Forwarded from: Harlan Carvey <keydet89@private> Rob, > I don't know about you but zero-day exploits frighten me. Theyre > absolutely terrifying. I think we should either (a) nationalize the > computer security industry or (b) dismantle the Internet as a > national security threat. I guess I can understand your point of view, but what about defense in depth? Looking at the entire security picture as a whole, it would seem the even zero-day exploits may be extremely difficult to deploy *IF* more folks take a more comprehensive approach to security. Take Slammer last year, for example. Infrastructures that did not expose UDP port 1434 to the Internet were not infected by the worm. Looking further back, folks running IIS 4.0 who'd taken the step to disable ida/idq script mappings were not infected with Code Red. These aren't necessarily zero-day exploits, but the worms do illustrate the lack of vision with regards to security. -=- Forwarded from: Jon Miller <cio.ny@private> These "zero day" exploits are finding previously unknown ways to do the same nasty things. Fortunately these nasty things are (or at least have been) finite. It seems to me that a behavioral approach is now as fundamentally necessary as as traditional signature based AV. Used in conjunction with eachother, they offer a defense in depth approach to layered security that can mitigate against patch latency and previously unknown exploits of vulnerabilities. Simply put, I don't care what mode of transportation a burglar takes to my house, I just don't want him to get in - or if he does, to take anything or do any harm. About that dismantling of the Internet... Let's also ban all food additives, some may be bad - let's eat it all right away! :) --- Jon Miller, CISSP Chief Information Security Officer The City of New York, HRA -=- Forwarded from: Barb <ndex@private> There is a commercial NIDS product that does anomaly based detection. It is fast and good, but I dislike the manufacturer so I will not plug them. Only the people who don't know that Zero-day exploits have been around since the beginning of the computer age and are also in a position to make IT/security policy scare me. They outnumber the knowledgable, skilled and talented by hundreds to one. They are more of a problem than a solution. They are the ones to stupid, vain or lazy to use a proper password or secure shell services. They are the lame. They should be banished from cyberspace... - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 22 2003 - 05:03:52 PST