
General structure of vulnerability-scanning effort
- goal: identify machines that can be easily compromised remotely
- semi-automated scanning for specific single vulnerabilities
- Windows: file sharing, IIS; Unix: RPC, ftpd, Kerberos; CGI
- combination of our own software and some existing free software
Some constraints
- anyone at MIT can connect any type of machine to the network
- IS (from MIT central administration) lacks universal access
- usually user's only choice is to expose machine to Internet
- connectivity shutoff can affect over 1000 innocent machines
Funding status
- IS budget for this is small (much less than 0.1 FTE)
- spring 1998 to spring 2000: some de facto DOE funding
- a lot of team-member time spent on this is not compensated
Copyright 2000, Massachusetts Institute of Technology.
All rights reserved.
The term "Windows" above refers to the
Microsoft® Windows® operating system. Microsoft® and
Windows® are registered trademarks of Microsoft Corporation in the
United States and other countries.