Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)
Valdis.Kletnieks_at_vt.edu
Date: 07/29/03
- Previous message: Dirk Mueller: "[Full-Disclosure] KDE Security Advisory: Konqueror Referrer Authentication Leak"
- In reply to: Jason: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Next in thread: Ron DuFresne: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Reply: Ron DuFresne: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Reply: Nick FitzGerald: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Jason <security@brvenik.com> Date: Tue, 29 Jul 2003 15:09:47 -0400
On Tue, 29 Jul 2003 13:14:49 EDT, Jason <security@brvenik.com> said:
> Wrong, the cost benefit does work out for the business. We are at 3.9
> million because we did not pay attention to the assets that needed
> protecting and implement best practices. At 3.9 million we are still
> under the extremely conservative $4million estimate from one single outage!
You can harp on "best practices" all you want - hell, *I* certainly do
it enough. However, you have to come to some realizations here. All
"best practices" cost something to implement. And at some point, the
cost of prevention is going to exceed the cost of cleaning up.
And at this point, the boss asks "So what are the chances we'll make
it through the entire rest of the fiscal year without having to blow
*another* $1.3M, compared to the chances we'll get wormed before the
next advisory comes out?"
Remember - we're up to MS03-*030* and it's still July. At $1.3M per,
you've burned some $39M already to protect against a $4M threat.
Security is *tradeoffs*. Do I wish all my users were patched against
MS03-026? Yes. Do I think some will get trashed by whatever worm comes
by? Yes - the last worm nailed 200 boxes or so before we got specific
router filters in place.
However, when the cost of forcing *all* the users to upgrade exceeds
the cost of cleaning up the 200 that will get whacked, it's *REAL*
hard to get resources allocated - I've never net a VP-level exec
that would agree to the idea that they should spend $2M to protect
against a $500K threat because it's "best practices". The only ways
you'll get your $2M is to either make it under $500K instead, or something
raises the $500K (for instance, if "liable for a $1.5M fine under the newly
passed protection-of-private-law" gets added in...)
Anybody who can't understand *that* probably doesn't get the joke
about a $200 chip protecting the $0.75 fuse by blowing up first....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
- Previous message: Dirk Mueller: "[Full-Disclosure] KDE Security Advisory: Konqueror Referrer Authentication Leak"
- In reply to: Jason: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Next in thread: Ron DuFresne: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Reply: Ron DuFresne: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Reply: Nick FitzGerald: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
