August 27, 2008
In response to the chronic cyber threat of hackers, MIT Lincoln
Laboratory researchers are developing a software tool to identify the
most vulnerable points in a computer network. The tool aims to make it
possible for system administrators to focus on parts of a network that
are most prone to attack, instead of securing all parts of the network.
U.S. government and defense computer networks are attacked all the time,
says Richard Lippmann, leader of the work and a senior staff member in
Lincoln's Information Systems Technology Group. In an attack known as
Titan Rain, between 2003 and 2005 a series of breaches of U.S.
government computers may have captured sensitive information about
NetSPA (for Network Security Planning Architecture) uses information
about networks and the individual machines and programs running on them
to create a graph that shows how hackers could infiltrate them. System
administrators can examine visualizations of the graph themselves to
decide what action to take, but NetSPA also analyzes the graph and
offers recommendations about how to quickly fix the most important
NetSPA relies on vulnerability scanners to identify known weaknesses in
network-accessible programs that might allow an unauthorized person
access to a machine. But simply being aware of vulnerabilities is not
sufficient; NetSPA also has to analyze complex firewall and router rules
to determine which vulnerabilities can actually be reached and exploited
by attackers and how attackers can spread through a network by jumping
from one vulnerable host to another.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!