Automated Tools for Testing Computer System Vulnerability

Abstract

Computer security "incidents" occur with alarming frequency. The incidents range from direct attacks by both hackers and insiders to automated attacks such as network worms. Weak system controls are frequently cited as the cause, but many of these incidents are the result of improper use of existing control mechanisms. For example, improper access control specifications for key system files could open the entire system to unauthorized access. Moreover, many computer systems are delivered with default settings that, if left unchanged, leave the system exposed. This document discusses automated tools for testing computer system vulnerability. By analyzing factors affecting the security of a computer system, a system manager can identify common vulnerabilities stemming from administrative errors. Using automated tools, this process may examine the content and protections of hundreds of files on a multi-user system and identify subtle vulnerabilities. By acting on this information, system administrators can significantly reduce their systems' security exposure.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 1992
Accession Number
ADA406710

Entities

People

  • W. T. Polk

Organizations

  • National Institute of Standards and Technology

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Artificial Intelligence
  • Authentication
  • Change Detection
  • Computer Access Control
  • Computer Network Security
  • Computer Programs
  • Computers
  • Cryptography
  • Cybersecurity
  • Electronic Mail
  • Identification
  • Operating Systems
  • Robotics
  • Security
  • System Software
  • Test Methods
  • Trojan Horse

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Defense Financial Management and Audit.

Technology Areas

  • Cyber