funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Thinking out loud: On the value of honeynets, trojans, bo tnets, etc.

From: <stylewar () cox net>
Date: Mon, 5 Jun 2006 14:04:03 -0500
I'm not saying that I a honeynet is more "intuitive" in trending or forecasting attack vectors ... I'm saying that I 
challenge the assumption that the predominant attack vector is through something on the order of clickable links... For 
one, I don't see the data that supports that assumption. I *believe* that different organizations and demographics have 
different susceptibiltiy trends....to generically comment on trends such as those across all ecologies would be to 
ignore the defining characteristics of those ecologies.

So what does all that mean to me? It means that I WOULD agree that there appears to be a layered ecology to attack 
vectors, and clickable links has a place where it is becoming predominant...Speaking VERY generally, the 'clickable 
link' attack vector would probably have a predominant place within the home PCs realm, or within smaller organizations 
with little invested in the way of security awareness or mitigating tools etc...

Whereas I would speculate that a growing number of organizations (which have invested in awareness AND Content 
Filtering Gateways / Proxies etc.) will have an altogether different ecology. Their 'primary' concern is the hardware 
theft attack vector (a la ... the laptop).

/shrug ...

--

StyleWar

"I love the smell of napalm in the morning.."

---- Fergie <fergdawg () netzero net> wrote: 

Could you expand on this part, please?

I'm interested to know why you think that a honeynet is any more
"intuitive" in trending and forecasting attack vectors than a, say,
liberally administered IDS?

Just curious -- this discussion is becoming very fruitful. :-)

Cheers,

- ferg

p.s. Also bear in mind that I just might be playing Devil's
Advocate. :-)


-- "StyleWar" <stylewar () cox net> wrote:

[...] But I would challenge the assumption that trojans
are more predominantly spread through unwitting install, rather than some
other method, and suggest that they (honenets) still have value as tripwires
along the path to the goodies...

[snip]

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: