Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] FedCIRC bereitet IT-Sicherheitstools vor,

...darunter ein System zum automatischen Patchen von Software in
Netzwerken. Genau an diesem Ansatz gibt es allerdings auch massive
Kritik, da so ein System auch ein Einfallstor für unfreundlichere
Software sein könnte. RB

FedCIRC preps free security tools

BY Diane Frank 
Jan. 25, 2002

 Working with its second year of appropriated funding, the Federal
Computer Incident Response Center is preparing a range of free security
tools for agencies over the next year, a federal cybersecurity official
said Jan. 23.

 Within the next two weeks, vendors will finish submitting proposals for
an automatic patch dissemination system, which is intended to make it
easier for security managers to handle the abundance of security patches
available for commercial software, said Sallie McDonald, assistant
commissioner for information assurance and critical infrastructure
protection at the General Services Administration's Federal Technology

 Many industry and government studies show that most security incidents
could be avoided if managers apply patches for known vulnerabilities.
The patch dissemination system will help managers sift patches that do
not apply to their network and let them concentrate on patches they
really need, McDonald said.

 "We're hoping we can eliminate all the fluff," she said at Potomac
Forum Ltd.'s Computer Security and Information Assurance Conference in
Washington, D.C. "This will make it more simple for them."

 FedCIRC also is about to issue a request for proposals on a
collaboration system that will offer federal officials a closed
environment to discuss sensitive but unclassified security issues,
McDonald said. Officials are already working on the classified Cyber
Warning Information Network, but there is a need for collaboration among
officials who are not cleared for classified information, she said.

 By the end of the year, FedCIRC plans to pilot a new tool being
developed by CERT Coordination Center at Carnegie Mellon University that
will automatically analyze incident information from agencies' security
applications, McDonald said. The CERT Coordination Center is an Internet
security research group. The analysis will also be fed to FedCIRC to
provide a cross-agency view of security incidents.

 FedCIRC officials are talking to agencies now about participating in
the pilot for this year and are planning to offer the fully operational
tool to all agencies in 2003, McDonald said.

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.