 |
 |
 |
 |
| |
|||||
|
|
|
Home > News & Events > MITRE Publications > The MITRE Digest > | |||||||||||||||||||
| Computer Security: Vigilance in a Brave New World November 2001
Frequent, intense, and persistent attacks on computer networks are now part of the everyday landscape of computer network security. Repelling those attacks has become a high-stakes game. According to the U.S. government's National Infrastructure Protection Center, of the millions of daily "hacks" into computer network systems, most are relatively harmless. However, an ever-growing percentage of attacks are more serious, involving credit card companies, proprietary corporate information, and espionage. Any new weapon brought to bear on the side of vigilance is certainly cause for elation. Such is the case with the recent licensing agreement of MITRE's Analysis of Networked Systems Security Risks (ANSSR) algorithms to Harris Corporation of Melbourne, Fla. Originally designed to protect and secure U.S. government computer networks, the algorithms have been reengineered for use in Harris' STAT Analyzer 2.0®, a member of the Harris family of network security products. The ANSSR algorithms simulate attacks on information systems and communications between these systems. Different types of attackers, including "insiders" as well as "outsiders," can initiate these simulated attacks, or threat scenarios. The algorithms compare the risk-reducing effects of different sets of safeguards in light of given security operations. Safeguards include computer security features and assurances, communications security controls, emanations protection, physical security, and procedural controls. Unlike other risk analysis tools, ANSSR explicitly analyzes risks due to networking, including simulated passive and active wiretap attacks. Additionally, it analyzes attacks in which the attacker logs in at one system and then, exploiting that system's connectivity to still other systems, attacks the other systems as well. "This is an excellent example of ... (the) ... transfer of technology from the government arena to the commercial sector," said Lilo X. Newberry, Harris' director of operations for STAT. According to Gerard Eldering, director of MITRE's Technology Transfer Office, "It is a perfect example of how a government research enterprise is having an impact in the world of commercial security technology. "MITRE has been transferring technology throughout its history, usually
through custom government acquisitions. What's changed is that Congress
legislated policy to encourage wider dissemination of intellectual property,
and in the last decade or so, our government sponsors are now buying more
and more commercial off-the-shelf systems. That means we needed to adapt
to a new way of transferring our technology into the systems, products,
and industry standards the government will ultimately adopt. As more of
our technology gets into the public sector, it will ultimately find its
way back to our sponsors, which is, of course, our overall goal." Page last updated: May 23, 2001 | Top of page |
Solutions That Make a Difference.® |
|
|
As
with any other any other society, the Internet is not immune from a societal
infrastructure of good guys and bad guys. For those trying to keep the
peace, it can be a tough job!