Premium Essay

Calculate the Window of Vulnerability

In:

Submitted By Chilly
Words 603
Pages 3
Calculate the Window of Vulnerability The four parts would be the Discovery-Time, Exploit-Time, Disclosure-Time, and Patch-Time. All four of these must be looked at and evaluated.
Discovery Time –is the earliest date that a vulnerability is discovered and recognized to pose a security risk. The discovery date is not publicly known until the public disclosure of the respective vulnerability.
Exploit Time -is the earliest date an exploit for a vulnerability is available. We qualify any hacker-tool, virus, data, or sequence of commands that take advantage of a vulnerability as an exploit.
Disclosure Time –is the first date a vulnerability is described on a channel where the disclosed information on the vulnerability is (a) freely available to the public, (b) published by trusted and independent channel and (c) has undergone analysis by experts such that risk rating information is included.
Patch Time - is the earliest date the vendor or the originator of the software releases a fix, workaround, or a patch that provides protection against the exploitation of the vulnerability. Fixes and patches offered by third parties are not considered as a patch. A patch can be as simple as the instruction from the vendor for certain configuration changes. Note that the availability of other security mechanisms such as signatures for intrusion prevention systems or anti-virus tools are not considered as a patch in this analysis. Unfortunately, the availability of patches usually lags behind the disclosure of a vulnerability. The time between each of these areas or, the vulnerability’s lifecycle is divided into 3 risk areas. These areas are shown and explained below. Black Risk (exogenous)
During the time from discovery to disclosure, only a closed group is aware of the vulnerability. This group could be anyone from hackers to organized crime tempted to misuse this

Similar Documents

Premium Essay

Calculate the Window of Vulnerability

...this information, the window of vulnerability at the very least is eight days. A network worm called xrystal was detected through the MS-SQL server software package. A default installation of MS-SQL was installed into Windows desktops in which each server did not have a password on the system account. This situation gave access to anyone on the network to run random commands and requests. Xrystal configures a “guest” account to allow file sharing and be able to upload itself to any desired target. It then creates copies of itself using the password-less account, therefore creating an infection. This worm was not found until the day after installation and it will take three days to restore the network. The window of vulnerability of this state is four days. A user opened an email that contained a virus and notified her manager. The manager then notified the IT department, and they immediately began to work on the difficulty. It took the IT team one day to resolve the issue and completely remove the virus and the restore the network. The window of vulnerability was one day. Lastly, an employee who used their VPN at home was surfing the internet on her laptop. She unknowingly downloaded a virus through her browser but did not notice the virus until a couple of days later. After finding out, she took her laptop into the IT department for service and possible extraction of the virus. The IT department was able to remove the virus, so the window of vulnerability there was only three...

Words: 323 - Pages: 2

Premium Essay

Calculate Window of Vulnerability

...Unit 2 Assignment 1 Greg Diamond Without having to spell out in great detail of what should take place should a Security Breech take place on an SMB server, I will instead focus on the assignment and the information they are asking for. Should a breech happen in an SMB server as indicated by data collected by the server software manager the previous day. It is inherent that, those individuals or groups (PVG), put in place to work those tools that were set up for them when the situation came about, ie: patch management tools, remediation tools, etc... Careful analyses as a result of the breech, needs to be reported (as was the case in the assignment) to software manufacture, who indicated that it would take 3 days to have a patch available for deployment. The LAN administrator however, needs at least one week to download and test the patch in a test environment to determine the effectiveness of the patch. Once completed, he will deploy the patch to associated SMB Server as well as others they may be in use. With that stated, it should take 10 days to test and install the patch based on 3 days for the software manufacturer to create the patch, 7 days to test the patch and then deploy to server. There should be metrics set up in the Security documents of an Organization that will clearly define a more accurate assessment of when a patch will come on line to counter a...

Words: 252 - Pages: 2

Premium Essay

Calculate the Window of Vulnerability

..."How strange is the lot of us mortals! Each of us is here for a brief sojourn; for what purpose he knows not, though he sometimes thinks he senses it. But without deeper reflection one knows from daily life that one exists for other people -- first of all for those upon whose smiles and well-being our own happiness is wholly dependent, and then for the many, unknown to us, to whose destinies we are bound by the ties of sympathy. A hundred times every day I remind myself that my inner and outer life are based on the labors of other men, living and dead, and that I must exert myself in order to give in the same measure as I have received and am still receiving... "I have never looked upon ease and happiness as ends in themselves -- this critical basis I call the ideal of a pigsty. The ideals that have lighted my way, and time after time have given me new courage to face life cheerfully, have been Kindness, Beauty, and Truth. Without the sense of kinship with men of like mind, without the occupation with the objective world, the eternally unattainable in the field of art and scientific endeavors, life would have seemed empty to me. The trite objects of human efforts -- possessions, outward success, luxury -- have always seemed to me contemptible. "My passionate sense of social justice and social responsibility has always contrasted oddly with my pronounced lack of need for direct contact with other human beings and human communities. I am truly a 'lone traveler' and have...

Words: 695 - Pages: 3

Premium Essay

Unit 2: Calculate the Window of Vulnerability

...A vulnerability is “a flaw in an information technology product that could allow violations of security policy”. (L., 2000) A vulnerability or weakness in a system or network can come about in many different ways such as poor coding, poorly configured access controls, weak security implementations or a basic design flaw. In the scenario there was no date given but it did state the server software manufacturer detected a hole the previous day and a patch will be ready in three days. The LAN administrator will need at least a week to download and test the patch, in which he’ll test the effectiveness of the patch. Once the LAN Admin is satisfied with the patch he will deploy the patch to the SMB Server and any other machines that may be in use on the network. In this case the Window of vulnerability is roughly 11 days from detection to patch implementation. Depending on the severity of the breach and size of the company they may or may not release a public statement in which it would only jeopardize bad publicity. During the time of vulnerability the word about the security breach can spread rather fast and many attacks may follow. Once the patch has been installed the company may then again go public stating the breach has corrected and there are no vulnerabilities. Bibliography L., W. A. (2000, December). Windows of vulnerability: A case study analysis. Retrieved from http://www.cs.umd.edu:...

Words: 252 - Pages: 2

Free Essay

Window of Vulnerability

...The Window of Vulnerability The window of vulnerability is a time frame within which defensive measures are reduced, compromised or lacking. When trying to calculate the window of vulnerability you need to look at least 4 different things before being able to figure out the entire vulnerability. Those four things are discovery-time, exploit time, disclosure time and patch time. Discovery time is when someone discovers that a product has security or survivability implications, the flaw then becomes vulnerable. Hopefully it was found before an attacker found the vulnerability and exploited it. Exploit time is the time between the discovery and the patch time. It is when most, if not all, attacks will occur on a network. When attackers find vulnerabilities they can break through the security relatively quickly, and if they are not stopped they can damage a network extremely. Disclosure time is the vulnerability is disclosed when the discoverer reveals details of the problem to a wider audience. Disclosure time and exploit time can be occurring at the same time, it just depends on when the vulnerability was discovered and by whom. Patch time takes the longest because of all the code that needs to be fixed in order to close the vulnerability. Patches can take a few days to fix the problems or can take longer than 3 weeks, it all depends on how bad the vulnerability is and how badly the attackers want to get into the network. Even with patches and other fixes to networks there...

Words: 275 - Pages: 2

Premium Essay

Asdfasdf

...Steven Schmidt 7/8/2013 CALCULATE THE WINDOW OF VULNERABILITY A security breach has been identified within a small Microsoft workgroup LAN. The workgroup consists of three primary workgroups which contain group membership lists of users within the Active Directory infrastructure that currently exists on the SMB Server that is located within the confines of the LAN structure. The security breach, which is defined as any event that results in a violation of any of the CIA (confidentiality, integrity, availability) security principles, was caused by the SMB server being accessed by an unauthorized user due to a security hole that was detected by the server software manufacturer the previous day. The security patch will not be available until possible as long as three days, but hopefully within that timeframe. In addition, the LAN administrator needs at least one week (minimum) to download, test, and install the patch. To calculate the Window of Vulnerability (WoV) for this security breach, the following timeline will be used as a guideline to determine the basis for calculation: However, first it is important to understand the variables considered in this timeline formula. The WoV is the period within which defensive measures are reduced, compromised, or lacking. The WoV covers a timeline from the moment a vulnerability is discovered and identified by the vendor. It also includes the time taken to create, publish, and...

Words: 312 - Pages: 2

Premium Essay

Window of Vulnerability

...Unit 2 Assignment 1: Calculate the Window of Vulnerability A security breach has been identified in which the SMB server was accessed by an authorized user due to a security hole. The hole was detected by the server software manufacturer the day before. A new patch will be available in three days. However the LAN administrator needs at least a week to download the software, test it, and then install the patch. Based on this information, the window of vulnerability at the very least is eight days. A network worm called Spida was detected through the MS-SQL server software package. A default installation of MS-SQL was installed into Windows desktops in which each server did not have a password on the system account. This gave access to anyone on the network to run random commands. Spida configures a ‘guest’ account to allow file sharing and be able to uploads itself to the target. It then creates copies of itself using the password-less account, therefore creating infection. This worm was not found until the day after installation and it will take three days restore the network. The window of vulnerability of this situation is four days. A user opened an email that contained a virus and notified her manager. The manager then notified the IT department, and they immediately began to work at the problem. It took the IT team one day to resolve the issue and completely remove the virus and the restore the network. The window of vulnerability was one day. Lastly, an employee...

Words: 319 - Pages: 2

Premium Essay

Some Cable

...| Unit 2 Assignment 1 | UNIT 2 ASSIGNMENT 1: Calculate the Window of Vulnerability | | Chris Riddle | 12/22/2015 | Instructor: Mr. Sprinkle | To calculate the WoV, we must consider the following (Stefan Frei, 2013): 1. Discovery Time is the earliest date that a vulnerability is found and known to pose a security risk. 2. Exploit Time is the earliest date an exploit for a vulnerability is available. 3. Disclosure Time is the time to make security information available to the public in a standardized, understandable format. The publishing channel must satisfy the following requirements: a. Free Access: the information must be made to the public free of charge. b. Independence: the information must be published by a widely accepted and independent source. c. Validation: the vulnerability has been analyzed by security experts & includes risk rating information. 4. Patch Time is the earliest date the vendor or the originator of the software releases a fix, workaround, or a patch that provides protection against the exploitation of the vulnerability. The time between each of these areas or, the vulnerability’s lifecycle is divided into three risk areas. Black Risk - during the time from discovery to disclosure, only a closed group is aware of the vulnerability. Gray Risk - during the time from disclosure to patch the user of the software waits for the vendor to issue a patch. White Risk - the time from patch availability...

Words: 289 - Pages: 2

Premium Essay

Iss Unit 2 Homework

...Eric Mcknight 7/6/2012 Unit 2: Assignment 1: Calculate the window of vulnerability. To calculate the window of vulnerability (WOV) we will first need to know the amount of time It will take to get a working solution. In this case, we need a patch to solve the issue. We already know that it will take Microsoft 3 days to get a patch out to us. So, we can start with three days. After that, we need time to test the patch, and publish it out to the active directory update servers. This will usually take a few days according to the book. After it is all tested on the equipment, we need to push out the update to all of the client computers and servers. This will usually take a day or so. Also, depending on if the IT staff works on the weekends to solve the problem that will add another two days to fix the problem. So, to add it up, It takes three days to get the patch, Up to five days to test the patch, and another day or two to publish the patch out to all of the client computers. All in total, this will take around a week to solve this issue. My personal opinion is any IT personal that takes a WEEK to solve a major security breach should be fire. Personally, I would put immediate measures in place to solve the issue such as blocking the mac address, immediately writing scripts and programs to detect intrusions in the hole, and block out the attacker. Taking more than a day or two for testing is major overkill for fixing a major hole. But, that is my...

Words: 287 - Pages: 2

Premium Essay

Calculate Wov

...Unit 2 Assignment 1 Calculate the Window of Vulnerability There are four parts to be considered when calculating the WoV. These four parts are the Discovery-Time, Exploit-Time, Disclosure-Time, and Patch-Time. All four of these must be looked at and evaluated as a part of calculating the amount of time that the server will be vulnerable for. Discovery Time is the earliest date that vulnerability is discovered and recognized to pose a security risk. The discovery date is not publicly known until the public disclosure of the respective vulnerability. Exploit Time is the earliest date an exploit for vulnerability is available. We qualify any hacker-tool, virus, data, or sequence of commands that take advantage of vulnerability as an exploit. Disclosure Time is the first date vulnerability is described on a channel where the disclosed information on the vulnerability is freely available to the public, or is published by trusted and independent channel and has undergone analysis by experts such that risk rating information is included. Patch Time is the earliest date the vendor or the originator of the software releases a fix, workaround, or a patch that provides protection against the exploitation of the vulnerability. Fixes and patches offered by third parties are not considered as a patch. A patch can be as simple as the instruction from the vendor for certain configuration changes. Note that the availability of other security mechanisms such as signatures for intrusion prevention...

Words: 828 - Pages: 4

Free Essay

Unit 1 Assignment 1

...Developments in Hacking, Cybercrime, and Malware The major threats that were outlined in the Symantec Security Report were mostly occurring in the United States. This was due to a weakness in the Internet Explorer. Attackers used a Web-Based attack exploited in the Internet Explorer 7 uninitialized Memory Code Execution Vulnerability accounting for 6 percent of the total. This vulnerability was published on February 10, 2009. The second most widely exploited attack was the downloading of a suspicious PDF file. Attackers tried to aim this one towards people trying to get information on the H1N1 virus, since this was the latest news that most consumers wanted information about. The attack exploited vulnerabilities in Foxit Reader. These two types of vulnerabilities took up 79% of the threats aimed at financial institutions. Threats are separated into different types of categories for example; Allowing for remote access, exporting email addresses, and exporting system data). Separating the threats into different categories helps with securing against cyber criminals. The importance of identifying these threats is to combat against them. By observing the malicious activity by region helps different companies prepare for what type of threats are most likely to be used against their systems. For example if there are threats about a PDF document that may contain code to execute a bot that will take all of your contacts and forward them to the Malicious user, you would want to prevent...

Words: 469 - Pages: 2

Premium Essay

Unit 2 Assignment 1

...violation of any of the CIA (confidentiality, integrity, availability) security principles, was caused by the SMB server being accessed by an unauthorized user due to a security hole that was detected by the server software manufacturer the previous day. The security patch will not be available until possible as long as three days, but hopefully within that timeframe. In addition, the LAN administrator needs at least one week (minimum) to download, test, and install the patch. To calculate the Window of Vulnerability (WoV) for this security breach, the following timeline will be used as a guideline to determine the basis for calculation: First it is important to understand the variables considered in this timeline formula. The WoV is the period within which defensive measures are reduced, compromised, or lacking. The WoV covers a timeline from the moment vulnerability is discovered and identified by the vendor. It also includes the time taken to create, publish, and finally apply a fix to the vulnerability. It is also important to explore the device(s) that were targeted by the attack. In this instance, being the SMB server within the LAN. The SMB server utilizes an application layer network protocol, which can run atop the session layer. It provides shared access to files, printers, serial ports, and network nodes (workstations, laptops, desktops, etc.) and provides a client/server relationship throughout the...

Words: 286 - Pages: 2

Premium Essay

Adware

...Adware | A software program that collects infor- mation about Internet usage and uses it to present targeted advertisements to users. Asset | Any item that has value to an organization or a person. Attack | An attempt to exploit a vulnerability of a computer or network component Backdoor | An undocumented and often unauthor- ized access method to a computer resource that bypasses normal access controls. Black-hat hacker | A computer attacker who tries to break IT security for the challenge and to prove technical prowess. Cookie | A text file sent from a Web site to a Web browser to store for later use. Cookies contain details gleaned from visits to a Web site Cracker | A computer attacker who has hostile intent, possesses sophisticated skills, and may be interested in financial gain. Dictionary attack | An attack method that takes all the words from a dictionary file and attempts to log on by entering each dictionary entry as a password. Disclosure | 1. Any instance of an unauthorized user accessing protected information. 2. Refers, under HIPAA, to how a covered entity shares PHI with other organizations. Ethical hacker | An information security or network professional who uses various penetration test tools to uncover or fix vulnerabilities. Also called a white-hat hacker. Firewall | A program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration. Gray-hat...

Words: 1378 - Pages: 6

Free Essay

Windows vs Linux

...Comparison of the Security of Windows NT and UNIX† Hans Hedbom1,2, Stefan Lindskog1,2, Stefan Axelsson1 and Erland Jonsson1 1Dept of Computer Engineering 2Dept of Computer Science Chalmers University of Technology S-412 96 Göteborg, SWEDEN {sax, Erland.Jonsson}@ce.chalmers.se University of Karlstad S-651 88 Karlstad, SWEDEN {Hans.Hedbom, Stefan.Lindskog}@hks.se Abstract This paper presents a brief comparison of two operating systems, Windows NT and UNIX. The comparison covers two different aspects. First, we compare the main security features of the two operating systems and then we make a comparison of a selection of vulnerabilities most of which we know have been used for making real intrusions. We found that Windows NT has slightly more rigorous security features than “standard” UNIX but the two systems display similar vulnerabilities. The conclusion is that there are no significant differences in the “real” level of security between these systems. †Presented at the Third Nordic Workshop on Secure IT Systems, NORDSEC’ 5-6 November, 1998, Trondheim, Norway. 98, 1. Introduction It has been claimed that the security of Windows NT is far better than that of previous commercial operating systems. In order to verify (or refute) this statement we have made a brief comparison of the security of Windows NT to that of UNIX. UNIX was selected as a reference since it is well-known and widely spread. Thus, the target systems were (1) a networked Windows NT 4.0 and (2) UNIX with...

Words: 6676 - Pages: 27

Premium Essay

Calculating the Window of Vulnerability

...To calculate the window of vulnerability (WOV) we will first need to know the amount of time It will take to get a working solution. In this case, we need a patch to solve the issue. We already know that it will take Microsoft 3 days to get a patch out to us. So, we can start with three days. After that, we need time to test the patch, and publish it out to the active directory update servers. This will usually take a few days according to the book. After it is all tested on the equipment, we need to push out the update to all of the client computers and servers. This will usually take a day or so. Also, depending on if the IT staff works on the weekends to solve the problem that will add another two days to fix the problem. So, to add it up, It takes three days to get the patch, Up to five days to test the patch, and another day or two to publish the patch out to all of the client computers. All in total, this will take around a week to solve this issue. My personal opinion is any IT personal that takes a WEEK to solve a major security breach should be fire. Personally, I would put immediate measures in place to solve the issue such as blocking the mac address, immediately writing scripts and programs to detect intrusions in the hole, and block out the attacker. Taking more than a day or two for testing is major overkill for fixing a major hole. But, that is my...

Words: 273 - Pages: 2