Performance of automated network vulnerability scanning at remediating security issues

被引:15
|
作者
Holm, Hannes [1 ]
机构
[1] Royal Inst Technol, Ind Informat & Control Syst, SE-10044 Stockholm, Sweden
来源
COMPUTERS & SECURITY | 2012年 / 31卷 / 02期
关键词
Network security; Security tools; Vulnerabilities; Vulnerability remediation; Vulnerability detection;
D O I
10.1016/j.cose.2011.12.014
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This paper evaluates how large portion of an enterprises network security holes that would be remediated if one would follow the remediation guidelines provided by seven automated network vulnerability scanners. Remediation performance was assessed for both authenticated and unauthenticated scans. The overall findings suggest that a vulnerability scanner is a usable security assessment tool, given that credentials are available for the systems in the network. However, there are issues with the method: manual effort is needed to reach complete accuracy and the remediation guidelines are oftentimes very cumbersome to study. Results also show that a scanner more accurate in terms of remediating vulnerabilities generally also is better at detecting vulnerabilities, but is in turn also more prone to false alarms. This is independent of whether the scanner is provided system credentials or not. (c) 2012 Elsevier Ltd. All rights reserved.
引用
收藏
页码:164 / 175
页数:12
相关论文
共 50 条
  • [41] Security and Privacy Issues in Network Function Virtualization: A Review from Architectural Perspective
    Zahran, Bilal
    Ahmed, Naveed
    Alzoubaidi, Abdel Rahman
    Ngadi, Md Asri
    INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2024, 15 (06) : 475 - 480
  • [42] Brief Discussion Of Comtemporary College Student's Network Security Education Issues
    Yang, Jing
    RESOURCES AND SUSTAINABLE DEVELOPMENT, PTS 1-4, 2013, 734-737 : 3308 - 3311
  • [43] Stateful packet inspection for high-performance network security
    Yoon, S
    Oh, J
    Jang, J
    Proceedings of the Fourth IASTED International Conference on Communications, Internet, and Information Technology, 2005, : 355 - 359
  • [44] Brief Analysis for Network Security Issues in Mega-Projects Approved for Data Clusters
    Lan, Shizhan
    Huang, Jing
    CYBER SECURITY, CNCERT 2022, 2022, 1699 : 38 - 50
  • [45] Enhancing the performance and security against media-access-control table overflow vulnerability attacks
    Tzang, Yih-Jou
    Chang, Hong-Yi
    Tzang, Chih-Hsuan
    SECURITY AND COMMUNICATION NETWORKS, 2015, 8 (09) : 1780 - 1793
  • [46] Network Security Node-Edge Scoring System Using Attack Graph Based on Vulnerability Correlation
    Shin, Gun-Yoon
    Hong, Sung-Sam
    Lee, Jung-Sik
    Han, In-Sung
    Kim, Hwa-Kyung
    Oh, Haeng-Rok
    APPLIED SCIENCES-BASEL, 2022, 12 (14):
  • [47] H/W based Firewall for high-performance network security
    Ko, JG
    Kim, KY
    Ryu, KW
    Certification and Security in Inter-Organizational E-Services, 2005, 177 : 141 - 149
  • [48] The implementation and performance/cost/power analysis of the network security accelerator on SoC applications
    Gu, RT
    Chung, KH
    Huang, IJ
    8TH WORLD MULTI-CONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL III, PROCEEDINGS: COMMUNICATION AND NETWORK SYSTEMS, TECHNOLOGIES AND APPLICATIONS, 2004, : 348 - 352
  • [49] Security-as-a-Function in 5G Network: Implementation and Performance Evaluation
    Malik, Shivank
    Bera, Samaresh
    2024 INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING AND COMMUNICATIONS, SPCOM 2024, 2024,
  • [50] New enhancements to the SOCKS communication network security protocol: Schemes and performance evaluation
    Obaidat, Mohammad S.
    Sundararajan, Mukund
    JOURNAL OF SYSTEMS AND SOFTWARE, 2009, 82 (12) : 1941 - 1949
12345