Singh / Joseph Vulnerability Analysis and Defense for the Internet

Vulnerability Analysis is a process that defines, identifies, and classifies the vulnerabilities in a computer network or an application. Vulnerability in a network or application can in turn be used to launch various attacks like cross-site scripting attacks, SQL injection attacks, format string attacks, buffer overflows, DNS amplification attacks etc. Although these attacks are not new and are well known, the number of vulnerabilities disclosed to the public jumped nearly 5 percent during the first six months of 2007. This accounts to be the fourth year report, which shows the raise in vulnerability (see the news link on security focus http://www.securityfocus.com/brief/614). In January 2007, a vulnerable network resulted in a theft of 45.6 million credit card numbers in TJX companies due to unauthorized intrusion. A good protocol analysis and effective signature writing is one of the - fective method to prevent vulnerability and minimize the chances of intrusion in the network. However, protocol analysis poses two challenges namely false po- tive and evasion. If the signature to prevent the vulnerability is not written pr- erly, it will result in dropping of a valid traffic thereby resulting in false positive. An effective signature should also consider the chances of evasion; otherwise a malicious attacker can use the variant of exploit and evade the protection provided by the IDS/IPS.