Calculating the Window of Vulnerability for SMB
Scenario
The report identifies the security breach within a small Microsoft workgroup LAN (Local Area Network). Within the group membership, the primary work group contains list of users within the Active Directory infrastructure which exists on the SMB server and confines on the LAN structure. The security breach is in violation of the integrity, confidentiality, availability of the security principles. (Zegzhda, Zegzhda, Kalinin, 2005). The security hole was caused by the accessibility of an unauthorized user and was detected by the server manufacturer the previous day. Meanwhile, it would take approximately 3 days before the security patch is made available. Additionally, LAN administrator will need at least minimum of one week to download, test and install the patch.
Calculating the Window of Vulnerability for SMB
The following timeline is used to calculate the Window of Vulnerability (WoV) of SMB security breach. To do the calculation, it is critical to understand the variables used in the calculation of window vulnerability. The WoV covers the timeline between the moment a vendor identifies or discovers the vulnerability and the time taken to create publish and finally fix the vulnerability.
Calculating the Window vulnerability of SMB (Server Message Block) server is very critical to review the security status of the Window. There are four parts used in calculating the vulnerability:
the Discovery-Time,
Exploit-Time,
Disclosure-Time, and Patch-Time.
Discovery Time: is the earliest time that a system administrator discovers and recognizes the vulnerability as a security risk. Typically, it would take one day for a vendor to identify the vulnerability. The discovery time could not be publicly displayed at this time. (Arbaugh, Fithen, & McHugh, 2000).
Exploit Time: The exploit time is the earliest date that an exploit of the vulnerability is available. The paper quantifies the hacker tools, virus or other sequence of commands that could be used as the advantages for the exploitation of the vulnerability. More importantly, the IT department would need the additional time to install the patch on the server in order to deploy it to the client computer. This will take additional 3 days to complete. If the IT department works on weekend, this may alter the completion time because they may not work full day on the weekend. Thus, the exploit time may take between 3 and 5 days to complete.
Disclosure Time: The disclosure time is the date that vulnerability is described and the information is disclosed to the public. The disclosure time is the date the vulnerability is:
Freely available to the public,
Published by the independent and trusted channel,
Undergone expert analysis which includes the risk rating.
The disclosure lists will include how hackers exploit the systems and the strategy to adopt in fixing the problem. Thus, the disclosure time will be one day.
You’re 77% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.