The Design And Implementation Of A Computer Network Vulnerabilities Assessment System

Computer vulnerability assessment is an important sector in the application area of computer security, especially in the area of network security. The vulnerabilities of computers on network could be exploited by attackers, which could break the integrity, availability and/or confidentiality of internal data. The goal of vulnerability assessment is to help administrators to balance the cost and effect of security. The methods being used to assess the vulnerabilities have come out of the manual age and into the automatic age. And now they are heading towards global assessment from part assessment, towards model-based assessment from rule-based assessment. However, only rule-based automatic method can be applied into a realistic vulnerability assessment tools by now. And these tools are called hole-scan tools.There are mainly six families in the security products market: Anti-Virus, Firewall, Crypto, Certificate Authority, Intrusion Detection and Vulnerability Assessment. Anti-Virus, Firewall and IDS are all passive defending system while Vulnerability Assessment system is an active defending system. It could find out vulnerabilities of computer system before attackers and notify administrators to prevent system from being destroyed by applying some patches or changing some configuration.The work based on this paper is to design and implement an easy-to-use and powerful computer vulnerability assessment system. This system is for experienced system administrators. The system is Client/Server Structure. The server is running on a linux platform and the client is running on a windows platform. User can operate the server only through a mini-functional shell. The server receives commands from the client and doing scanning job and logging any operations. The client offers task management, policy management, user management and other functions. There are two methods which could be used to generate the report of this system: Relational Database System + Database Access Applications, XML + XSL. We choose the second one finally. But we give out a comparison of the two methods in details in this paper.