Re: The Criminal Underground: A Walk on the Dark Side

[Valdis.Kletnieks () vt edu]

On Wed, 05 Sep 2007 16:52:56 EDT, Dude VanWinkle said:
> On 9/5/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:

> > 1) Only allow whitelisted systems - we have a *lot* of boxes that we only
> > allow access to AS1312 systems, or specific subnets thereof.  Works great, and
> > the subnets move a lot less than botted systems.
>
> and if the whitelisted subnets get hacked? Whats your plan then?

Baseball bats. :)

But seriously, we've got some 1,100 SNMP-managed switches and 1,300 or so
wireless APs on our network, and we've got pretty much of a handle on how
to deal with a compromised box.  We've even got things in place to deal with
the case of a compromised box on our management plane (and they're more concrete
than just "Oh shit..." ;)

> I would buy that, just for kicks.. and BTW/FYI an alarm system will
> only keep out dumb burglars (I.e.: the hamburglar).

I said a security system, not an alarm system.  Note that some places have
*very* *good* security systems in place (bank vaults, those types of sites
that actually buy GSA Class 5 document containers, most nuclear warheads when
they're not on tour, and so on... ;)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.