Scanning for vulnerabilities

US researchers at MIT Lincoln Laboratory are developing a software tool to identify the most vulnerable points in a computer network.

The tool aims to make it possible for system administrators to focus on parts of a network that are most prone to attack, instead of securing all parts of the network.

NetSPA (Network Security Planning Architecture) uses information about networks and the individual machines and programs running on them to create a graph that shows how hackers could infiltrate them.

System administrators can examine the graph to decide what action to take, but NetSPA also analyses the graph and offers recommendations about how to quickly fix the most important weaknesses.

NetSPA relies on vulnerability scanners to identify known weaknesses in network-accessible programs that might allow an unauthorised person access to a machine.

But simply being aware of vulnerabilities is not sufficient – NetSPA also has to analyse complex firewall and router rules to determine which vulnerabilities can actually be reached and exploited by attackers and how attackers can spread through a network by jumping from one vulnerable host to another.

The researchers have received one patent for NetSPA, and have another pending. They are currently testing the tool on different networks, and developing ways to make it easier to use.

Already the software has garnered some attention. In May, a group of MIT students won $10,000 (£5,400) in the MIT $100K Entrepreneurship Competition for creating a business plan for a proposed company, CyberAnalytix, that could commercialise NetSPA.