Calculating the Window of Vulnerability for SMB Scenario

The report identifies the security breach within a small Microsoft workgroup LAN (Local Area Network). Within the group membership, the primary work group contains list of users within the Active Directory infrastructure which exists on the SMB server and confines on the LAN structure. The security breach is in violation of the integrity, confidentiality, availability of the security principles. (Zegzhda, Zegzhda, Kalinin, 2005). The security hole was caused by the accessibility of an unauthorized user and was detected by the server manufacturer the previous day. Meanwhile, it would take approximately 3 days before the security patch is made available. Additionally, LAN administrator will need at least minimum of one week to download, test and install the patch.

Calculating the Window of Vulnerability for SMB

The following timeline is used to calculate the Window of Vulnerability (WoV) of SMB security breach. To do the calculation, it is critical to understand the variables used in the calculation of window vulnerability. The WoV covers...

There are four parts used in calculating the vulnerability:
the Discovery-Time,

Exploit-Time,

Disclosure-Time, and Patch-Time.

Discovery Time: is the earliest time that a system administrator discovers and recognizes the vulnerability as a security risk. Typically, it would take one day for a vendor to identify the vulnerability. The discovery time could not be publicly displayed at this time. (Arbaugh, Fithen, & McHugh, 2000).

Exploit Time: The exploit time is the earliest date that an exploit of the vulnerability is available. The paper quantifies the hacker tools, virus or other sequence of commands that could be used as the advantages for the exploitation of the vulnerability. More importantly, the IT department would need the additional time to install…