Subscribe: Comments on TaoSecurity: More on Black Hat Costs
http://taosecurity.blogspot.com/feeds/5132109057383729371/comments/default
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
ago  attack  attacker  boundary filters  cost  design  firewall  igmp icmp  money  raise fair  traditional design  traditional  valid tool 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Comments on TaoSecurity: More on Black Hat Costs

Comments on TaoSecurity: More on Black Hat Costs





Updated: 2018-04-24T23:40:01.609-04:00

 



Although all those things are not free, I believe ...

2010-06-03T15:06:25.990-04:00

Although all those things are not free, I believe that the costs are in most cases going down, due to an increase in supply. It would be interesting to see a time adjusted graph of the cost of a common zero day over the last few years. I think the largest cost for the intruder continues to be post intrusion aspect... how to get the money out, or the time and resources it take to analyze and achieve results with stolen data. That being said, it is a replacement cost, you would have to be earning money or researching a technology anyway... but still a cost.



10 years ago, IGMP, ICMP, and ACK based backdoors ...

2010-05-31T10:12:10.816-04:00

10 years ago, IGMP, ICMP, and ACK based backdoors could have been considered a serious problem.

Today, you are 100 percent fine running standard, non-reflexive access-control lists and/or null routes based mostly on bogons and the FATF blacklist.

Boundary filters at borders that do IP to IP are enough (because, yes, 80/443/et-al are rampant). You don't need complex exceptions management, or silly firewall forms. I suggest you comanage your existing firewalls with 2-3 managed security providers and begins projects to de-emphasize their use.

If XML traffic is 50 percent of Enterprise traffic, then maybe somebody should consider more boundary filters at this layer.



You raise a fair point in regards to firewalls - e...

2010-05-25T10:30:23.840-04:00

You raise a fair point in regards to firewalls - especially given the plethora of user driven attacks. However, lets say the attack has an exploit for something in the DMZ. The attacker exploits a remote service. If you follow traditional design, the DMZ won't allow a callback (EGRESS filtering - the dmz should initiate limited outbound connections). Now the attacker has to initiate an inbound connection, but only used ports are allowed through the firewall. Generally that means you have to kill a service. If that happens the admins will often notice the downtime quickly. Thus your job as an attacker is much more difficult.

There are of course other ways of getting a connection back, but the attacker would have to deliver a more complex initial payload, which can be very difficult.

Therefore, I'm not sure the money is wasted by traditional design. I'll admit that the vast majority of attacks now attack end users, but I believe that is an effect from the traditional firewall design being effective and attack patterns shifting. To quote Patton, "Fixed fortifications are monuments to man's stupidity.” I think the appropriate move is to move beyond only traditional design not because of it's failure, but because the attack has shifted.



The firewall is still a valid tool for segmentatio...

2010-05-25T09:50:28.636-04:00

The firewall is still a valid tool for segmentation of your internal network and segmentation is an often overlooked, inexpensive way to secure internal networks.



What do you think about the Vulnerability Marketpl...

2010-05-25T04:38:11.681-04:00

What do you think about the Vulnerability Marketplace Survey UnSecurityResearch published a few days ago?
http://unsecurityresearch.com/index.php?option=com_content&view=article&id=52&Itemid=57