Firewall Wizards mailing list archives
Re: Worms, Air Gaps and Responsibility
From: "Paul D. Robertson" <paul () compuwar net>
Date: Mon, 10 May 2004 15:44:03 -0400 (EDT)
On Mon, 10 May 2004, Erick Mechler wrote:
:: > I bet you'd see the same sort of behavior from worms no matter what OS the :: > World's critical infrastructures were to run. If they ran *NIX, you'd see :: > more worms targeting those OSs. There's something to be said for :: > heterogenous computing environments. :: :: Funnily enough, I don't recall a Cisco IOS worm with any traction... Last time I checked, it's also not considered a server/desktop platform :)
But they are critical infrastructure targets, and they're quite numerous- both of them potentially making them attractive to disruptive folks. Now, there are several possibilities as to why they're not often targeted with automatic malcode: 1. Lack of platform information (obscurity.) 2. Cost of platform (availability.) 3. Specificity of device. 4. Limited scope of IOS images (IP only vs. Enterprise...) 5. Killing it kills the attacker's connectivity too. It may just be the attacker, it may be the platform, or the lack of being a general purpose device. Indeed, it may be a combination of all things. There's way more Cisco devices and Linux devices than say Solaris devices on the 'Net, but the sadmind worm was probably worse than Lion and Adore- to me, that says something about platform exposure. Windows Server 2003 also purports to split some of the RPC risk stuff out- which at least should help things. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Worms, Air Gaps and Responsibility, (continued)
- Re: Worms, Air Gaps and Responsibility Jim Seymour (May 06)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Mark Gumennik (May 08)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 08)
- Re: Worms, Air Gaps and Responsibility Erick Mechler (May 10)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
- Re: Worms, Air Gaps and Responsibility Erick Mechler (May 10)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 10)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 08)
- RE: Worms, Air Gaps and Responsibility Mark Gumennik (May 11)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 11)
- AIX LPAR security hermit921 (May 25)
- Re: AIX LPAR security Paul D. Robertson (May 25)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 11)
- widnows vs unix and security Re: Worms, Air Gaps and Responsibility ArkanoiD (May 12)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 11)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)