Re: workstation attacks vs. server attacks
From: Walter Roberson (roberson@ibd.nrc.ca)Date: 01/19/02
- Previous message: tomwilliamz: "Re: workstation attacks vs. server attacks"
- In reply to: tomwilliamz: "Re: workstation attacks vs. server attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: roberson@ibd.nrc.ca (Walter Roberson) Date: 19 Jan 2002 08:20:37 GMT
In article <65c63139.0201182259.77d0ee6f@posting.google.com>,
tomwilliamz <twilliams@techtracker.com> wrote:
:good day. windows desktops in the standard office setting vs. backroom
:mail, file and web servers- unix, Win what have you.
Again, '??'. The system I sit in front of all day at work is a Unix
system. So is the one I sit in front of all night at home. My spouse's
sitting on the other side of the desk from mine is a different kind of
Unix system.
At work, our servers are sitting in special rooms for cooling (mostly),
power (some), security (some), noise (somewhat) and space (somewhat)
reasons. Oddly enough, those are the same reasons that our most
sophisticated graphics workstations are in the same computer room
[though in a section that reduces the noise from the larger room.]
Most of our real workstations are in what might be called "backroom"
settings, because that's where they are most needed -- controlling
20 tonne magnets and so on. But we also have a number of workstations
with -exactly- the same operating systems sitting in people's offices.
The *only* server that we have in a "backroom" that we don't also
have in an office acting in every regards as a workstation, is
our Novell server. For everything else, the question is much more
what software the system has actively turned enabled, rather than whether the
system is a server or a workstation.
:wondering how what % and how many attacks are targeted to go through a
:desktop- either by getting users to open an .exe or by exploiting a
:hole in an outward facing application that they have on a PC with an
:internet connection.
Hmmm, how do you count? If a single Nimda probe tests 10 different
paths that might get through various IIS vulnerability, does
that increment the count by 1 or by 10 or by some intermediate
number that depends on the number of distinct fixes that would have
to be applied to avoid the problem? If a single system scans our
entire subnet for open ftp servers, does that count as 1 attack,
or as 1 attack per populated IP address, or as 1 attack per address
probed? If there is a port which hasd been associated with one
kind of desktop vulnerability and with a second "server" vulnerability,
then which column do we increment? To get accurate counts,
do we need to set up "honeypots", deliberately expose them to
public access, and see -exactly- which exploits are tested for
by the invaliding system? (But the invading system might run
a different set of probes depending on the initial response
from the honeypot...)
- Previous message: tomwilliamz: "Re: workstation attacks vs. server attacks"
- In reply to: tomwilliamz: "Re: workstation attacks vs. server attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
