RE: [logs] hack attempts && price

From: dgillettat_private
Date: Tue Feb 26 2002 - 13:59:36 PST

  • Next message: josegat_private: "[logs] Browsing logs"

    On 26 Feb 2002, at 10:49, Lubomir.Nistor@star-21.de wrote:
    
    > but back to the price of hack attacks..
    
      I have this niggling idea that this is a fundamentally flawed 
    metric.
      (THE recurring problem in Metrics is that people home in on things 
    that are *easy* to count/measure, but not necessarily *important* to 
    count/measure.)
    
      In security (like defense and intelligence and -- at least in some 
    views -- law enforcement and medicine), the goal should be PREVENTION 
    rather than CURE.
      And that means that ongoing activities such as Log Analysis need to 
    be done, routinely, regardless of the level of hostile activity being 
    blocked.
    
      The cost of an unblocked intrusion is known to be high.  I don't 
    have the numbers in front of me about how many enterprises never 
    recover from a major security breach, but anyone who hasn't seen them 
    can find them easily enough.  To use a medical analogy, successful 
    infections are, in this field, overwhelmingly fatal.
      The benefit of a preventive regime is that it keeps the incidence 
    of successful infection low.  But most preventive efforts need to be 
    sustained all the time, and specific defensive action against 
    specific threats should be relatively rare.  (To continue the medical 
    analogy, this is issuing anthrax vaccine to postal workers.)
      Another possible analogy is insurance.  While some people still buy 
    special insurance each time they fly, most don't -- and *nobody* buys 
    short-term car insurance each time they drive.
    
      Most people who take vitamin C, for instance, take it daily, rather 
    than whenever they expect to encounter strangers.  Trying to relate 
    the cost of taking the vitamin to the number of strangers one meets 
    doesn't, I think, yield numbers that are really useful.
    
    David Gillett
    
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 15:59:38 PST