Managing Security Threats & Vulnerabilities for SMEs
Managing security threats and vulnerabilities in assets are two fundamental challenges for SMEs. Vulnerabilities in assets are weaknesses in assets or the absence of security procedures, technical controls, or physical controls that
could be exploited to harm or predispose assets to harm [1]. Harm to assets occurs in various forms, such as interruption, destruction, disclosure, modification of data, including denial of service. For example, in 2001, the Code Red incident exploited a buffer overflow in a library module of Microsoft Windows' Internet Information Server. This allowed it to infect hundreds of thousands of computers [2], causing millions of dollars of damage. The Slammer [3], MSBlast [4], and Sasser [5] worms all exploited known vulnerabilities in computer systems.
There are also accounts of security threats (for instance, Computer worms) used as attack agents in denial of service (DoS) [6], and distributed denial of service (DDoS)[7] attacks. These types of threats affect the confidentiality, integrity, reliability and availability of computer network services.
In this respect, what ways can security be properly managed in an Enterprise? What may provide valid and appropriate options? Answers to these questions are provided in the article.... Please download a copy from this link. Your comments are useful and highly appreciated, please leave a comment. Thanks.
This discussion is shown in a presentation, please download the presentation in DPF.
References:
[1] Computer Security Handbook: The NIST handbook, Special
Publication 800-12, pp.62
[2] D. Moore, C. Shannon, and J. Brown (2002) “Code-Red: a case study on the spread and victims of an Internet Worm”, Proceedings of the ACM/USENIX Internet Measurement Workshop, France, November, 2002
[3] C. C. Zou, L. Gao, W. Gong, D. Towsley (2003), “Monitoring and Early Warning for Internet Worms”, Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 27-31 2003
[4] Microsoft Security Bulletin MS03-026, (2003) “Buffer Overrun In RPC Interface Could Allow Code Execution (823980)”, July 2003: [Online]:
http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
[5] W32.Sasser.worm (2004), April 2004: [Online]: http://securityresponse.symantec.com/avcenter/venc/data/w32.sass
er.worm.html
[6] CERT/CC (2001), “Microsoft Internet Information Server 4.0 (IIS) vulnerable to DoS when URL Redirecting is enabled”; [Online]: http://www.kb.cert.org/vuls/id/544555,
could be exploited to harm or predispose assets to harm [1]. Harm to assets occurs in various forms, such as interruption, destruction, disclosure, modification of data, including denial of service. For example, in 2001, the Code Red incident exploited a buffer overflow in a library module of Microsoft Windows' Internet Information Server. This allowed it to infect hundreds of thousands of computers [2], causing millions of dollars of damage. The Slammer [3], MSBlast [4], and Sasser [5] worms all exploited known vulnerabilities in computer systems.
There are also accounts of security threats (for instance, Computer worms) used as attack agents in denial of service (DoS) [6], and distributed denial of service (DDoS)[7] attacks. These types of threats affect the confidentiality, integrity, reliability and availability of computer network services.
In this respect, what ways can security be properly managed in an Enterprise? What may provide valid and appropriate options? Answers to these questions are provided in the article.... Please download a copy from this link. Your comments are useful and highly appreciated, please leave a comment. Thanks.
This discussion is shown in a presentation, please download the presentation in DPF.
References:
[1] Computer Security Handbook: The NIST handbook, Special
Publication 800-12, pp.62
[2] D. Moore, C. Shannon, and J. Brown (2002) “Code-Red: a case study on the spread and victims of an Internet Worm”, Proceedings of the ACM/USENIX Internet Measurement Workshop, France, November, 2002
[3] C. C. Zou, L. Gao, W. Gong, D. Towsley (2003), “Monitoring and Early Warning for Internet Worms”, Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 27-31 2003
[4] Microsoft Security Bulletin MS03-026, (2003) “Buffer Overrun In RPC Interface Could Allow Code Execution (823980)”, July 2003: [Online]:
http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
[5] W32.Sasser.worm (2004), April 2004: [Online]: http://securityresponse.symantec.com/avcenter/venc/data/w32.sass
er.worm.html
[6] CERT/CC (2001), “Microsoft Internet Information Server 4.0 (IIS) vulnerable to DoS when URL Redirecting is enabled”; [Online]: http://www.kb.cert.org/vuls/id/544555,
posted by Cyril at 11:51 AM
0 Comments:
Post a Comment
<< Home