a tool is CVE-compliant, you can immediately determine if a tool tests for the specific vulnerabilities that concern you without poring through the product''s documentation. What is a Vulnerability? CVE defines a vulnerabilities and exposures as follows: Vulnerabilities are problems that are universally thought of as "vulnerabilities" in any security policy, software flaws that could directly allow serious damage or security breaches, and specific known vulnerabilities in operating systems, utility, and network programs. Exposures are problems that provide stepping stones to successful hacker attacks. Examples include the running of services such as finger, poor logging practices, or software mis-configuration problems. CVE Goals The goals of the CVE initiative include: Enumerate all publicly known problems, Assign a standard, unique name to each problem, Operate the list independent of product vendors, advisories, newsgroups, etc., Enable open and sharable information without any distribution restrictions. CVE helps in providing a common language for security professionals when referring to problems. It facilitates the sharing of data among Intrusion Detection Systems (IDSs), assessment tools, vulnerability databases, academic research, and incident response teams. CVE helps to improve communications across the computer security community and helps to improve the mix of security tools in the marketplace by fostering interoperability among multiple vendor products. Although many people may criticize the CVE as being an aid to hackers, its benefits outweigh the possible risks in these following ways: CVE is restricted to publicly known problems, The sharing of information among security professionals is far more difficult than the sharing of information within the hacker community, CVE represents a shift in community opinion trends toward open sharing, rather than the former "cloak and dagger" operations of yesteryear.

Go to page: 1  2  Next

Search:

WebMediaBrands Corporate Info

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs

Solutions

Whitepapers and eBooks

Microsoft Articles: Visual Studio 2010 Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications Microsoft Whitepaper: How Windows Server 2008 R2 Helps Optimize IT and Save You Money Adobe Article: Java Developers Finding a Home at Adobe Flex IBM Articles: A Smarter Business Needs Smarter Technology Intel Xeon Processor Increases Server Efficiency and Capabilities Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise Oracle Whitepapers - Innovation for IT Leaders Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT

Internet.com eBook: IT Manager's Guide to Social Networking Internet.com eBook: Get Ready for Windows 7 Microsoft Article: Expression Web 3--New Features for PHP Developers Whitepapers: Manage Your Business Infrastracture with IBM Whitepaper: Maximize Your Storage Investment with HP Internet.com eBook: Becoming a Better Project Manager Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies Video: Microsoft Partner Program Benefits Video: Windows Azure Debugging Tips SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports

IBM Webcast: Speed Business Innovation with Reduced Cost and Risk Video: Deploy Applications on Windows Azure MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Download: Microsoft Visual Studio 2010 Beta 2 Downloads & Free Trials: Microsoft's New Efficiency Resource Center Get the Windows 7 SDK

Free Trial: Red Gate SQL Backup Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products All About Botnets

MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES