Focus your limited resources on your most critical assets by gaining an intimate understanding of the Tripwire Risk Score preferences and how to best leverage risk matrix reporting (aka, the “Vulnerability Risk Heat Map”). This presentation covers how to prioritize hosts based on asset value and red score thresholds, identify the top 10 most vulnerable hosts on your network, create alerts for excessive host scores, and generate standardized reporting based on CVSS scores.

3. IIS 3.0 and 4.0 SSL "Error Message" Vulnerability
IIS 4 Redirect Remote Buffer Overflow Vulnerability
IIS 4 Web Server Available
IIS 4.0 IISADMPWD Proxied Password Attack
IIS 4.0/5.0 File Permission Canonicalization Vulnerability
IIS 4.0/5.0 Malformed File Extension DoS Vulnerability
IIS Administrative Pages Cross Site Scripting Vulnerabilities IIS
IIS Chunked Encoding Transfer Heap Overflow Vulnerability
IIS Escape Character Parsing Vulnerability
IIS Failure To Log Undocumented TRACK Requests Vulnerability
Sendmail Address Prescan Memory Corruption Vulnerability
Sendmail DNS Map TXT Record Buffer Overflow Vulnerability
Sendmail File Locking Denial Of Service Vulnerability
Sendmail Header Processing Buffer Overflow Vulnerability
Sendmail Long Ident Logging Circumvention Weakness
Efficient, Accurate, Non-intrusive, and automated application inventory

4. Tripwire IP360 Score
30758
6929
865
777
203
MS Advisory Severity
MS07-017 Critical
MS08-014 Critical
MS07-010 Critical
MS08-009 Critical
MS07-027 Critical
Which vulnerability is
most important?

6. Risk Descriptor Determination
0 Exposure Potential point of attack (e.g., FTP is available)
1 Local Availability Local attacks against availability (e.g., DoS)
2 Local Access Local methods for obtaining or increasing user-level privileges
3 Local Privileged Local methods for obtaining complete administrative privileges
4 Remote Availability Remote methods against availability
5 Remote Access Remote methods for obtaining or increasing user-level privileges
6 Remote Privileged Remote methods for obtaining complete administrative privileges

7. Skill Descriptor Determination
1 Automated An exploit is available in an exploit kit, exploit framework, or malware
2 Easy Fully functional exploit code is available, likely in an exploit repository
3 Moderate Exploit code is available but may not be fully functional
4 Difficult A proof of concept is available
5 Extremely Difficult Minimal details are available, such as a technical write-up
6 No Known Exploit No exploits are known to be available

9. 









10. 









11. 






12. 






13. 




14. 





15. 











16. 





17. tripwire.com | @TripwireInc