funsec mailing list archives
RE: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc.
From: <stylewar () cox net>
Date: Mon, 5 Jun 2006 14:04:03 -0500
I'm not saying that I a honeynet is more "intuitive" in trending or forecasting attack vectors ... I'm saying that I challenge the assumption that the predominant attack vector is through something on the order of clickable links... For one, I don't see the data that supports that assumption. I *believe* that different organizations and demographics have different susceptibiltiy trends....to generically comment on trends such as those across all ecologies would be to ignore the defining characteristics of those ecologies. So what does all that mean to me? It means that I WOULD agree that there appears to be a layered ecology to attack vectors, and clickable links has a place where it is becoming predominant...Speaking VERY generally, the 'clickable link' attack vector would probably have a predominant place within the home PCs realm, or within smaller organizations with little invested in the way of security awareness or mitigating tools etc... Whereas I would speculate that a growing number of organizations (which have invested in awareness AND Content Filtering Gateways / Proxies etc.) will have an altogether different ecology. Their 'primary' concern is the hardware theft attack vector (a la ... the laptop). /shrug ... -- StyleWar "I love the smell of napalm in the morning.." ---- Fergie <fergdawg () netzero net> wrote:
Could you expand on this part, please? I'm interested to know why you think that a honeynet is any more "intuitive" in trending and forecasting attack vectors than a, say, liberally administered IDS? Just curious -- this discussion is becoming very fruitful. :-) Cheers, - ferg p.s. Also bear in mind that I just might be playing Devil's Advocate. :-) -- "StyleWar" <stylewar () cox net> wrote: [...] But I would challenge the assumption that trojans are more predominantly spread through unwitting install, rather than some other method, and suggest that they (honenets) still have value as tripwires along the path to the goodies... [snip] -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc. stylewar (Jun 05)