Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Policy methodologies

From: Aleph One <aleph1 () dfw net>
Date: Sat, 3 Jan 1998 01:08:35 -0600 (CST)
On Fri, 2 Jan 1998, Ted Doty wrote:


Until there is a better body of collected (and published) evidence on
network attack that can be used to establish norms of security practice,
the approach that Hanscom took is likely to be about as good as we can get. 


I suggest you read John D. Howard's PhD dissertation, "An Analysis Of
Security Incidents On The Internet 1989 - 1995". It has some solid
statistics and trend analysis on the incidents reported to CERT during
that time period. It also contains an interesting attack taxonomy. But at
about 300 pages it is not a one night read.


- Ted

--------------------------------------------------------------
Ted Doty, Internet Security Systems | Phone: +1 770 395 0150
41 Perimeter Center East            | Fax:   +1 770 395 1972
Atlanta, GA 30346  USA              | Web: http://www.iss.net
--------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689  FD0F E625 D525 E1BE



Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
Previous By Date Next
Previous By Thread Next

Current thread: