Re: Alert System Sought for Internet Attacks

[InfoSec News <isn () c4i org>]

Forwarded from: security curmudgeon <jericho () attrition org>
cc: Ariana Cha <chaa () washpost com>

the other problem with this..

companies that do something like this want to charge, and often too
much (ie: iDefense), especially for an inferior service. others do it
and provide too much info, so weeding out the noise is difficult (ie:
bugtraq list for most admins). others simply don't give you enough
information (ie: CERT), and all it takes is a single missed advisory
and your organization is in trouble. others will give you Windows bug
info, but not Solaris or HP.. making life hell on those working in
mixed environments.

the solution then is to create a check list type system. you pick what
types of alerts you want to receive. solaris, check. windows, check.
DNS, check. web browsing, check. worms, check.

but who classifies these attacks? who determines what is a
vulnerability or just a 'passing concern'? who warns you that the
patch for the latest windows vulnerability will break previous patches
and re-open you to other vulnerabilities.

all in all, the solution i mention above has been tried and met with
limited success at best. it costs too much to maintain a system like
that and to keep staff around that can focus on such a task.

based on previous attempts and a quick review of the situation, this
is along the lines of asking the vendors to adhere to rigid secure
coding practices.

---------- Forwarded message ----------
From: InfoSec News <isn () c4i org>
X-Sender: isn () idle curiosity org
To: isn () attrition org
Date: Fri, 26 Oct 2001 04:55:06 -0500 (CDT)
Subject: [ISN] Alert System Sought for Internet Attacks 

http://www.washtech.com/news/regulation/13352-1.html

By Ariana Eunjung Cha,
Washington Post Staff Writer
Thursday, October 25, 2001; 7:31 AM

OAKLAND, Calif., Oct. 23 News of cyberattacks, viruses and hoaxes
often spreads through the computer security world in the same
haphazard way as gossip. Jonathan Disher, who oversees the security
network for Internet Pictures Corp., for instance, gets his
information from several Web sites, two e-mail lists, pages and phone
messages.

So far, he said his informal system has worked okay. But since Sept.
11, Disher has been worried about how such a system would hold up
under aggressive, targeted strikes by terrorist groups.

"While we're not completely caught with our pants down, we're not as
prepared as we should be," he said.

Creating a "first alert" system for problems on the Internet has
become a priority in recent weeks as the government has warned of
possible attacks on the high-tech infrastructure. Richard A. Clarke,
the adviser for cyber-security in the newly created Office of Homeland
Security, has encouraged companies to create industry-specific
information dissemination centers.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.