nanog mailing list archives
Re: How to get better security people
From: batz <batsy () vapour net>
Date: Wed, 3 Apr 2002 11:02:49 -0500 (EST)
On Wed, 3 Apr 2002, Sean Donelan wrote: :Instead of a neighborhood watch do we need a network watch? :While we need a few people with "deep" security knowledge, we also :need to spread a thin layer of security pixie dust throughout the :entire organization. The NIPC, CERT, OCIPEP(Canada) and other organizations try to fill this role. The Incidents mailing list also tries to do this on a more ad hoc basis, along with the honeynet projects, and to a great extent Nanog. If ones definition of security includes integrity and reliability, then Nanog has been performing that role since its creation. The problem that exists with the neighbourhood watch model is that it assumes some sort of community and, despite a few exceptions, there is no community of internet providers. There are communities of network engineers and other specialists, but the possibility of corporations getting together with a common goal, which may temporarily supercede their individual competetive advantage, is just not going to happen. They can have industry associations, lobby groups, interest groups, and other representative bodies, but community is not one of these, and thus any network watch program which depends on community will be hampered. So, the challenge is to find a model of information sharing in which a balance between effectiveness and the protection of competitive information that is slanted heavilty to the latter. This on top of providing value to the participants. There are some private security alert services like this. I can personally highly recommend the securityfocus ARIS tool and their commercial Threat Management System. NAI's virus alert system is excellent, as is a similar service from sophos.com. The non-classified government briefings I have seen don't really provide value from an up to the minute threat analysis perspective. They might help an executive hold an intelligent conversation on current affairs, but they do little for people who are responsible for protecting the infrastructure. Personally, I would like to see a mixture of the MAPS RBL and aris.securityfocus.com available, where emerging hostile netblocks can be blackholed for short periods of time using attack information gathered from and coroborated by a vast array of diverse sources. -- batz
Current thread:
- Re: How to get better security people Christopher E. Brown (Apr 02)
- Re: How to get better security people Sean Donelan (Apr 02)
- Re: How to get better security people Jake Khuon (Apr 02)
- Re: How to get better security people batz (Apr 03)
- RE: How to get better security people Benjamin P. Grubin (Apr 03)
- Re: How to get better security people Avleen Vig (Apr 03)
- Re: How to get better security people Richard A Steenbergen (Apr 03)
- Re: How to get better security people Avleen Vig (Apr 04)
- Re: How to get better security people batz (Apr 03)
- Re: How to get better security people Sean Donelan (Apr 02)
- <Possible follow-ups>
- RE: How to get better security people Zimmerman, David (Apr 03)