Automated Tools for Testing Computer System Vulnerability

Get BibTex-formatted data

Author

W.T. Polk

Entry type

techreport

Abstract

Computer security "incidents" occur with alarming frequency. The incidents range from direct attacks by both hackers and insiders to automated attacks such as network worms. Weak system controls are frequently cited as the cause, but many of these incidents are the result of improper use of existing control mechanisms. For example, improper access control specifications for key system files could open the entire system to unauthorized access. Moreover, many computer systemms are delivered with default settings that, if left unchanged, leave the system exposed. This document discusses automated tools for testing computer system, a system manager can identify common vulnerabilities stemming from administrative errors. Using automated tools, thsi process may examine the content and protections of hundreds of files on a multi-user system administrators can significantly reduce their systems' security exposure. Automated vulnerability testing tools are available for a wide variety of systems. Some tools are commercially available; others are available from other system administrators. Additional tools may be developed to address specific concerns for an organization's computer systems. This document examines basic requirements for vulnerability testing tools and describes the different functional classes of tools. Finally, the document offers general recommendations about the selection and distribution of such tools.

Date

1992 – December

Address

Gaithersburg, MD 20899

Institution

US Department of Commerce

Key alpha

Polk

Publication Date

0000-00-00

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Polk,
	title = "Automated Tools for Testing Computer System Vulnerability",
	author = "W.T. Polk",
	year = "1992",
	month = "December",
	address = "Gaithersburg, MD 20899",
	institution = "US Department of Commerce",
	abstract = "Computer security "incidents" occur with alarming frequency.  The incidents range from direct attacks by both hackers and insiders to automated attacks such as network worms.  Weak system controls are frequently cited as the cause, but many of these incidents are the result of improper use of existing control mechanisms.  For example, improper access control specifications for key system files could open the entire system to unauthorized access.  Moreover, many computer systemms are delivered with default settings that, if left unchanged, leave the system exposed.
This document discusses automated tools for testing computer system, a system manager can identify common vulnerabilities stemming from administrative  errors.  Using automated tools, thsi process may examine the content and protections of hundreds of files on a multi-user system administrators can significantly reduce their systems' security exposure.
Automated vulnerability testing tools are available for a wide variety of systems. Some tools are commercially available; others are available from other system administrators. Additional tools may be developed to address specific concerns for an organization's computer systems.  This document examines basic requirements for vulnerability testing tools and describes the different functional classes of tools.  Finally, the document offers general recommendations about the selection and distribution of such tools.",
}