Jimmy: Sounds logical. I have been involved with enterprise architectures over the last 10 years and have learned ( and am still learning every day) important lessons when designing systems. Architects usually make the mistake of thinking of what their architecture will do in terms of what theyt want it to do. IMHO - It is imperative to start thinking more in terms of "how can someone use this infrastructure to do something other than what it was intended for". Web servicees are a prime example of this stupidity run amock. The notion that mission critical interfaces will be presented for any user to have access to is simply a very bad security hole begging to be abused. Luckily, most tier ones have realized this. Security for Service oriented architectures is in its' infancy. I agree that watching for other relevant events is important - such as the ones you have noted. Monitoring processes, UDP activity, heap/stack usage, TCP/IP traffic etc are all important to note when things are not as they should be. My point about string matching is aimed more at the notion that signature detection alone will be sufficient to detect viruses. I realize that much more sophistication is already inherent in many products. As you also noted, the world does need to get beyond the AV = string match. Anti spam software is a prime exampel of this. The AS guys write new algorythms to detect spam via telltale strings, the spam guys simply modify their spam until it passes. I saw an interview on CNN where a spammer said it usually takes about 4 hours to thwart new AS releases. cheers. /d -- *************************************************** Yellow Dragon Software - http://www.yellowdragonsoft.com Web Services & ebXML Messaging / Registry Downloads UN/CEFACT eBusiness Architecture/ ebXMl Technical Architecture Phone: +1 (604) 738-1051 - Canada: Pacific Standard Time Direct: +1 (604) 726-3329
This archive was generated by hypermail 2b30 : Tue Oct 07 2003 - 22:17:02 PDT