08th March 2005 - Get Patched or Get Punched: Plugging the Security Holes Before the Attackers Hit You.

Dr. Steven Furnell, Univeristy of Plymouth

Exploitable vulnerabilities in operating systems, server platforms, and desktop applications are a major security problem for Internet-based systems, and are increasingly the root cause of successful hacker penetrations and malware infections. The number of discovered vulnerabilities, the spread of vulnerable systems, and the ease of potential exploitation have all increased in recent years, giving would-be attackers ample opportunity to compromise systems for both fun and profit.

Drawing upon survey results and case examples, the presentation will examine the extent of the vulnerability problem, and the nature of the threats to which organisations expose themselves if these are not addressed. As the speed of exploitation increases, we have less time to react to safeguard our assets once a new vulnerability is publicised. However, the deployment of patches has its own complications - including the effort involved and the potential for unforeseen complications (such as bugs and compatibility issues), which can be just as daunting as being attacked. These factors conspire to present us with a problem that cannot be ignored, but for which the solution is far from clear-cut.

Download PDF