Full Disclosure mailing list archives
Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c)
From: Jason <security () brvenik com>
Date: Tue, 29 Jul 2003 13:14:49 -0400
Now we are full circle.Wrong, the cost benefit does work out for the business. We are at 3.9 million because we did not pay attention to the assets that needed protecting and implement best practices. At 3.9 million we are still under the extremely conservative $4million estimate from one single outage!
This is why I keep harping that if you implement the best practices you mitigate these issues from the start. It is a lot cheaper to mitigate and manage the risk proactively through the tools currently available than it is to patch everything in the fire drill because best practices were not utilized.
This DCOM issue that started this conversation off would be a completely low priority if it had been disabled for all the systems that did not need it and the attention could be given to the high risk systems where the money is.
It can be done and it is hard and it cold be expensive but the alternative is more expensive and more difficult.
Valdis.Kletnieks () vt edu wrote:
On Tue, 29 Jul 2003 10:52:19 EDT, Jason <security () brvenik com> said:$15,600 * 83 = $1.3 million in lost time patching Compared to the very conservative 4 million lost otherwise?Add another million to the 1.3 mil to hire contractors and you still save almost 2 million.$1.3M to patch MS03-023. $1.3M to patch MS03-026. $1.3M to patch MS03-030. Now you're up to $3.9M, and only saving $100K. *MAYBE*. And if there's another advisory, there goes another $1.3M. If there's 4 advisories a year, it actually makes financial *SENSE* to just say "screw it" and accept the fact that there will be a yearly worm-and-patch-everything party. Maybe there's a *REASON* that IT security is underfunded - the cost/benefit doesn't work out for the business....
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Justin (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPCexploit (dcom.c) Darren Bennett (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPCexploit (dcom.c) Ron DuFresne (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 30)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) yossarian (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 31)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Scott M. Algatt (Jul 29)