Re: Controversial paper - Good response article on ZDNet

From: George Ou (533george_ou234_at_netzero234.com)
Date: 10/12/03 

Date: Sun, 12 Oct 2003 07:27:06 GMT

On Sun, 12 Oct 2003 06:28:22 GMT, Mack
<macckone@a_nospamjunk123_ol.com> wrote:

>There has been a lot of talk about blended threats lately, mostly in
>the context of worms that try multiple attacks against a single OS but
>dual OS blended threats aren't exactly a new worry. The ideal
>situation is good administration but neither unix nor windows lends
>itself to good administration although both are getting better. In
>this respect I would have to say windows is improving faster.

I agree with you on that. I think it's because of the extra presure
MS is facing that is forcing them to improve at a faster pace. The
day that a Windows worm turns around and attacks Solaris machines on
typical things like Solaris RPC, Sun's version of Sendmail, Oracle's
bundled version of 1 year outdated Apache for their 11i app server
which Oracle DBAs are afraid to patch because it might break
something, you will see the apocalypse.

The day will also come when Windows worms trunk them selves into a
Cisco switch and nuke all VLANs because Cisco switches are wide open
by default, or lauch MAC flooding attacks, or launch DoS attacks on
Cisco IOS for switches and routers, or performs a spanning tree
attack, you will again see heads roll.

2 years ago, a Solaris worm actually went around defacing IIS sites.
It's only a matter of time before that favor is returned 100 fold.

>>If you really care about computer security, go to SANS or Cert.org and
>>implement all the best practices and harden everything and patch
>>everything. I'm interested in real security, things like implementing
>>malicious code scanners at the HTTP, FTP, and SMTP gateways.
>>Implement network IDS systems. Implement a proper network design that
>>mitigates the DoS effects of things like blaster. Implement routine
>>vulnerability scans of your entire network. I don't care for this
>>CCIA diatribe. I care about real security, and that has very little
>>to do with if you're in the MS, OSS, Sun, Oracle, or IBM camp.
>>
>>
>>George Ou
>>http://www.LANArchitect.net
>
>MS is the biggest target because they have a monopoly. If
>oracle succeeds in taking over peoplesoft they are likely to become
>a major target as well. The paper was trying to make the point that
>diversity is good, monoculture is bad. I have already said I don't
>think there is an easy solution. Expecting every user to become
>proficient in good security is totally ridiculous.

People that hack Oracle and Sun flaws do so for financial gain, and
are very unlikely to make noise. People who hack IIS or write worms
want to say "hi mom", or "hey administrator, you're an idiot". Just
look at that wannabe idiot that got caught making a cheap variant of
Blaster.

If you believe it's too complex to ask people to turn on Windows XP
ICF (Internet Connection Firewall), I don't see how you can claim that
it would be better if they ran on different OSes and Office apps.

Bottom line, you're asking for security through diversity (or
obscurity). I'm calling for real security, independent of platform.

>Critical infrastructure already has a great deal of diversity.
>Unfortunately far more of the global community consists of
>home users who are completely clueless.

The hell it's diverse, Cisco switches and routers run the internet.
The reason that is fairly resilient is because the people that run
them are systematic and take security extremely seriously. It has
nothing to do with diversity.

George Ou
http://www.LANArchitect.net

Relevant Pages

  • Re: Awu / Wu / Autowu trojan
    ... > Thanks for the info. I'm not a regular visitor in this NG, so who is Luke? ... Most of these types of worms were self defeating in that they downloaded ... Whilst on the subject of vulnerabilities ... ... I'm tending to believe that _basic_ BOF attacks are becoming harder to ...
    (comp.os.linux.security)
  • Re: Should ISPs send bounceback on mail to non-existent address?
    ... >>guess really can be comunicated to a spammer or only serves the purpose ... Most worms are written so as they can spread themselfes as fast as ... getting mail adresses found by worms in rumpestilz attacks (since the ... >And couldn't that separate device/system block rumpelstilz attacks even ...
    (comp.mail.misc)
  • RE: Ping Cyberkit 2.2
    ... linuxserver snort: ICMP PING CyberKit 2.2 Windows ... Captus Networks ... - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans ...
    (Security-Basics)
  • Re: Linux and viruses, worms, etc (newbie)
    ... > There are no linux/unix viruses, trojans or worms. ... http://www.cert.org/advisories/CA-2002-28.html (sendmail trojan horse) ... Most distributions weren't affected by these attacks (apart from the ... apache/mod_ssl vulnerability), but it is not inconceivable that a future ...
    (alt.os.linux.suse)
Quantcast