RE: InfoSec 2003: 'Zero-day' attacks seen as growing threat (Three messages)

[InfoSec News <isn () c4i org>]

Forwarded from: Harlan Carvey <keydet89 () yahoo com>

Rob,

> I don't know about you but zero-day exploits frighten me.  Theyre
> absolutely terrifying.  I think we should either (a) nationalize the
> computer security industry or (b) dismantle the Internet as a
> national security threat.

I guess I can understand your point of view, but what about defense in
depth?  Looking at the entire security picture as a whole, it would
seem the even zero-day exploits may be extremely difficult to deploy
*IF* more folks take a more comprehensive approach to security.

Take Slammer last year, for example.  Infrastructures that did not
expose UDP port 1434 to the Internet were not infected by the worm.  
Looking further back, folks running IIS 4.0 who'd taken the step to
disable ida/idq script mappings were not infected with Code Red.  
These aren't necessarily zero-day exploits, but the worms do
illustrate the lack of vision with regards to security.


-=-


Forwarded from: Jon Miller <cio.ny () usa net>

These "zero day" exploits are finding previously unknown ways to do
the same nasty things. Fortunately these nasty things are (or at least
have been) finite.

It seems to me that a behavioral approach is now as fundamentally
necessary as as traditional signature based AV. Used in conjunction
with eachother, they offer a defense in depth approach to layered
security that can mitigate against patch latency and previously
unknown exploits of vulnerabilities.

Simply put, I don't care what mode of transportation a burglar takes
to my house, I just don't want him to get in - or if he does, to take
anything or do any harm.

About that dismantling of the Internet...  Let's also ban all food
additives, some may be bad - let's eat it all right away!  :)

---
Jon Miller, CISSP
Chief Information Security Officer
The City of New York, HRA


-=-


Forwarded from: Barb  <ndex () mail c2security org>

There is a commercial NIDS product that does anomaly based detection.  
It is fast and good, but I dislike the manufacturer so I will not plug
them.

Only the people who don't know that Zero-day exploits have been around
since the beginning of the computer age and are also in a position to
make IT/security policy scare me.

They outnumber the knowledgable, skilled and talented by hundreds to
one.  They are more of a problem than a solution.  They are the ones
to stupid, vain or lazy to use a proper password or secure shell
services.  They are the lame.  They should be banished from
cyberspace...




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.