Firewall Wizards mailing list archives
Intrustion Detection Data Collection
From: George Jones <gmj () infinet com>
Date: Tue, 04 May 1999 09:34:40 -0400
A couple of thoughts on the recent thread about BOF and data collection: I've started down this road a few times. The biggest problem you're going to run into is people, at least people in large private companies such as my current employer (a top 5 bank) not being willing to share data. Another problem you may run into is antitrust. At my former employer (a LARGE ISP) we were part of the ICSA ISPSec consortium. We discussed the possibility of sharing information about "bad eggs", but the biggest problem we saw there was antitrust...would probably require the creation of something akin to the national credit beuaro (sp :-( ) ... which might even involve talking to/lobbying legislative types in DC. Not your small, grass-roots, technology based solution, but that is where these type of efforts lead. I made some bottom-up efforts while at aforementioned large ISP at getting them to apply ID&R technology to stop &$*(@)( from flowing out of our dialup plant. The lessons learned, from my perspective, is that you'll either have to make the business case to the marketing people or have the legislature hit the whole industry over the head before things will get better. The small ISPs are just too close to the edge to spend a lot of resources on "public service" things monitoring their outgoing traffic. For the larger ISPs, the investment would be huge. Lastly, you might want to get ahold of Brian Dumphy (bpd () assist mil) or Jeff Carpenter (jjc () pobox com) of CERT. They presented a paper at last years FIRST conference on the problem of information sharing, and had at least done some thinking about what to do with the volumes of data generated by intrusion detection systems. -- Email: gmj () infinet com, Snail Mail: Box 529, London, Ohio 43140 Voice: +1 740 852 3242 (h),+1 614 213 6191 (w) Web: www.infinet.com/~gmj PGP: 1024/8C1CEFC9 Fingerprint 20 79 AE 12 D0 8C 44 8F C5 37 2B 40 EA F5 C3 35 "My grandfather once told me that there are two kinds of people: those who work and those who take credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
Current thread:
- Intrustion Detection Data Collection George Jones (May 05)
- Re: Intrustion Detection Data Collection dreamwvr (May 06)