Re: security hole, warning, notes --Definition

[Rikard Epstein]

Below is ISS's definition that is more or less the same that Michael
wrote but a little bit more text, it might be applicable to Nessus,
if not, at least it is one type of definition.
Pls don't flame me if I am wrong.
*************************
Risk Factor Key:
     High     Security issues that allow immediate remote, or local access
              or immediate execution of code or commands, with unauthorized
              privileges. Examples are most buffer overflows, backdoors,
              default or no password, and bypassing security on firewalls
              or other network components.
     Medium   Security issues that have the potential of granting access or
              allowing code execution by means of complex or lengthy exploit
              procedures, or low risk issues applied to major Internet
              components. Examples are cross-site scripting, 
man-in-the-middle
              attacks, SQL injection, denial of service of major 
applications,
              and denial of service resulting in system information 
disclosure
              (such as core files).
     Low      Security issues that deny service or provide non-system
              information that could be used to formulate structured attacks
              on a target, but not directly gain unauthorized access. 
Examples
              are brute force attacks, non-system information disclosure
              (configurations, paths, etc.), and denial of service attacks.
**********************************
Vi hoers
/Eppis

At 07:53 2003-04-04 -0500, Michael Scheidell wrote:
[ Charset ISO-8859-1 unsupported, converting... ]
> hi guys
>
> can somebody tell me wat is the definition of
>
> 1. Security Hole
something you need to fix now.
> 2. Security Warning
something you need to fix soon
> 3. Security Note
something you need to fix when you get around to it, or just some
information that you should consider.
>
> in context of nessus.
>
> regards,
> Bish
>
> __________________________________________________
> Yahoo! Plus
> For a better Internet experience
> http://www.yahoo.co.uk/btoffer
>
--
Michael Scheidell, CEO
SECNAP Network Security, LLC
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/
Vi hoers
/Eppis