Lightweight Vulnerability Management System

概要

論文の詳細を見る
To secure a network ideally all software in the computers should be updated. However especially in a server farm we have to cope with unresolved vulnerabilities due to software dependencies. Therefore it is necessary to understand the vulnerabilities inside the network. Existing methods require IP reachability and dedicated software to be installed in the managed computers. In addition existing approaches cannot detect vulnerabilities of underlying libraries and uniformly control the communication between computers based only on the vulnerability score. We propose a lightweight vulnerability management system (LWVMS) based on a self-enumeration approach. This LWVMS allows administrators to configure their own network security policy flexibly. It complies with existing standards such as IEEE802.1X and EAP-TLS and can operate in existing corporate networks. Since LWVMS does not require IP reachability between the managed server and management servers it can reduce the risk of invasion and infection in the quarantine phase. In addition LWVMS can control the connectivity based on both the vulnerabilities of respective components and the network security policy. Since this system can be implemented by a slight modification of open-source software the developers can implement this system to fit their network more easily.
一般社団法人情報処理学会の論文
2008-09-15