Firewall Wizards mailing list archives
Re: Security Policy methodologies
From: Aleph One <aleph1 () dfw net>
Date: Sat, 3 Jan 1998 01:08:35 -0600 (CST)
On Fri, 2 Jan 1998, Ted Doty wrote:
Until there is a better body of collected (and published) evidence on network attack that can be used to establish norms of security practice, the approach that Hanscom took is likely to be about as good as we can get.
I suggest you read John D. Howard's PhD dissertation, "An Analysis Of Security Incidents On The Internet 1989 - 1995". It has some solid statistics and trend analysis on the incidents reported to CERT during that time period. It also contains an interesting attack taxonomy. But at about 300 pages it is not a one night read.
- Ted -------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 770 395 0150 41 Perimeter Center East | Fax: +1 770 395 1972 Atlanta, GA 30346 USA | Web: http://www.iss.net -------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Security Policy methodologies Rick Smith (Jan 01)
- Re: Security Policy methodologies Ted Doty (Jan 02)
- Re: Security Policy methodologies Aleph One (Jan 03)
- Re: Security Policy methodologies Marcus J. Ranum (Jan 03)
- Re: Security Policy methodologies Ted Doty (Jan 05)
- Re: Security Policy methodologies Aleph One (Jan 05)
- Re: Security Policy methodologies Ted Doty (Jan 05)
- Re: Security Policy methodologies Larry J. Hughes Jr. (Jan 06)
- Re: Security Policy methodologies Rick Smith (Jan 07)
- Re: Security Policy methodologies Ted Doty (Jan 07)
- Re: Security Policy methodologies Aleph One (Jan 03)
- Re: Security Policy methodologies Ted Doty (Jan 02)
- <Possible follow-ups>
- RE: Security Policy methodologies Rick Smith (Jan 01)
- Re: Security Policy methodologies Aleph One (Jan 03)
- Survey so far - Security Policy methodologies Bret Watson (Jan 04)