Re: Firewalls and 802.1q trunking

[t <miedaner () twcny rr com>]

I like to say you that I can grab an employee by the collar and make him
stop what he is doing or prosecute.  It is very difficult for anyone to
track down someone in russia, china, libya, etc.  The anonymity and lack of
accounting on the other end makes the internet a dangerous game.

"Marcus J. Ranum" wrote:

> Steve Evans wrote:
> > And can you say that the traffic coming from the internet is the most
> > dangerous traffic on the network.  I've always understood that the vast
> > majority of the attacks come from the inside.
>
> The "80% of attacks come from the inside" statistic that
> has been broadly quoted by INFOSEC practitioners is, as far
> as I can tell, completely made up. In fact, the shocking
> results of a recent study revealed that 99.5% of statistics
> regarding Internet Security are made up, or otherwise based
> on flawed assumptions.*
>
> If it _were_ a real statistic it'd have had to take into
> account some interesting questions:
>         - What percentage of "attacks" did damage?
>         - Were the "attacks" counted as "successful attacks" or did
>                 probes count as well?
>         - Is a Nessus scan an "attack"?
>         - Does an "attack" like a Nessus scan (if counted as an attack)
>                 count as one "attack" or as "N attacks" where N is the
>                 number of discrete tests attempted?
>         - How many "attacks" does a Code Red worm launch? 1? 25?
>                 What about a mass-rooter? Does a "cluster attack"
>                 count as a single attack or a multiple attack.
>         - Does a scan of a subnet count as 255 hosts attacked? Or
>                 255 * number of ports scanned? Or what?
>         - Is a virus an "attack"?
>
>         What I think the people who made that saying up were trying to
> do was get people to keep a balanced perspective on the relative
> insider/outsider threat. But making up bullsh@+ is not the way to
> do it. The way to do it is to point out that, as an enterprise
> grows, the personnel perimeter grows with it, and sooner or later
> you'll have a Bad Guy on the inside. And, it's probably a safe bet,
> a Bad Guy on the inside will have a higher level of access, a
> lower level of audit, and a greater knowledge of where the goodies
> are - and will be accordingly more dangerous. Will they be 80% dangerous
> to the Internet script-kiddy's 20%? It's silly to put a number on
> it.
>
>         If you're out in the jungle someplace, do you worry
> more about a tiger, or a bacterium? The wise man worries about
> both! :)
>
> mjr.
> (* Poll source: I asked my horse. He appeared dubious.)
> ---
> Marcus J. Ranum                         http://www.ranum.com
> Computer and Communications Security    mjr () ranum com
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards