lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Dec 2006 17:32:24 -0800 From: Roland Dobbins <rdobbins@...co.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: emergent security properties On Dec 26, 2006, at 4:19 PM, coderman wrote: > the only example that comes to mind is distributed / collaborative > anomaly detection systems which become more robust with a larger > number of entities and interactions to observe. While scale introduced complexity in terms of opex and maintenance, I'm not sure it carries the distinction of qualitative complexity implied by the previous poster. Perhaps a better example would be an anomaly-detection system which correlates multiple types of telemetry with differing paradigms (say, NetFlow alongside syslog) in order to increase the fidelity of detection/classification/traceback/analysis. Another example would be introducing antispoofing functionality into a network infrastructure by deploying uRPF, IP Source Verify, iACLs, et. al. - this does introduce more complexity into the system, but it has very real security benefits both for the deploying organization as well as other organizations who in some fashion interconnect to one degree or another with the deploying organization (i.e., everyone on the public Internet, business partners interconnected via extranet WAN links or VPN tunnels, etc.). Enabling telemetry export/ collection/analysis, deploying iACLS/rACLs/CoPP, enabling telemetry export to collection/analysis systems, and many other similar activities are also examples of increased complexity leading to better security. As an aside, Slammer did not in fact take down 'much of the Internet'; some SP infrastructure was affected, but the vast majority of networks affected were enterprise networks. http://www.caida.org/publications/papers/2003/sapphire/sapphire.html http://www.beyondbgp.net/pubs/2003/bbgp_iwdc03.pdf http://momo.lcs.mit.edu/slammer/ http://www.eecs.umich.edu/~zmao/Papers/SPECTS06-camera.pdf ----------------------------------------------------------------------- Roland Dobbins <rdobbins@...co.com> // 408.527.6376 voice All battles are perpetual. -- Milton Friedman _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists