Vulnerability refers to any characteristic of the information system, the use of which the offender may result in the implementation of the threat. It does not matter purposefully used the vulnerability or that happens unintentionally. As an offender can be any entity corporate network that tried to implement unauthorized access to network resources by mistake, ignorance or with malicious intent.
To eliminate confusion with the name of vulnerabilities and attacks in 1999, MITRE Corporation () proposed a solution that is independent of the various search tools manufacturer vulnerabilities. This decision was implemented as a database CVE (Common Vulnerability Enumeration), which was later renamed the Common Vulnerabilities and Exposures. This allowed all professionals and manufacturers to talk the same language. For example, the different names of the same vulnerability (CA-96.06.cgi_example_code, HTTP 'phf' Attack, http-cgi-phf, phf CGI allows remote command execution, PHF Attacks - Fun and games for the whole family, # 107 - cgi-phf, # 3200 - WWW phf attack, Vulnerability in NCSA / Apache Example Code, http_escshellcmd, # 180 HTTP Server CGI example code compromises http server) received a single code CVE-1999-0067.
In the development of a database of experts in addition to CVE MITRE was attended by experts of many well-known companies and organizations. For example, ISS, Cisco, BindView, Axent, NFR, L-3, CyberSafe, CERT, Carnegie Mellon University, Institute of SANS, UC Davis Computer Security Lab, CERIAS etc. Their support base CVE said the company Internet Security Systems, Cisco, Axent, BindView, IBM and others. However, despite such an attractive initiative CVE database is not yet widespread among manufacturers of commercial products.
The most dangerous vulnerabilities design that can be detected and removed with great difficulty. In this case, the vulnerability inherent design or algorithm and therefore even perfect its implementation (which is impossible in principle) does not eliminate the vulnerability inherent in it.
For example, the vulnerability of the protocol stack TCP / IP. Underestimation of the safety requirements in creating this protocol stack has led to the fact that does not pass the month that there was no announcement of a new vulnerability in the protocols stack TCP / IP.
For example, 7 and 8 February 2000, there were a malfunction such popular and leading Internet-servers like Yahoo (), eBay (), Amazon (), Buy () and CNN (). February 9 similar fate befell the server ZDNet (), Datek () and E * Trade (). Conducted by the FBI investigation revealed that these servers are out of order because of the huge number of requests addressed to them, which led to the fact that the server could not handle the traffic of such scope and out of order. For example, organized by the server Buy traffic exceeded the average 24 times and 8 times higher than the maximum permissible load on the server supporting performance Buy. Once and for all eliminate these disadvantages is no longer possible - there are only temporary or partial measures.
However, there are exceptions. For example, the introduction of the draft set of corporate network modems to facilitate the work of staff, but greatly complicates the work of the security services. This leads to potential ways to bypass the firewall that protects internal resources from unauthorized use. And find and fix the vulnerability easily enough.
The meaning of the second category of vulnerabilities (vulnerabilities implementation) is an error in the implementation phase in the software or hardware correctly in terms of security of the project or algorithm. A striking example of this vulnerability - "buffer overflow" ("buffer overflow") in many implementations of programs, for example, sendmail or Internet Explorer. Detect and eliminate this type of vulnerability is relatively easy - by updating executable code or change the source code of the vulnerable software. Another example is the case of the implementation of vulnerabilities to computers Tandem, which occurred November 1, 1992 and January 7, 1993 At 3 am the functioning of most computers Tandem around the world has been violated because of a failure in the subsystem BASE23 Nucleus, leading to overflow variable timer microcode at a certain time. Because of this error, the value of the system clock has been reset to December 1983, which sometimes leads to misinterpretation of the data in a variety of financial applications.
No comments:
Post a Comment