--- On Sun, 11/15/09, Dan Kaminsky <[email protected]> wrote:
> Stuff on Windows is attacked because its popular.
> That's really all.
I don't believe any system is "secure" if you can't continue to prove it from
moment to moment and I care a lot less about intrinsic weaknesses if you can
see when they are exploited.
Therefore, if I was going to push for any sort of technical mandate to address
the issue at hand, it would be comprehensive log management. With tools like
Splunk and OSSIM (which has gotten really good in recent years) available it
has become within reasonable reach of anyone moderately serious about security
to monitor WTF is going on in their networks. More importantly, it is now
clear that over the next 5-10 years this will become the nexus of security
operations it has indicated it will over the last 5-10.
Of course I am incredibly biased, which is why no-one responsible for securing
the entire US gov't infrastructure should just listen to me or any one of us
alone, but should rather hold the kind of mind-numbingly iterative
conversations that the document that started this thread represent to make such
decisions.
-chris
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
