nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW: Cost of Worm Attack Protection

From: sgorman1 () gmu edu
Date: Thu, 13 Nov 2003 16:59:22 -0500


I guess the hypothetical would be if you were in charge of security for an AS what would be the cost to put a 
best-effort worm mitigation system in.  The second question being how would you scale that cost with the size of the 
AS.  Maybe it is a case that there is not a best practice to fix a cost to, too much variability in the market and 
theories of how best to defend, if defend at all.  Just figured it would be prudent to ask before we made something up 
- usually not such a good idea.

----- Original Message -----
From: kgraham () rogers com
Date: Thursday, November 13, 2003 4:40 pm
Subject: Re: FW: Cost of Worm Attack Protection



It would be great not to spend any money and let the worms run 
their course.  But when you have to deal with downed production at 
the cost of give or take possibly 500K per attack it unfortunately 
cannot be done without one loosing their job.  The last worm that 
spread throughout enterprises mentioned having to reinstall the 
entire server.  If that server is a critical production server 
what would you do?

Would spending 100K prevent the attack, very likely not.  Would 
spending 100K help track the offending machine(s) and enable 
someone to remove them from the network until they are serviced, 
possibly?  
Would this help keep production rolling, possibly?

The installation management and response time needed to implement 
an IDS solution does have to be investigated to see if the ROI 
comes in line with the cost.  The ROI would need to include any 
saved downtime.  If someone has this information please pass it 
along. 

A nicer solution would be an operating system that does not need a 
critical patch every other week, due to it's exploitable nature. 

Yes I am dreaming :)

Kim



From: "Braun, Mike" <MBraun () firstam com>
Date: 2003/11/13 Thu PM 03:02:59 EST
To: "'nanog () merit edu'" <nanog () merit edu>
Subject: FW: Cost of Worm Attack Protection


The old saying of "you get what you pay for" seems to be well 

directed when

it comes to this topic.  If you're willing to allocate $100K 

more than you

currently spend to mitigating the effects from Worms and 

Viruses, I'm sure

you will have some increased success.  If you allocate 1 mill 

more, your

success will increase substantially.  The true cost really boils 

down to

what you are trying to protect, such as how many servers, users, 

network> segments, and other critical devices you are willing to 
encompass in your

protection plan.  Also, you may be able to mitigate the cost by 

using the

functionality built into devices you may already own.  A good 

protection> schema needs to address the use and benefits from the 
following:  Firewalls,

VPN tunnels and policies, HIDs, NIDs, Antivirus software, and a 

good network

security policy that grows with your network.  You may already 

have most of

this in place and need only a little extra funding allocated to 

give you the

protection level you feel comfortable with.  

If you're looking for pricing on each component, they will vary 

widely> depending on the brand and model you go with.  You should 
shop around for

components that suit your budget.  An example of this price 

variance can be

found by looking at a Net Forensics project priced at $500k 

compared to a

similar solution going will Network Intelligence at $40K.  The 

Network> Intelligence solution may not have all the functionality 
offered by Net

Forensics, but it may be enough for your needs. 

Best of luck in fighting this ever growing problem,

Mike Braun

-----Original Message-----
From: sgorman1 () gmu edu [mailto:sgorman1 () gmu edu] 
Sent: Thursday, November 13, 2003 7:59 AM
To: Joel Jaeggli
Cc: nanog () merit edu
Subject: Re: Cost of Worm Attack Protection



Good point - then what is the cost of attempting to mitigate or 

handle> attacks vs. doing nothing?


----- Original Message -----
From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Thursday, November 13, 2003 10:14 am
Subject: Re: Cost of Worm Attack Protection


I haven't seen any network or customer site that has protected 
itself from 
worms... only mitigated them.

joelja

On Thu, 13 Nov 2003 sgorman1 () gmu edu wrote:




I was hoping to get some estimates from folks on the costs 

of 

defending> networks from various worm attacks.  It is a pretty 
wide open question,

but if anyone has some rough estimates of what it costs per 

edge,> > > manpower vs. equipment costs, or any combination 
thereof it 

would be of

great assistance.  We are doing some simulations of attack 

and 

defense> strategies and looking for some good metrics to plug 

into 

a cost benefit

model.  We'd be happy to share the results if anyone is 

interested as

well.

Thanks in advance,

sean



-- 
---------------------------------------------------------------

----

------- 
Joel Jaeggli                 Unix Consulting                
joelja () darkwing uoregon edu    
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 

35AB 

B67F 56B2






"MMS <firstam.com>" made the following
 annotations on 11/13/2003 12:03:21 PM
-----------------------------------------------------------------

-------------

"THIS E-MAIL MESSAGE AND ANY FILES TRANSMITTED HEREWITH, ARE 

INTENDED SOLELY FOR THE USE OF THE INDIVIDUAL(S) ADDRESSED AND MAY 
CONTAIN CONFIDENTIAL, PROPRIETARY OR PRIVILEGED INFORMATION.  IF 
YOU ARE NOT THE ADDRESSEE INDICATED IN THIS MESSAGE (OR 
RESPONSIBLE FOR DELIVERY OF THIS MESSAGE TO SUCH PERSON) YOU MAY 
NOT REVIEW, USE, DISCLOSE OR DISTRIBUTE THIS MESSAGE OR ANY FILES 
TRANSMITTED HEREWITH.  IF YOU RECEIVE THIS MESSAGE IN ERROR, 
PLEASE CONTACT THE SENDER BY REPLY E-MAIL AND DELETE THIS MESSAGE 
AND ALL COPIES OF IT FROM YOUR SYSTEM."



==============================================================================>
Previous By Date Next
Previous By Thread Next

Current thread: