North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Internet attack called broad and long lasting
> I agree. But I saw, how hackers intruded into XXX agency (USA's, I mean) 6 > years ago. Cisco sources never was a great secret Then you shouldn't be talking about it. > (a lot of people saw them; they are almost useless without Cisco's > infrastructure; they are interesting for competitors > in some cases, because of very interesting technical ideas, but not for the > hackers). It is _MINOR_ in reality. Major can be, > for example, stealing 100,000 credit card numbers, because it make sence for > 100, 000 people. Just Cisco sources... hmm, 100 total people in the world > will be affected, big deal...) Okay, so if it is a Good Thing for competitors and a Bad Thing for Cisco which is a commercial company with a vested interest in not giving away their secrets to competitors, how is this not a major loss? _EVEN_ if only in reputation? Sorry, but I really don't understand why you keep trying to under-play this from different angles, and am just trying to understand your meaning. > But I agree - it just showed old truth - good security is not technical > issue. Just simplerst _never use standard ports_ policy could prevent this > case. Better, _use One Time Passwords and single point signature_. Primitive > host based IDS (Osiris, for example). Any _real_ security policy, of course > (or better, ACCESS policy, because security is nothing - ACCESS mater! No > access required - no security issues...) It's not a technical issue, yet you just told me how to do security in detail. > It is amazing. Cisco made a lot of noice about IDS, IPS, etc etc.... while > no one in reality need these super expansive and > complex tools (except few dozens of companies under the DDOS risk); but IDS.. IPS.. etc.. etc... DDoS risk? I can agree with many on the complete uselessness of IDS for most companies (I can't live without it!).. IPS systems are a different matter. > missed so simple thing as ssh exploit in their own nest. (It is not > harmless - we found ssh trojan on my previous job, just exactly the same Let me Google you and find where you worked. :o) > case - ssh opened to Internet, port #22! Since this, I never allow ssh on > port 22, Terminal Service on port 3389, managemen t web on port 80 or 443, > and so on... /even when servcie is allowed, which is policy issue/... And I'll port-scan you to find out what port you are running SSH on, as it is open to the net. >>Burrowing from that, if the attack is successful, and the loss is >>significant, I think the way there - although cute, is irrelevant except > > I mean _MINOR_ because lost was minor, in reality. No because it was ssh > exploit. Okay, I still don't follow you. I don't mean to be annoying but I really don't. Let's not move too much into the realm of security and stay in net ops. How is this not a loss and not a risk? If we can't reach an agreement I suggest we take this off-list. Gadi.
|