Information Security News mailing list archives
RE: InfoSec 2003: 'Zero-day' attacks seen as growing threat (Three messages)
From: InfoSec News <isn () c4i org>
Date: Mon, 22 Dec 2003 04:24:58 -0600 (CST)
Forwarded from: Harlan Carvey <keydet89 () yahoo com> Rob,
I don't know about you but zero-day exploits frighten me. Theyre absolutely terrifying. I think we should either (a) nationalize the computer security industry or (b) dismantle the Internet as a national security threat.
I guess I can understand your point of view, but what about defense in depth? Looking at the entire security picture as a whole, it would seem the even zero-day exploits may be extremely difficult to deploy *IF* more folks take a more comprehensive approach to security. Take Slammer last year, for example. Infrastructures that did not expose UDP port 1434 to the Internet were not infected by the worm. Looking further back, folks running IIS 4.0 who'd taken the step to disable ida/idq script mappings were not infected with Code Red. These aren't necessarily zero-day exploits, but the worms do illustrate the lack of vision with regards to security. -=- Forwarded from: Jon Miller <cio.ny () usa net> These "zero day" exploits are finding previously unknown ways to do the same nasty things. Fortunately these nasty things are (or at least have been) finite. It seems to me that a behavioral approach is now as fundamentally necessary as as traditional signature based AV. Used in conjunction with eachother, they offer a defense in depth approach to layered security that can mitigate against patch latency and previously unknown exploits of vulnerabilities. Simply put, I don't care what mode of transportation a burglar takes to my house, I just don't want him to get in - or if he does, to take anything or do any harm. About that dismantling of the Internet... Let's also ban all food additives, some may be bad - let's eat it all right away! :) --- Jon Miller, CISSP Chief Information Security Officer The City of New York, HRA -=- Forwarded from: Barb <ndex () mail c2security org> There is a commercial NIDS product that does anomaly based detection. It is fast and good, but I dislike the manufacturer so I will not plug them. Only the people who don't know that Zero-day exploits have been around since the beginning of the computer age and are also in a position to make IT/security policy scare me. They outnumber the knowledgable, skilled and talented by hundreds to one. They are more of a problem than a solution. They are the ones to stupid, vain or lazy to use a proper password or secure shell services. They are the lame. They should be banished from cyberspace... - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- RE: InfoSec 2003: 'Zero-day' attacks seen as growing threat (Three messages) InfoSec News (Dec 22)