Forwarded from: security curmudgeon <jerichoat_private> cc: Ariana Cha <chaaat_private> the other problem with this.. companies that do something like this want to charge, and often too much (ie: iDefense), especially for an inferior service. others do it and provide too much info, so weeding out the noise is difficult (ie: bugtraq list for most admins). others simply don't give you enough information (ie: CERT), and all it takes is a single missed advisory and your organization is in trouble. others will give you Windows bug info, but not Solaris or HP.. making life hell on those working in mixed environments. the solution then is to create a check list type system. you pick what types of alerts you want to receive. solaris, check. windows, check. DNS, check. web browsing, check. worms, check. but who classifies these attacks? who determines what is a vulnerability or just a 'passing concern'? who warns you that the patch for the latest windows vulnerability will break previous patches and re-open you to other vulnerabilities. all in all, the solution i mention above has been tried and met with limited success at best. it costs too much to maintain a system like that and to keep staff around that can focus on such a task. based on previous attempts and a quick review of the situation, this is along the lines of asking the vendors to adhere to rigid secure coding practices. ---------- Forwarded message ---------- From: InfoSec News <isnat_private> X-Sender: isnat_private To: isnat_private Date: Fri, 26 Oct 2001 04:55:06 -0500 (CDT) Subject: [ISN] Alert System Sought for Internet Attacks http://www.washtech.com/news/regulation/13352-1.html By Ariana Eunjung Cha, Washington Post Staff Writer Thursday, October 25, 2001; 7:31 AM OAKLAND, Calif., Oct. 23 News of cyberattacks, viruses and hoaxes often spreads through the computer security world in the same haphazard way as gossip. Jonathan Disher, who oversees the security network for Internet Pictures Corp., for instance, gets his information from several Web sites, two e-mail lists, pages and phone messages. So far, he said his informal system has worked okay. But since Sept. 11, Disher has been worried about how such a system would hold up under aggressive, targeted strikes by terrorist groups. "While we're not completely caught with our pants down, we're not as prepared as we should be," he said. Creating a "first alert" system for problems on the Internet has become a priority in recent weeks as the government has warned of possible attacks on the high-tech infrastructure. Richard A. Clarke, the adviser for cyber-security in the newly created Office of Homeland Security, has encouraged companies to create industry-specific information dissemination centers. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 07:03:44 PST