LEADER 02945aam  2200481I  450 
001 9910711180503321
005 20151105023937.0
024 8 $aGOVPUB-C13-b74b963d8667eb22c477f88bea32cc2f
035   $a(CKB)5470000002480203
035   $a(OCoLC)927737217
035   $a(EXLCZ)995470000002480203
100   $a20151105d1992      ua             0
101 0 $aeng
181   $2rdacontent
182   $2rdamedia
183   $2rdacarrier
200 10$aAutomated tools for testing computer system vulnerability /$fW. Timothy Polk
210  1$aGaithersburg, MD :$cU.S. Dept. of Commerce, National Institute of Standards and Technology,$d1992.
215   $a1 online resource
225 1 $aNIST special publication ;$v800-6
300   $a1992.
300   $aContributed record: Metadata reviewed, not verified. Some fields updated by batch processes.
300   $aTitle from PDF title page.
300   $aWithdrawn.
320   $aIncludes bibliographical references.
330 3 $aComputer security "incidents" occur with alarming frequency. The incidents range from direct attacks by both hackers and insiders to automated attacks such as network worms. Weak system controls are frequently cited as the cause, but many of these incidents are the result of improper use of existing control mechanisms. For example, improper access control specifications for key system files could open the entire system to unauthorized access. Moreover, many computer systems are delivered with default settings that, if left unchanged, leave the system exposed. This document discusses automated tools for testing computer system vulnerability. By analyzing factors affecting the security of a computer system, a system manager can identify common vulnerabilities stemming from administrative errors. Using automated tools, this process may examine the content and protections of hundreds of files on a multi-user system and identify subtle vulnerabilities. By acting on this information, system administrators can significantly reduce their systems' security exposure. This document examines basic requirements for vulnerability testing tools and describes the different functional classes of tools. Finally, the document offers general recommendations about the selection and distribution of such tools.
610   $aChange detection
610   $aComputer security
610   $aConfiguration review
610   $aIdentification of vulnerabilities
610   $aSecure audit
610   $aTrojan horse detection
610   $aVulnerability testing
700   $aPolk$b W. Timothy$01410280
701   $aPolk$b W. Timothy$01410280
712 02$aNational Institute of Standards and Technology (U.S.).$bComputer Security Division.
801  0$bNBS
801  1$bNBS
801  2$bGPO
906   $aBOOK
912   $a9910711180503321
996   $aAutomated tools for testing computer system vulnerability$93530283
997   $aUNINA