Folks,

Just to clarify what we are looking for. We know how
to configure all the seperate parts (routers,
firewalls, IDS, etc.). We were wondering if anyone
ever wrote a white paper on creating an engine to
automate/manage all the individual parts. So far I
have found nothing. This is a Herculian project I
think... However I want to thank everyone for their
contributions to this tread, they were all very
interesting.

Regards, David

David R. Hawley, CEO ~ CISSP
UNIX & NT NETWORK SECURITY, LLC
1980 16th St. Ste, P-209
Newport Beach, CA 92663
949-645-5932

--- Geoff Galitz <galitzchem.berkeley.edu> wrote:
>
> On Friday, May 10, 2002, at 06:05 PM, Harvey
> Newstrom wrote:
>
> >
> > On Thursday, May 9, 2002, at 03:47 pm, Ray Parks
> wrote:
> >> Just remember this aphorism - Depth without
> Breadth is useless.
> >> We engaged in a series of experiments within
> the DARPA IA program in
> >> which we proved that Defense in Depth is an
> over-rated concept.
> >> Layered
> >> defenses can actually be weaker than single
> defenses because
> >> administrators/developers think that another
> layer is providing the
> >> defense
> >> they are ignoring. The results of these
> experiments were recorded in a
> >> paper, unfortunately I don't have a cite at this
> time.
> >> Bottom line - we were able to get through
> layers of defense in depth
> >> because we could attack each layer in a different
> way. This allowed
> >> attacks to woogle through to the goal despite
> multiple layers of
> >> defense.
> >>
> >
> > I have seen similar studies long ago relating to
> alarm monitoring.
> > Items being monitored by multiple people had worse
> response times than
> > items monitored by a single person! It turned out
> that people would
> > frequently be lax and assume that someone else was
> handling it.
> >
> > I have also seen this scenario in help desk or
> message queues. Some
> > ringing phones or e-mails would remain unanswered
> for days because
> > everybody was answering other items and assumed
> the missed item would
> > be caught by somebody else somewhere.
>
>
> I would point out that the issues cited above are
> issues of
> deployment and internal procedure which are separate
> from
> the network vulnerability issues. Of course, the
> two are linked,
> but the lesson to take home is that the right answer
> will vary
> between different organizations. The variables
> include how
> well the security operation runs, is it integrated
> with the general
> IT organization, how responsive are those teams in
> general,
> do they have well-functioning and well-known
> procedures and
> so on...
>
> One size does not fit all.
>
> -geoff
>
>
>
----------------------------------------------------------------------------------
> Geoff Galitz |
> UC Berkeley |
> D'oh!
> galitzuclink.berkeley.edu |
> http://www.cchem.berkeley.edu/College/unix
> http://www.cchem.berkeley.edu/~galitz
>

__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]