i had sent out this mail a while ago on dd :
http://thread.gmane.org/gmane.comp.security.dailydave/5773
results are getting together but i still need input from academia
society
while the work mentioned in this specific thread is of value ( i have
taken a fast look at it this afternoon - and its very shot which is very
good ) i assume a different approach must be taken to formulate cyber
conflicts , wars , societal effects , layers of financial concerns wraps
into various parts of the soft or hard elements of cyber and
modern-physics have things to say about data stream and data at rest
with security perspective . i have written a book review a couple of
days ago about cyberwar and i will update that same thread this some
details of my paper that i am allowed to share with outside and get
feedbacks .
regards
-dp
On 2016-02-02 13:31, Konrads Smelkovs wrote:
I skim read the book and have some initial thoughts. For sake of this
list,
the TL;DR version of it is (in my poor paraphrasing):
Take network, plot a graph, give nodes score based on connectedness,
estimated attacker value sort by PageRank which gives you the most
nodes-at-risk which then suggests where to concentrate defence efforts.
The
Risk formula is adjusted as per the attached png.
I think this is an overall interesting approach and the authors
consider
multiple types of attackers - e.g. authorised users exceeding
privileges
and ghosts in the network, but I would find the application of this
model
in the Real World [tm] problematic for the following reasons:
* value of node for its owner vs value for an attacker differs
depending on
the type of attacker (I wish Authors would have used Intel's TARA);
organisations find it problematic to put a value on the asset
themselves.
* connectedness matters when you consider inbound connections, but
(unless
I misunderstood), it sort of makes endpoints either super-connected
(each
surf session to facebook.com makes the node much, much more connected
than
anything else inside the network) or connected very little - perhaps
only
to nearest management system.
* the value of secrets on a system is quite important as an
intermediary
target, for example, a management system in a NOC which has all those
RW
SNMP strings is priceless and a big target and stepping stone.
* finally, I think not all nodes are made equal as they have different
"hardness", e.g. something running an ERP probably is a softer target
than
a patched and locked down DC.
Regardless, I think this is a good foray into the topic and I wish
authors
luck in following revisions.
--
Konrads Smelkovs
Applied IT sorcery
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave
