The concern with online security services and continous risk management is
that the online security service either contracts to a ISP or is an ISP
themselves thus dealing with the same sort of network security architecture
issues: Design a service that has to be up 99% of the time (Availability),
but yet can take an attack or two (Integrity), and also keep the
information across the wire secure (Confidentiality). Within that mix,
there are compromises made usually by some Pointedy-Haired (Dilbertesque)
type people. Security Monitoring is very hard to scale without making some
compromises in order to provide customers the service they are under the
impression they are paying for.
/m
At 09:49 AM 9/6/00 -0500, Frank Knobbe wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
> > -----Original Message-----
> > From: Ben Nagy [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 05, 2000 6:24 PM
> > >
> > > For those currently letting others maintain various aspects of
> > > their network, perimeter, inner-soft-chewy-center, etc; Would
> > > you be concerned to find the company doing the maintainance work
> > > for you mostly via open text channels via the internet?
> >
> > Sniffers and IP spoofing are possibly less of a threat than
> > you might think.
> > If you're administering a system elsewhere on the Internet,
> > an IP spoofing
> > attack is actually quite difficult. Sniffing is sometimes
> > easier, but only
> > an option to people that have a level of physical access to
> > the wire, in
> > most cases. [...]
>
>I assume Ron is concerned about someone administering a box in your
>network across the Internet using clear-text. In that case I would
>say, yes sniffing is a problem. An attacker does not need physical
>access your wire, but instead can hack one of your boxes and sniff
>control traffic. Depending on how someone admins the box (in regards
>to time between detection and action), an attacker may have enough
>time to hack one of your boxes, sniff the traffic and then either a)
>gain passwords to login to other boxes to turn the IDS off (or modify
>it to conceal his actions), b) learn information on how the box is
>managed and using that information to plan his real attack, or c)
>create false positive to blind the remote admin.
>
>I believe any remote administration (even if it is just receiving log
>data, i.e. Syslog) should be encrypted.
>
>In regards to IP spoofing, I agree with you.
>
>Regards,
>Frank
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Personal Privacy 6.5.1
>Comment: PGP or S/MIME (X.509) encrypted email preferred.
>
>iQA/AwUBObZZZ0RKym0LjhFcEQLXnACfY9QZciW663+5mykmkbQQimadjR8AoI5M
>AwAGU+gvJdgOP1LBMwReNvJ+
>=BDwy
>-----END PGP SIGNATURE-----
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
