Zusammenfassung
In view of recent cyberattacks and new regulatory requirements, companies in different industries and countries are forced to implement additional IT security measures. Nevertheless, a large number of services with vulnerable or outdated software can be found on the Internet. In this work, we investigate whether industry-specific differences exist in the maintenance and use of outdated Internet-facing software. For this purpose, we combine results from Internet-wide port scans with product and version information as well as information of companies listed at stock markets in different countries. We show that different industries have more or less up-to-date software for different services like remote access tools, databases, webservers and file servers. With this approach, we discovered surprising amounts of outdated and even unsupported software in use across many industries and countries.
References
California Legislative Information: Bill Information. In: Assembly Bill No. 1906. 2018, url: https://leginfo.legislature.ca.gov/faces/ billTextClient.xhtml?bill%5C_id=201720180AB1906, Stand: 11.11.2021.
Dahlmanns, M.; Lohmöller, J.; Fink, I.B.; Pennekamp, J.; Wehrle, K.; Henze, M.: Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments. In: IMC ’20: Proceedings of the ACM Internet Measurement Conference. S. 101–110, 2020.
Durumeric, Z.: Fast Internet-Wide Scanning: A New Security Perspective, Diss., University of Michigan, 2017.
European Union Agency for Cybersecurity: enisa. In: NIS Directive. 2021, url: https://www.enisa.europa.eu/topics/nis-directive, Stand: 11.11.2021.
ipinfo.io: IP Ranges API, 2021, url: https://ipinfo.io/developers/ ranges, Stand: 11.11.2021.
Morishita, S.; Hoizumi, T.; Ueno, W.; Tanabe, R.; Gañán, C.; van Eeten, M.J.; Yoshioka, K.; Matsumoto, T.: Detect Me If You... Oh Wait. An Internet-Wide View of Self-Revealing Honeypots. In: 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). 2019.
Müller, R.; Ruppert, J.; Will, K.; Wüsteney, L.; Heer, T.: HSES-Patchwatch Project Documentation, 2022, url: https://hs-esslingen-it-security.github.io/hses-patchwatch/. Stand: 19.01.2022.
National Institute of Standards and Technology (NIST) – U.S. Department of Commerce: Common Platform Enumeration: Naming Specification Version 2.3, 2011, url: https://www.govinfo.gov/content/pkg/ GOVPUB-C13-c213837a04c3bcc778ebfd420c6a3f2a/pdf/GOVPUB-C13c213837a04c3bcc778ebfd420c6a3f2a.pdf, Stand: 11.11.2021.
Na, S.; Kim, T.; Kim, H.: Service Identification of Internet-Connected Devices Based on Common Platform Enumeration. In: Journal of Information Processing Systems. Bd. 14, S. 740–750, 2018.
North American Electric Reliability Corporation: NERC. In: CIP Standards. 2021, url: https://www.nerc.com/pa/Stand/Pages/CIPStandards. aspx, Stand: 11.11.2021.
Office of the National Security Council: Thailand. In: National Cybersecurity Strategy 2017-2021. 2017, url: http://www.nsc.go.th/wp-content/ uploads/2018/08/strategyit60-64-1.pdf, Stand: 11.11.2021.
pci Security Standards Council: pci. In: Document Library. 2021, url: https://www.pcisecuritystandards.org/document_library, Stand: 11.11.2021.
Wan, G.; Izhikevich, L.; Adrian, D.; Yoshioka, K.; Holz, R.; Rossow, C.; Durumeric, Z.: On the Origin of Scanning: The Impact of Location on Internet-Wide Scans. In: IMC ’20: Proceedings of the ACM Internet Measurement Conference. S. 662–679, 2020.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Müller, R., Ruppert, J., Will, K. et al. Analyzing the Software Patch Discipline Across Different Industries and Countries. Datenschutz Datensich 46, 269–275 (2022). https://doi.org/10.1007/s11623-022-1602-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11623-022-1602-y