Abstract
Internet and network security forms an interesting and topical, yet challenging and
developing research domain. In this domain, a taxonomy of information security
technologies is identified. This taxonomy is divided into two mainline entities,
namely proactive and reactive information security technologies. This thesis is
specifically concerned with proactive information security technologies, the focus
being on a specific proactive information security technology – vulnerability
scanning.
Vulnerability scanning is implemented by vulnerability scanner (VS) products. VS
products are used proactively to conduct vulnerability scans to identify vulnerabilities
so that they can be rectified before they can be exploited by hackers. However, there
are currently many problems with state-of-the-art VS products. For example, a
vulnerability scan is time-consuming and a vast number of system resources are
occupied, leading to the degradation of network and system performance.
Furthermore, VS products lack the intelligence that is required to deal with new
vulnerabilities that appear like clockwork. Current VS products also differ
extensively in the way that they can detect vulnerabilities, as well as in the number of
vulnerabilities that they can detect.
These problems motivated the researcher to create a model for vulnerability
forecasting (VF). The uniqueness of the VF model lies in its holistic approach to
addressing these problems while maintaining its end goal – that of being able to do a
vulnerability forecast of how vulnerabilities will occur in the near future. Such a
vulnerability forecast would, therefore, enable an organisation to use it proactively as
part of a risk management scheme.
Furthermore, in order to demonstrate the feasibility of implementing the proposed
model, a report on the development of a prototype for vulnerability forecasting is
included. Rather than reinventing the wheel, the prototype incorporates the use of
current state-of-the-art VS products in its VF process. This is advantageous in the
sense that the prototype is independent of a specific VS product. It is because of the latter that a standardisation technique had to be used to refer to vulnerabilities in the
same way since different VS products do not refer to and detect similar vulnerabilities
in the same way. This standardisation technique introduced in this thesis is known as
harmonising vulnerability categories.
This thesis contributes to the understanding of vulnerability scanning techniques and
how vulnerability scanning can be utilised more effectively by doing vulnerability
forecasting. The thesis also paves the way for numerous potential future research
projects in the domain of Internet and network security.
Prof. J.H.P. Eloff