Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] emergent security properties

from [Roland Dobbins] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] emergent security properties
Date: Tue, 26 Dec 2006 17:32:24 -0800 

On Dec 26, 2006, at 4:19 PM, coderman wrote:


the only example that comes to mind is distributed / collaborative
anomaly detection systems which become more robust with a larger
number of entities and interactions to observe.


While scale introduced complexity in terms of opex and maintenance,  
I'm not sure it carries the distinction of qualitative complexity  
implied by the previous poster.

Perhaps a better example would be an anomaly-detection system which  
correlates multiple types of telemetry with differing paradigms (say,  
NetFlow alongside syslog) in order to increase the fidelity of  
detection/classification/traceback/analysis.

Another example would be introducing antispoofing functionality into  
a network infrastructure by deploying uRPF, IP Source Verify, iACLs,  
et. al. - this does introduce more complexity into the system, but it  
has very real security benefits both for the deploying organization  
as well as other organizations who in some fashion interconnect to  
one degree or another with the deploying organization (i.e., everyone  
on the public Internet, business partners interconnected via extranet  
WAN links or VPN tunnels, etc.).  Enabling telemetry export/ 
collection/analysis, deploying iACLS/rACLs/CoPP, enabling telemetry  
export to collection/analysis systems, and many other similar  
activities are also examples of increased complexity leading to  
better security.

As an aside, Slammer did not in fact take down 'much of the  
Internet'; some SP infrastructure was affected, but the vast majority  
of networks affected were enterprise networks.

http://www.caida.org/publications/papers/2003/sapphire/sapphire.html

http://www.beyondbgp.net/pubs/2003/bbgp_iwdc03.pdf

http://momo.lcs.mit.edu/slammer/

http://www.eecs.umich.edu/~zmao/Papers/SPECTS06-camera.pdf


-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice

                All battles are perpetual.

                   -- Milton Friedman



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] emergent security properties, coderman
Next by Date:  Re: [Full-disclosure] SQID v0.2 - SQL Injection Digger., icecoldeuro
Previous by Thread:  Re: [Full-disclosure] emergent security properties, coderman
Next by Thread:  Re: [Full-disclosure] emergent security properties, coderman
Indexes:  [Date] [Thread] [Top] [All Lists]