Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Intrustion Detection Data Collection

From: George Jones <gmj () infinet com>
Date: Tue, 04 May 1999 09:34:40 -0400
A couple of thoughts on the recent thread about BOF and data
collection:  I've started down this road
a few times.  The biggest problem you're going to run into is people, at
least people in large private companies
such as my current employer (a top 5 bank) not being willing to share
data.  Another problem you may run into
is antitrust.  At my former employer (a LARGE ISP) we were part
of the ICSA ISPSec consortium.  We discussed the possibility of sharing
information about "bad eggs",
but the biggest problem we saw there was antitrust...would probably
require the creation of something
akin to the national credit beuaro (sp :-( ) ... which might even
involve talking to/lobbying legislative types
in DC.   Not your small, grass-roots, technology based solution, but
that is where these type of efforts lead.
I made some bottom-up efforts while at aforementioned large ISP at
getting them to apply ID&R technology
to stop &$*(@)( from flowing out of our dialup plant.  The lessons
learned, from my perspective, is that you'll
either have to make the business case to the marketing people or have
the legislature hit the whole industry over
the head before things will get better.  The small ISPs are just too
close to the edge to spend a lot of resources
on "public service" things monitoring their outgoing traffic.  For the
larger ISPs, the investment would be huge.
Lastly, you might want to get ahold of Brian Dumphy (bpd () assist mil) or
Jeff Carpenter (jjc () pobox com)
of CERT.  They presented a paper at last years FIRST conference on the
problem of information sharing,
and had at least done some thinking about what to do with the volumes of
data generated by intrusion detection
systems.
--
Email: gmj () infinet com, Snail Mail: Box 529, London, Ohio 43140
Voice: +1 740 852 3242 (h),+1 614 213 6191 (w) Web: www.infinet.com/~gmj

PGP: 1024/8C1CEFC9 Fingerprint 20 79 AE 12 D0 8C 44 8F C5 37 2B 40 EA F5
C3 35

"My grandfather once told me that there are two kinds of people: those
who work and those who take credit.  He told me to try to be in the
first group; there was less competition there."  - Indira Gandhi
Previous By Date Next
Previous By Thread Next

Current thread: