Re: AV/FW Adoption Studies

[Niels Bakker <niels=nanog () bakker net>]

[unattributed wrote:]
> > Remember - every single 0-day that surfaces was something the black hats
> > found first.

* Michael.Dillon () radianz com [Fri 11 Jun 2004, 12:29 CEST]:
> And 0-day exploits are only the ones that the blackhats are willing to
> talk about. If they keep quiet about an exploit and only use it for
> industrial espionage and other electronic crimes then we are unlikely
> to hear about it until a whitehat stumbles across the blackhat's
> activities. Rather like the cuckoo's egg or the recent complex exploit
> involving IE and the MS Help tool.

This "black hat" vs. other shade "hats" is unnecessarily polarising.
A security researcher may, during the normal course of his employment,
find a security vulnerability.  Not talking about it could be a
commercial advantage (if she does security audits, the discovery could
potentially be used to gain access to otherwise closed portions of a
customer's network) and not necessarily a sign of an evil mind.


> Have any of your customers ever asked you for a traffic audit report
> showing every IP address that has ever sourced traffic to them or
> received traffic from them?

Surely this would be for comparison against their own logs of what they
sent and received and not because they aren't logging their own very
important data traffic?


        -- Niels.