|
Dailydave
mailing list archives
Re: Going against the Gradient
From: "J.M. Seitz" <jms () bughunter ca>
Date: Tue, 22 Jan 2008 14:24:12 -0800
Dave my man. I agree that security is an arm's race for signature based
products. Though should we throw out the baby with the dirty water? Is
no firewall, VLANs, route filtering, IDS, AV, central
management/logging, etc better than a lame one?
Yeah, in some cases it is better to not have something than to have a
lame one. When I say lame I am factoring in the host of client-sides
which are rarely (if ever) detected, the constant stream of AV 0-day,
and other badness. Let's be honest, the nRuns guys were right: "defense
in depth is dead and we killed it."
Hey, and since you brought up Vista you've got to admit that they're
making exploitation more challenging ... though the reverse affect of
that is that all 0days are now underground and not getting published
since they're worth way too much. So while Vista may be more secure in
terms of number of 0days out there ... the severity of secret ones
(which as you mention bypass AV/IDS/etc) has risen. And it's not like
we can all just stop using browsers and email clients.... :) Security's
not such a lost cause - it's just as challenging as ever!
I agree, I don't think that security is a lost cause. I think that in
order to really make a difference as info-sec professionals, we have to
_really_ step into the shoes of a real attacker with a real business
model. The only way we can continually advance our protection mechanisms
is to increase the complexity and virulence of our simulated attacks.
Whoever hires the best attackers will ultimately stay ahead in the arms
race.
JS
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
| 
Intro
