Home page logo

nanog logo nanog mailing list archives

Re: Navy Marine Corps Internet hit
From: Scott Weeks <surfer () mauigateway com>
Date: Wed, 20 Aug 2003 10:34:13 -1000 (HST)

On Wed, 20 Aug 2003, Sean Donelan wrote:

: On Tue, 19 Aug 2003, Scott Weeks wrote:
: > on the .pif, .scr, etc. attachments...)  Maybe I was just lucky.  Most
: > likely, though, they did not create "security zones" to keep problems
: > contained within certain network segments and not let them out to destroy
: > other networks.
: Luck is very important.

Yes, it is.  <knock, knock> (on wood)

: may have 100,000 users with identical configurations (software, patch
: levels, etc) in one big flat network.  A large homogeneous population is
: vulnerable to a common infection.  Nachia has a very effecient scanning

I didn't mean to suggest the network was one large, flat network.  It can
be segmented and have no "security zones", it can be segmented and have
said zones, and it could be a BAFN. (Big A$$ Flat Network)  It's just
security-wise the network should be cut into zones (which may or may not
follow the L3 topology) that are controllable from a security stand
point.  From the article (the author's reputation is an unknown) it
appears that this is not the case.

I see above I hinted that the security zones followed the network
segmentation and I didn't mean that.  One security zone could have more
than one network segment, etc.

Like I need to tell you this...  :-)  However, I just wanted to clear the
point that I fouled up.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]