Re: We got owned by the Chinese and didn't even get a "lessons learned"

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Wilson wrote:
> </delurk>
>
> A large government organisation with no egress firewalling policy? No 
> restrictive and monitored outbound proxies? What sort of a perimeter is 
> that[1]? 

It's most non-classified networks that allow http, https or dns access.
You can tunnel effectively through any of them. You could even tunnel
through SMTP if you were ballsy enough. Everyone's been doing this since
1992AD, and I assume that if anyone puts an anomaly detection
application firewall in place on HTTP and HTTPS, there'll be some public
research into covert channels. Maybe Joanna will release something to
explain how egress filtering without an air gap is just amusing.

> > Protecting networks against worms is a valuable thing. But it's not
> > security, and I think events like this are a wake up call to what the
> > technology you've deployed actually can do.
>
> OK, I'm a pedant - so I can't let that slip by. If protecting networks against 
> worms (or even deliberate targetted attacks) isn 't security, what is it? ;-p

I guess the whole point is that nothing you can deploy right now
actually protects you from targeted attacks. They just handle worms.
Worms are essentially a bandwidth problem. :>

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEdIYrtehAhL0gheoRAtTkAJ963whzKiAbA43msVuMIwinDwrfJwCghDF/
/epXbG9QGtFhqwxy5teHbMY=
=QBFF
-----END PGP SIGNATURE-----