tailieunhanh - 2010 Full Year Top Cyber Security Risks Report

Static IP addresses are typically assigned to common resources and DHCP is used for workstations. When the network was originally designed, IP subnets were assigned to dif- ferent offices and departments. However, over time and as the network grew, this subnet organization has broken down. Over the last several years IP subnets have been as- signed and reassigned without any regard to department or location. The networking staff has employed all of the standard security practices one would expect to find at most organizations of this size. All connections to the Internet are protected by firewalls and network intrusion detection systems. All of. | In-depth analysis and attack data from HP DVLabs. Contributors Producing the Top Cyber Security Risk Report is a collaborative effort among our HP DVLabs HP TippingPoint IPS and other HP teams such as the Application Security Center. We would like to sincerely thank OSVDB for allowing print rights to their data in this report. For information on how you can support OSVDB https account signup http support We would also like to thank Malware Intelligence for contributing to our Web Browser Toolkit section of the report. http Contributor Title Mike Dausin Advanced Security Intelligence Team Lead Marc Eisenbarth DV Architect Will Gragido Product Line Manager HP DVLabs Adam Hils Application Security Center Product Manager Dan Holden Director HP DVLabs Prajakta Jagdale Web Security Research Group Lead Jennifer Lake Product Marketing HP DVLabs Mark Painter Application Security Center Content Strategist Alen Puzic Advanced Security Intelligence Engineer HP Confidential 2 Overview In the latest version of the Cyber Security Risks Report the HP DVLabs team reviews the threat landscape for all of 2010. The report looks at the current threats targeting the enterprise as well as how these have evolved over the last year. The goal of this report is to arm enterprise IT network and security administrators with information on the attacks targeting their data centers and networks so that they can implement the necessary protections to maintain business function. Key findings from the report include The number of discovered vulnerabilities has plateaued but the number of attacks against known vulnerabilities continues to rise. Data from the report indicates that the annual number of vulnerabilities being discovered in commercial computing systems has remained steady from 2009 to 2010. At the same time targeted exploits that take advantage of these known vulnerabilities have continued to increase in both severity and frequency. This means that .