There's also some naming differences. There's an XForce database name for a
vulnerability or attack, then there's an Internet Scanner name for a
vulnerability and a RealSecure name for an attack... yet there's another
name listed in RealSecure Fast Analysis which is probably what is used in
Site Protector. I'm only hoping that someday these labels will be
standardized. I agree in that the categories would be nice to have listed as
well. I also found that diving directly into the database schema that
there's more data than we see through the GUI, such as vuln-tag (and the
known vuln-name) within Internet Scanner.

I've also seen differences in old versus new policy editor descriptions.
Dating them helps me, especially if I report on a vulnerability found that
is 2-3 years old, it helps to have some backing in reporting possible
negligence or gaps in due dilligence. I've seen some listings that state
related well known attacks, but others don't exist. It would be nice to list
within a description a heading for related attack packages such as "Nimda
Worm" or a vulnerability associated with Code Red or Nimda. It may not be
possible to cover all malware that comes out, but a vulnerability with a
wide spread attack like Nimda should be something that can be updated at any
time, and for the normal level of malware, any time within 3-6 months after
a check is available.

> -----Original Message-----
> From: "Puente Girón, Jose Luis" [mailto:jlpuentecolt-telecom.es]
> Sent: Tuesday, October 22, 2002 11:04 AM
> To: 'Evans, Mark'
> Cc: 'issforumiss.net'
> Subject: RE: [ISSForum] Vuln Catalog Vs. Xforce Pages Vs.
> Policy Editor.
>
>
> I find Mark´s observations very sensible; I also noticed.
>
> -----Mensaje original-----
> De: Evans, Mark [mailto:EvansMritchie.disa.mil]
> Enviado el: martes 22 de octubre de 2002 15:43
> Para: 'issforumiss.net'
> Asunto: [ISSForum] Vuln Catalog Vs. Xforce Pages Vs. Policy Editor.
>
>
> Anyone notice how the three areas of information that ISS
> uses to support their vulnerabilities are not in sync? Here's
> the issue: On ther Xforce listing of Vulnerabilities, you
> have information like Consequences: Gain Access. This is very
> good because it helps one determine the amount of effort one
> puts toward fixing the problem. But on the Vuln Catalog
> pages, this entry is not present. But, on the other hand, on
> the Vuln Catalog pages, you have great information like False
> Positive, False Negative, and Required Permissions. This
> information is not availble on the Xforce pages. And none of
> this info if available while in the policy editor and viewing
> vulnerabilities. I would think it would be much easier and
> more efficient to maintain one database with all this
> information. It would also be nice to have the Catagory that
> the checks belong to(such as NT Critical Issues,
> etc.) listed on the pages as well, especially the the little
> bomb showing it as a denial-of-service check. I wonder if
> there are any plans to merge these respective information bases?
>
> _______________________________________________
> ISSForum mailing list
> ISSForumiss.net
>
>
> **********************************************************************
> COLT Telecom Espana S.A.
> Oficina Registrada en: Telemaco, 5 28027 Madrid
> Tel. +34 91 789 9000
>
> This message is subject to and does not create or vary any
> contractual relationship between COLT Telecommunications, its
> subsidiaries or
> affiliates ("COLT") and you. Internet communications are not
> secure and therefore COLT does not accept legal
> responsibility for the contents of this message. Any view or
> opinions expressed are those of the author. The message is
> intended for the addressee only and its contents and any
> attached files are strictly confidential. If you have
> received it in error, please telephone the number above. Thank you.
>
> **********************************************************************
>
> _______________________________________________
> ISSForum mailing list
> ISSForumiss.net
>

_______________________________________________
ISSForum mailing list
ISSForumiss.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]