- Email: [email protected]
Vulnerability Database Tops 1000 Flaws
NESE June.qxd
6/20/01
1:54 PM
Page 6
reports will also offer them to alliances members. Critics of the new alliance said it risks duplicating Internet-security efforts already under way including organizations established under order from US President Clinton in 1998 such as the Information Sharing and Analysis Centers. Yet McCurdy said
he believes the new alliance can co-exist with these groups. “Industry needs to ascertain and determine the requirements first,” McCurdy said. “We're working to develop best practices that are common to the Internet community, not just one sector of the industry.”
Flawed Mobile Protocol Delays Release of Standard
IPv6 is the right thing to do. The problem is that it is a different way of speaking over the network and it's not easy to convert a network.” Leung also said if global networks use different standards, it could stall Internet traffic. “There would be a performance impact and it is not a desirable scenario.” Gartner believes that five years from now, North American businesses will still favour networks based on IPv4 because they would face too much pain to convert to IPv6. IPv6 addresses will be important for wireless devices that connect directly to the Internet, Gartner said, however, where devices gain Internet access by way of corporate gateways, as is the case for wired PCs, proven IPv4 address-management principles will still apply. Despite its promise, IPv6 has been slow to catch on because it requires a costly and time-consuming upgrade to the Internet's backbone and edge systems. The IETF finalized IPv6 in 1998 but only a handful of IPv6-enabled products are shipping today from Nortel Networks, Cisco Systems, Sun Microsystems and IBM and others.
McCurdy also said the ISA will focus on higher-level issues that managers should be concerned about. “It will be looking more at issues like policy and standards.” As part of the new agreement, CERT will continue to provide the early warnings to the Defense Department and the General Services Administration, and
Allan Donnelly The discovery of security flaws in the proposed mobile protocol upgrade means an industry task force will have to develop a new method for authenticating roaming devices that use IPv6 addresses. IPv6 uses 128-bit addresses that can yet been deployed, and IPSec also requires support a virtually unlimited number of heavy processing by end devices. Al Javed, CTO for wireless Internet at computers and devices connected to the Internet, while the current technology Nortel Networks, said that the wireless IPv4 uses 32-bit addresses and can sup- industry is interested only in the addressport approximately four billion connec- ing features of IPv6 and not in its security and quality-of-service. tions. “The demand we see for IPv6 is primarAt a recent Internet Engineering Task Force (IETF) meeting, the working ily in Europe and Japan and it's primarily group discovered security flaws in the related to address space,” Javed said. Mobile IPv6 problems are not expected proposed Mobile IPv6 protocol, which will mean delays of months for Mobile to delay the European wireless community's Third Generation Partnership Project IPv6. The working group initially planned to (3GPP). A European Union task force use the existing protocol IP Security that was formed earlier this year to accel(IPSec) to secure binding update messages. erate a switch to the new standards, said it But IETF security experts recently discov- plans to use IPv6 because it has its own ered that IPSec would not work for these security architecture. Lydia Leung, an analyst at Gartner, messages. They found that IPSec depends on a public-key infrastructure that has not said: “Everybody, I think, agrees that
Vulnerability Database Tops 1000 Flaws Vulnerability monitoring service Qualys has this month announced that it has 1000 flaws on record in its database. This means that there are now 1000+ vulnerability assessment signatures that can be used to remotely detect and evaluate network security risks. Since the company was founded in 1999, it has built up a database of vulnerabilities. It is currently running at a rate of 10 new ones per week.
6
Other similar data stores include PGP(Cybercop), which has about 750 on record and Nessus which is running at roughly 650.
Ed Skoudis at network security and consulting firm Predictive Systems is using Qualys to develop online scanning capabilities to extend its ethical hacking services. Skoudis said, "Qualys provides a ready-made global scanning platform of impressive range and intelligence. We think automated security auditing is the 'new big thing' in network security and we are leveraging Qualys to deliver delivering fast, accurate and convenient Internet-based auditing services."
6/20/01
1:54 PM
Page 6
reports will also offer them to alliances members. Critics of the new alliance said it risks duplicating Internet-security efforts already under way including organizations established under order from US President Clinton in 1998 such as the Information Sharing and Analysis Centers. Yet McCurdy said
he believes the new alliance can co-exist with these groups. “Industry needs to ascertain and determine the requirements first,” McCurdy said. “We're working to develop best practices that are common to the Internet community, not just one sector of the industry.”
Flawed Mobile Protocol Delays Release of Standard
IPv6 is the right thing to do. The problem is that it is a different way of speaking over the network and it's not easy to convert a network.” Leung also said if global networks use different standards, it could stall Internet traffic. “There would be a performance impact and it is not a desirable scenario.” Gartner believes that five years from now, North American businesses will still favour networks based on IPv4 because they would face too much pain to convert to IPv6. IPv6 addresses will be important for wireless devices that connect directly to the Internet, Gartner said, however, where devices gain Internet access by way of corporate gateways, as is the case for wired PCs, proven IPv4 address-management principles will still apply. Despite its promise, IPv6 has been slow to catch on because it requires a costly and time-consuming upgrade to the Internet's backbone and edge systems. The IETF finalized IPv6 in 1998 but only a handful of IPv6-enabled products are shipping today from Nortel Networks, Cisco Systems, Sun Microsystems and IBM and others.
McCurdy also said the ISA will focus on higher-level issues that managers should be concerned about. “It will be looking more at issues like policy and standards.” As part of the new agreement, CERT will continue to provide the early warnings to the Defense Department and the General Services Administration, and
Allan Donnelly The discovery of security flaws in the proposed mobile protocol upgrade means an industry task force will have to develop a new method for authenticating roaming devices that use IPv6 addresses. IPv6 uses 128-bit addresses that can yet been deployed, and IPSec also requires support a virtually unlimited number of heavy processing by end devices. Al Javed, CTO for wireless Internet at computers and devices connected to the Internet, while the current technology Nortel Networks, said that the wireless IPv4 uses 32-bit addresses and can sup- industry is interested only in the addressport approximately four billion connec- ing features of IPv6 and not in its security and quality-of-service. tions. “The demand we see for IPv6 is primarAt a recent Internet Engineering Task Force (IETF) meeting, the working ily in Europe and Japan and it's primarily group discovered security flaws in the related to address space,” Javed said. Mobile IPv6 problems are not expected proposed Mobile IPv6 protocol, which will mean delays of months for Mobile to delay the European wireless community's Third Generation Partnership Project IPv6. The working group initially planned to (3GPP). A European Union task force use the existing protocol IP Security that was formed earlier this year to accel(IPSec) to secure binding update messages. erate a switch to the new standards, said it But IETF security experts recently discov- plans to use IPv6 because it has its own ered that IPSec would not work for these security architecture. Lydia Leung, an analyst at Gartner, messages. They found that IPSec depends on a public-key infrastructure that has not said: “Everybody, I think, agrees that
Vulnerability Database Tops 1000 Flaws Vulnerability monitoring service Qualys has this month announced that it has 1000 flaws on record in its database. This means that there are now 1000+ vulnerability assessment signatures that can be used to remotely detect and evaluate network security risks. Since the company was founded in 1999, it has built up a database of vulnerabilities. It is currently running at a rate of 10 new ones per week.
6
Other similar data stores include PGP(Cybercop), which has about 750 on record and Nessus which is running at roughly 650.
Ed Skoudis at network security and consulting firm Predictive Systems is using Qualys to develop online scanning capabilities to extend its ethical hacking services. Skoudis said, "Qualys provides a ready-made global scanning platform of impressive range and intelligence. We think automated security auditing is the 'new big thing' in network security and we are leveraging Qualys to deliver delivering fast, accurate and convenient Internet-based auditing services."