Beyond Internet Scanning: Non-Intrusive Vulnerability Assessment of Internet-Facing Services
作者: B. Genge P. Haller C. Enachescu
刊名: International Journal of Information Security Science, 2015, Vol.4 (3)
来源数据库: International Journal of Information Security Science
关键词: Vulnerability assessmentInternet scanningCommon Platform Enumeration (CPE)Common Vulnerability and Exposure (CVE)National Vulnerability Database (NVD).
原始语种摘要: Nowadays, the increasing number of devices and services that require a direct Internet access, creates new security challenges. These challenges need to meet user feature-based requirements with the companies' restrictive security policies. Therefore, security administrators need to adopt novel tools in order to quickly and non-intrusively verify the degree of exposure of Internet-facing services. In this respect, we find tools such as Shodan and ZMap which enable scanning of services at an Internet-scale. This paper presents a methodology that expands the feature delivered by such tools with automated vulnerability assessment capabilities. The proposed methodology builds on the results returned by Shodan, which are analyzed in order to automatically identify known vulnerabilities from...
全文获取路径: PDF下载  IJISS 

  • security 可靠性
  • methodology 方法学
  • Internet 国际互连网
  • proposed 建议的
  • sanitizing 消密
  • university 大学
  • National 国民牌大客车
  • approach 
  • increasing 增加的
  • tools 工具