Re: whitehouse cyber strategy review

[chris () blask org]

--- On Sun, 11/15/09, Dan Kaminsky <dan () doxpara com> wrote:

> Stuff on Windows is attacked because its popular. 
> That's really all.

I don't believe any system is "secure" if you can't continue to prove it from moment to moment and I care a lot less 
about intrinsic weaknesses if you can see when they are exploited.  

Therefore, if I was going to push for any sort of technical mandate to address the issue at hand, it would be 
comprehensive log management.  With tools like Splunk and OSSIM (which has gotten really good in recent years) 
available it has become within reasonable reach of anyone moderately serious about security to monitor WTF is going on 
in their networks.  More importantly, it is now clear that over the next 5-10 years this will become the nexus of 
security operations it has indicated it will over the last 5-10.  

Of course I am incredibly biased, which is why no-one responsible for securing the entire US gov't infrastructure 
should just listen to me or any one of us alone, but should rather hold the kind of mind-numbingly iterative 
conversations that the document that started this thread represent to make such decisions.

-chris


      

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.