Quantifying Computer Network Security

• Main Author: Burchett, Ian
• Format: Others
• Published: TopSCHOLAR® 2011
• Subjects: computer networks; NVD; CVSS; network security data; security risk level; Computer Sciences; Databases and Information Systems; OS and Networks
• Online Access: http://digitalcommons.wku.edu/theses/1118; http://digitalcommons.wku.edu/cgi/viewcontent.cgi?article=2120&context=theses

Simplifying network security data to the point that it is readily accessible and usable by a wider audience is increasingly becoming important, as networks become larger and security conditions and threats become more dynamic and complex, requiring a broader and more varied security staff makeup. With the need for a simple metric to quantify the security level on a network, this thesis proposes: simplify a network’s security risk level into a simple metric. Methods for this simplification of an entire network’s security level are conducted on several characteristic networks. Identification of computer network port vulnerabilities from NIST’s Network Vulnerability Database (NVD) are conducted, and via utilization of NVD’s Common Vulnerability Scoring System values, composite scores are created for each computer on the network, and then collectively a composite score is computed for the entire network, which accurately represents the health of the entire network. Special concerns about small numbers of highly vulnerable computers or especially critical members of the network are confronted.