[...]... Chapter 1 • Windows of Vulnerability 200 6-0 4-1 1 200 6-0 1-0 5 WMF 200 5-1 2-2 7 Vulnerability (CVE-200 5-4 560) 9 days 60 days Date Vendor Released Patch Time Delta IE 200 6-0 2-1 0 createtextrange Vulnerability (CVE-200 6-1 359) Vulnerability Name 200 5-1 2-3 1 200 6-0 3-2 4 Date ThirdParty Patch Released 4 days 42 days Date Patch Installed/Risk Time Delta Mitigated 4:30 PM Approximate Date Reported to Vendor 10/18/06 Table... can use this table to calculate Unknown Windows of Vulnerability versus Known Windows of Vulnerability www.syngress.com 3 200 6-0 1-0 5 200 6-0 1-1 0 200 6-0 2-1 4 WMF 200 5-1 2-2 7 Vulnerability (CVE-200 5-4 560) www.syngress.com QuickTime QTS 200 5-1 1-1 7 Overflow (CVE-200 5-4 092) MediaPlayer 200 5-1 0-1 7 BMP Overflow (CVE-200 6-0 006) 120 days 54 days 9 days 4:30 PM 80 days 60 days Time Delta Date Patch Installed/Risk... that adds another metric to be tracked.That metric is third-party vendors releasing unofficial patches, as shown in Table 1.2 200 6-0 3-2 2 Sendmail Race 200 6-0 1-0 1 Condition (CVE-200 6-0 058) Date Vendor Released Patch 200 6-0 4-1 1 Approximate Date Reported to Vendor IE 200 6-0 2-1 0 createtextrange Vulnerability (CVE-200 6-1 359) Vulnerability Name 4 Table 1.1 Calculating Windows of Vulnerability 401_VULN_01.qxd... 41 xi 401_VULN_TOC.qxd xii 10/18/06 5:47 PM Page xii Contents Chapter 3 Vulnerability Assessment Tools 45 Introduction 46 Features of a Good Vulnerability Assessment Tool 46 Using a Vulnerability Assessment Tool 50 Step 1: Identify the Hosts on Your Network 51 Step 2: Classify the Hosts into Asset Groups ... that I published through the L0pht.There were reports that were sent to the government.There were offensive and defensive tools released, ranging from L0phtCrack to Anti-Sniff to SLINT, as well as private tools and tools for work only Protecting high-profile networks, both large and small, was routine Being tasked with breaking into well-defended enclaves was even more routine But looking at any of these... draw attention to the most commonly run operating system, it is actually used in reference to the length of time a system is vulnerable to a given security flaw, configuration issue, or some other factor that reduces its overall security. There are two types of Windows of Vulnerability: ■ Unknown Window of Vulnerability The time from when a vulnerability is discovered to when the system is patched ■ Known... of a third-party patch being released In both cases, the patch was well received by general users, so it is safe to assume that this trend will continue NOTE Although some people welcome third-party patches, these patches have some limitations that organizations should consider For instance, thirdparty patches are never superior to vendor-supplied patches In addition, you should be able to easily remove... (CVE-200 6-0 058) MAR JAN FEB 1 5 10 15 20 25 30 1 5 10 15 20 25 1 5 10 15 20 25 30 VP XC RV 82 Days 80 Days RV = Reported to Vendor VP = Vendor Released Patch 3P = Third Party Patch XC = Exploit Code WMF Vulnerability (CVE-200 6-4 560) DEC 1 JAN 5 10 15 20 25 30 1 5 XC 3P 9 Days 4 Days 0 Day RV = Reported to Vendor VP = Vendor Released Patch 3P = Third Party Patch XC = Exploit Code IE creatextrange Vulnerability. .. 257 How to Do It 257 What Tools Exist to Help You Do It 258 Step Five: Remediate Vulnerabilities and Risk 259 What You Need to Do 259 Why You Need to Do It 259 How to Do It 259 What Tools Exist to Help You Do It 261 Step Six: Create aVulnerability Assessment. .. Need to Do 245 Why You Need to Do It 246 How to Do It 246 What Tools Exist to Help You Do It 249 Step Two: Categorize Your Assets 250 What You Need to Do 250 Why You Need to Do It 251 How to Do It 252 What Tools Exist to . 6 7 8 9 0 ISBN-10: 1-5 974 9-1 0 1-2 ISBN-13: 97 8-1 -5 974 9-1 0 1-3 Publisher: Andrew Williams Page Layout and Art: Patricia Lupien Technical Editor: Steve Manzuik and André Gold Copy Editor: Audrey Doyle Cover. sent to the government.There were offensive and defensive tools released, ranging from L0phtCrack to Anti-Sniff to SLINT, as well as pri- vate tools and tools for work only. Protecting high-profile. i 401_VULN_FM.qxd 10/18/06 4:38 PM Page ii Steve Manzuik André Gold Chris Gatford Network Security Assessment FROM VULNERABILITY TO PATCH 401_VULN_FM.qxd 10/18/06 4:38 PM Page iii Syngress Publishing, Inc.,