Re: FW: Cost of Worm Attack Protection

[sgorman1 () gmu edu]

Ideally you would have a different metric for each AS type depending on their tolerance for risk.  The lower the 
tolerance for risk the higher the investment made in security precautions.  Unfortanately classifying 14,000+ AS's is 
taking a little longer than I thought, but that is the end goal.  Hopefully another few weeks.  Even once you have some 
type of classification schema ideally you still need some kind of cost metric you can scale.  

There is also the problem of data.  The only solid data I've seen at the AS level to approximate size is number of 
connections to other AS's.  I've seen some stats with number of servers at the AS level but not for the whole AS 
population.  

----- Original Message -----
From: Sean Donelan <sean () donelan com>
Date: Thursday, November 13, 2003 5:35 pm
Subject: Re: FW: Cost of Worm Attack Protection

> On Thu, 13 Nov 2003 sgorman1 () gmu edu wrote:
> > I guess the hypothetical would be if you were in charge of 
> security for
> > an AS what would be the cost to put a best-effort worm 
> mitigation system
> > in.
>
> What kind of AS?
>
> An AS used by a military organization that has authority over its 
> usersand can through them in the brig for failing to follow 
> commands and
> policy?
>
> An AS used by a commercial enterprise that has authority over its 
> usersand can fire them for failing to follow commands and policy?
>
> An AS used by a university enterprise that has authority over its 
> usersand can expell them for failing to follow commands and policy?
>
> An AS used by a service provider that has authority over its users and
> can terminate their network access for failing to follow commands and
> policy?
>
> An AS used by a public agency that is required by law to permit all
> citizens access to information until proven beyond reasonable 
> doubt the
> access was misused?