IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

IWS
Support IWS


Risk

Possibility that a particular threat will adversely impact an IS by exploiting a particular vulnerability.
(NSTISSI 4009)

Threat

Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. (NSTISSI 4009)


Vulnerability


i) Weakness in an IS, system security procedures, internal controls, or implementation that could be exploited. ( NSTISSI 4009)

ii) The characteristics of a system which cause it to suffer a definite degradation (incapability to perform the designated mission) as a result of having been subjected to a certain level of effects in an unnatural (manmade) hostile environment.

Vulnerability Analysis

In information operations, a weakness in information system security design, procedures, implementation, or internal controls that could be exploited to gain unauthorized access to information or an information system. (This term and its definition modifies the existing term and definition and are approved for inclusion in the next edition of Joint Pub 1-02.)" Joint Pub 3-13

Vulnerability
Assessment

Systematic examination of an IS or product to determine the adequacy of security measures, identify security proficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation. (NSTISSI 4009)

NSTISSI 4009

 

 

 

 

 


Advanced technologies can make third-class powers into first-class threats.

Dick Cheney

Latest Attacks & Internet Traffic Report


NIPC Information

Cybernotes Index

CyberNotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, hacker exploit scripts, hacker trends, virus information, and other critical infrastructure-related best practices.

Highlights Index

Highlights is published on a monthly basis by the National Infrastructure Protection Center (NIPC). Its mission is to apprise policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP).

Latest NIPC Highlights

Latest NIPC Cybernote
2002 Year End Summary
2001 Year End Summary
2000 Year End Summary

The NIPC produces three levels of infrastructure warnings which are developed and distributed consistent with the FBI's National Threat Warning System. Collectively, these threat warning products will be based on material that is significant, credible, timely, and that address cyber and/or infrastructure dimensions with possibly significant impact. These warnings will often be based on classified material and include dissemination restrictions, but NIPC will then seek to develop a sensitive "tear-line" version for distribution to critical sector coordinators, InfraGard members, and general law enforcement authorities.

I.NIPC Assessments

Assessments: address broad, general incident or issue awareness information and analysis that is both significant and current but does not necessarily suggest immediate action.

2002 Assessments
2001 Assessments
2000 Assessments

II. NIPC Advisories

Advisories: address significant threat or incident information that suggests a change in readiness posture, protective options and/or response.


2003 Advisories
2002 Advisories
2001 Advisories
2000 Advisories
1999 Advisories

III. NIPC Alerts

Alerts: address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures.

2003 Alerts
2002 Alerts
2001 Alerts
2000 Alerts
1999 Alerts


Latest Vulnerabilities



ICAT Vulnerability Database


ICAT is a searchable index of information on computer vulnerabilities. It provides search capability at a fine granularity and links users to vulnerability and patch information.

Enter Vendor, Program, OS keyword


Useful Links

CERT/CC Advisories

CERT/CC Incident Notes

CERT® Summaries

CERIAS The Cooperative Vulnerability Database Project

Open Source Vulnerability Database

 

 


Affiliates & Supporters


IWS is hosted and secured courtesy of


IWS Affiliates


InfraGard Manufacturing Industry Association


Top 10 Vulnerabilities

Sans Top 10 Vulnerabilities to Windows Systems

W1 Internet Information Services (IIS)
W2 Microsoft SQL Server (MSSQL)
W3 Windows Authentication
W4 Internet Explorer (IE)
W5 Windows Remote Access Services
W6 Microsoft Data Access Components (MDAC)
W7 Windows Scripting Host (WSH)
W8 Microsoft Outlook and Outlook Express
W9 Windows Peer to Peer File Sharing (P2P)
W10 Simple Network Management Protocol (SNMP)


Sans Top 10 Vulnerabilities to Unix Systems


U1 BIND Domain Name System
U2 Remote Procedure Calls (RPC)
U3 Apache Web Server
U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords
U5 Clear Text Services
U6 Sendmail
U7 Simple Network Management Protocol (SNMP)
U8 Secure Shell (SSH)
U9 Misconfiguration of Enterprise Services NIS/NFS
U10 Open Secure Sockets Layer (SSL)



IWS welcomes suggestions regarding site content and usability. Please use our contact form to submit your comments.

Last modified: 30 December, 2007 by Wanja Eric Naef

IWS Copyright 2000 - 2008