Dailydave mailing list archives
Re: New presentation is up: 0days: How hacking reallyworks
From: robert () dyadsecurity com
Date: Tue, 1 Feb 2005 10:11:52 -0800
Maynor, David (ISS Atlanta)(dmaynor () iss net)@Tue, Feb 01, 2005 at
A correctly designed network should be able to withstand one or two 0day in major applications and still stay useful. If your infrastructure can be brought down by a single bug then you should look long and hard at its design.
When the technology enforcing the security policy has no true enforcement or auditing of privilege transitions, modeling the effectiveness of a containment measure is not possible. The technology in use by most today simply fails in the presence of malice. I do not currently know of a way to deliver this "correctly designed network that is capable of withstanding 0days" without using technology like Mandatory Access Controls, Domain and Type Enforcement, Network Labels, etc. How many corporate networks have you audited that are using that technology. I haven't seen many. Most networks are like cheap women; they will gladly let you have their way with them, especially if you hook them up with a couple of shots (or 0days... hey I hear it worked for Dave! :P). Robert -- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- RE: New presentation is up: 0days: How hacking reallyworks Maynor, David (ISS Atlanta) (Feb 01)
- Re: New presentation is up: 0days: How hacking reallyworks robert (Feb 01)
- <Possible follow-ups>
- RE: New presentation is up: 0days: How hacking reallyworks Maynor, David (ISS Atlanta) (Feb 01)
- Re: New presentation is up: 0days: How hacking reallyworks Kevin Ponds (Feb 01)
- Re: New presentation is up: 0days: How hacking reallyworks Ron Gula (Feb 01)
- Re: New presentation is up: 0days: How hacking reallyworks Kevin Ponds (Feb 01)
- Re: New presentation is up: 0days: How hacking reallyworks Ron Gula (Feb 01)
- Re: New presentation is up: 0days: How hacking reallyworks Hamid . K (Feb 01)
- Message not available
- Re: New presentation is up: 0days: How hacking reallyworks David Stein (Feb 02)
- Re: New presentation is up: 0days: How hacking reallyworks Holden Williamson (Feb 05)
- Re: New presentation is up: 0days: How hacking reallyworks Holden Williamson (Feb 05)
- Re: New presentation is up: 0days: How hacking reallyworks Anthony Zboralski (Feb 06)
- Re: New presentation is up: 0days: How hacking reallyworks Kevin Ponds (Feb 01)