Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Peter Mell (Fed)

Displaying 51 - 65 of 65

Creating a Patch and Vulnerability Management Program

November 16, 2005

Author(s)

Peter M. Mell, Tiffany Bergeron, Dave Henning

[Superseded by SP 800-40 Rev. 3 (July 2013): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913929] This document provides guidance on creating a security patch and vulnerability management program and testing the effectiveness of that

An Overview of Issues in Testing Intrusion Detection Systems

July 11, 2003

Author(s)

Peter M. Mell, R Lippmann, Chung Tong Hu, J Haines, M Zissman

While intrusion detection systems are becoming ubiquitous defenses in today's networks, currently we have no comprehensive and scientifically rigorous methodology to test the effectiveness of these systems. This paper explores the types of performance

Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme

September 1, 2002

Author(s)

Peter M. Mell, Timothy Grance

[Superseded by SP 800-51 Rev. 1 (February 2011): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=907934] The Common Vulnerabilities and Exposures (CVE) vulnerability naming scheme is a dictionary of common names for publicly known information

Procedures for Handling Security Patches

August 1, 2002

Author(s)

Peter M. Mell, Miles C. Tracy

[Superseded by SP 800-40 Version 2.0 (November 2005): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150402] Timely patching is critical to maintain the operational availability, confidentiality, and integrity of IT systems. However, failure

Intrusion Detection Systems

November 1, 2001

Author(s)

Rebecca Bace, Peter Mell

[Superseded by NIST SP 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS), http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50951] Intrusion detection systems (IDSs) are software or hardware systems that automate the process of

A Denial-of-Service Resistant Intrusion Detection Architecture

October 1, 2000

Author(s)

Peter M. Mell, D G. Marks, Mark McLarnon

As the capabilities of intrusion detection systems (IDS) advance, attackers may attempt to disable an organization's IDS before attempting to penetrate more valuable targets. As IDSs evolve into distributed systems withinterdependent components, they are

Identifying Critical Patches With ICAT

July 1, 2000

Author(s)

Peter M. Mell

[For the latest information on vulnerabilities, see the National Vulnerability Database, nvd.nist.gov]The NIST computer security division has created a searchable index containing 700 of the most important computer vulnerabilities. This index, called the

Mitigating Emerging Hacker Threats

June 28, 2000

Author(s)

Peter M. Mell, John P. Wack

[For the latest information on vulnerabilities, see the National Vulnerability Database, nvd.nist.gov] It seems that every week, computer security organizations are issuing press releases concerning the latest hacker attack. Some sound dangerous, like the

Acquiring and Deploying Intrusion Detection Systems

November 16, 1999

Author(s)

Peter M. Mell

This ITL Bulletin provides basic information about intrusion detection systems (IDSs) to help organizations avoid common pitfalls in acquiring, deploying, and maintaining IDSs.

Understanding the World of Your Enemy With I-CAT (Internet-Categorization of Attacks Toolkit)

October 19, 1999

Author(s)

Peter M. Mell

Security professionals need to understand the attacks and vulnerabilities utilized by hackers to penetrate and shut down computer systems. However, security companies that collect such knowledge share very little of it with the general security community

Applying Mobile Agents to Intrusion Detection and Response

October 1, 1999

Author(s)

Wayne Jansen, Tom T. Karygiannis, D G. Marks, Peter M. Mell

Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, mobile agents go a long way toward realizing the ideal behavior desired in an Intrusion Detection System (IDS). This report is an initial

Securing Web Servers

September 21, 1999

Author(s)

Peter M. Mell, David F. Ferraiolo

This ITL Bulletin enumerates and describes techniques by which one can secure web servers. It categorizes the techniques into security levels to aid in their cost-effective application.

Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems

September 8, 1999

Author(s)

Peter M. Mell, Mark McLarnon

Distributed intrusion detection systems are especially vulnerable to attacks since, typically, each component resides at a static location and components are connected together into a hierarchical structure. An attacker can disable such a system by taking

Computer Attacks: What They Are and How to Defend Against Them

May 26, 1999

Author(s)

Peter M. Mell

Although a host of technologies exists to detect and prevent attacks against computers, a human must coordinate responding to a successful network penetration. At the same time, the majority of systems administrators are not prepared to handle a

Understanding the Global Attack Toolkit Using a Database of Dependent Classifiers

November 5, 1998

Author(s)

Peter M. Mell

High profile Internet web sites publish a large collection of attack scripts that we call the Global Attack Toolkit (GAT). It is a dangerous tool available to the average web surfer and yet we known little about this set of attacks besides the fact that it