Issues
- Number of vulnerable systems increasing as discovery of new
holes continues and more systems are put on the Internet
- Use "Root
Kits" exceeds skill level of average sysadmin, making
response slow, costly, or entirely ineffective in many cases
- Speed of intrusion, and complexity of response, overwhelms
small incident response staff and system administrators
- Poor understanding of network monitoring tools/techniques
slows response
- Use of UDP and ICMP_ECHOREPLY packets hard to detect/block
- When building networks, pick any two: Fast, Reliable, Secure
- Short of firewalls or IDS at borders, about the only useful
tactic is to monitor "net flows" to detect initial intrusion
signature (lack of tools/standards for doing this)
[End]
|
[Prev]
Dave Dittrich <dittrich@cac.washington.edu>
Last modified: Mon Nov 1 22:12:00 PST 1999