MIT Working On Network Vulnerability Analysis

An anonymous reader writes "Researchers at MIT have created a method for analyzing networks to detect exploitable vulnerabilities using attack graph analysis which can be done in near real time. The new Lincoln Labs tool will allow admins of large networks to detect their most vulnerable areas and also model zero day attacks. 'NetSPA (for Network Security Planning Architecture) uses information about networks and the individual machines and programs running on them to create a graph that shows how hackers could infiltrate them. System administrators can examine visualizations of the graph themselves to decide what action to take, but NetSPA also analyzes the graph and offers recommendations about how to quickly fix the most important weaknesses. NetSPA relies on vulnerability scanners to identify known weaknesses in network-accessible programs that might allow an unauthorized person access to a machine. But simply being aware of vulnerabilities is not sufficient; NetSPA also has to analyze complex firewall and router rules to determine which vulnerabilities can actually be reached and exploited by attackers and how attackers can spread through a network by jumping from one vulnerable host to another.'"

Not long

[Crazy+Taco]

How long before there's a hacker tool version of this to spot vulnerabilities that exist because the sys admin isn't using it to defend his network?

Probably not that long. This technology isn't overly groundbreaking or original. I don't want to take anything away from those who worked on this, because I'm sure they did a great job, but they weren't the only ones who thought of this. I was working on a similar project at Iowa State three years ago. I haven't followed the project since I left the university, so I don't know where they are at, but it does prove that MIT wasn't the only place to think about this. It's quite possible that hackers also thought of this and have been working on something similar.

In addition, when it comes to the visualization portion of this, I know from my experience at Iowa State that there are multiple open source graph display frameworks they can use for this that would speed their development. And of course, there are freely obtainable network scanners such as nmap, freely obtainable vulnerability tools like nessus, packet capture tools like wireshark, etc. Such a program as MIT's could largely be done by integrating several F/OSS peices of software together, and while I'm sure that wouldn't be trivial, a lot of the base technologies already exist to for hackers to take advantage of. Again, though, I don't want to take away too much from MIT, because as someone who makes his living assembling systems out of other systems developed by other groups, I know that the integration part is often the hardest of all. But, the hackers do have the tools should they choose to use them.