Managing Cyber Security Vulnerabilities in Large Networks
Networks and computers often hold a company's most precious and costly commodities - its intellectual properties and proprietary data. If the network and computer vulnerabilities of any large network - such as the Lucent Technologies intranet - are not identified and mitigated, they could enable an intruder to seriously compromise the security of a company's network, computers, and data. Given the voluminous nodes and hosts in Lucent's intranet, it is not operationally feasible to scan the entire network to search for vulnerabilities. In this paper, we describe a methodology for statistical sampling and analysis, combined with a network and host security discipline for developing Lucent's cyber security profile in an effective, efficient manner. We have also developed a methodology for correlating vulnerabilities in and among the network and operating systems. We found the distribution of high-risk vulnerabilities to be very concentrated. Through root cause analyses, we developed a focused plan for mitigating vulnerabilities effectively and efficiently. These patent-pending methodologies will enable cyber security management in a large networked environment and, if properly deployed, will be to network security what quality control charts are to manufacturing processes.
Bell Labs Technical Journal
First Page Number
Last Page Number
Chang, Edward S.; Jain, Aridaman K.; Slade, David M.; and Tsao, S. Lee, "Managing Cyber Security Vulnerabilities in Large Networks" (1999). Kean Publications. 2793.