Web-enabling an early warning and tracking system for network vulnerabilities
Loading...
Authors
Coffman, James Wyatt.
Subjects
Advisors
Date of Issue
2001-09
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
The Information Assurance Vulnerability Alert (IAVA) process was established to provide an early warning and tracking capability for protecting Department of Defense (DoD) networks against identified system vulnerabilities. The Navy initially used record message traffic for the information distribution required by the process. This approach was heavily administrative and prone to significant delays in an already time critical process. Additionally, it lacked support for automated data validation, resulting in unreliable vulnerability tracking information. As a result, the process was ineffective, and Navy networks remained highly susceptible to exploitation, even for welldocumented system vulnerabilities. For this thesis, web-enabling technology is used to build and deploy an early warning and tracking system for Navy network vulnerabilities. The research sponsor, the Navy Component Task Force for Computer Network Defense (NCTF-CND), has named it the Online Compliance Reporting System (OCRS). It is now being used by all Navy commands and has proven efficient and highly effective in defending Navy networks against known vulnerability exploitations. As a result, the system has gained significant interest from other organizations and the research sponsor is now planning to fund maintenance and future enhancements by the Space and Naval Warfare Systems Center in Charleston, South Carolina.
Type
Thesis
Description
Series/Report No
Department
Computer Science
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
xii, 67 p. ;
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.