I agree. But I saw, how hackers intruded into XXX agency (USA's, I mean) 6 years ago. Cisco sources never was a great secret
Then you shouldn't be talking about it.
(a lot of people saw them; they are almost useless without Cisco's infrastructure; they are interesting for competitors in some cases, because of very interesting technical ideas, but not for the hackers). It is _MINOR_ in reality. Major can be, for example, stealing 100,000 credit card numbers, because it make sence for 100, 000 people. Just Cisco sources... hmm, 100 total people in the world will be affected, big deal...)
Okay, so if it is a Good Thing for competitors and a Bad Thing for Cisco which is a commercial company with a vested interest in not giving away their secrets to competitors, how is this not a major loss? _EVEN_ if only in reputation? Sorry, but I really don't understand why you keep trying to under-play this from different angles, and am just trying to understand your meaning.
But I agree - it just showed old truth - good security is not technical issue. Just simplerst _never use standard ports_ policy could prevent this case. Better, _use One Time Passwords and single point signature_. Primitive host based IDS (Osiris, for example). Any _real_ security policy, of course (or better, ACCESS policy, because security is nothing - ACCESS mater! No access required - no security issues...)
It's not a technical issue, yet you just told me how to do security in detail.
It is amazing. Cisco made a lot of noice about IDS, IPS, etc etc.... while no one in reality need these super expansive and complex tools (except few dozens of companies under the DDOS risk); but
IDS.. IPS.. etc.. etc... DDoS risk? I can agree with many on the complete uselessness of IDS for most companies (I can't live without it!).. IPS systems are a different matter.
missed so simple thing as ssh exploit in their own nest. (It is not harmless - we found ssh trojan on my previous job, just exactly the same
Let me Google you and find where you worked. :o)
case - ssh opened to Internet, port #22! Since this, I never allow ssh on port 22, Terminal Service on port 3389, managemen t web on port 80 or 443, and so on... /even when servcie is allowed, which is policy issue/...
And I'll port-scan you to find out what port you are running SSH on, as it is open to the net.
Burrowing from that, if the attack is successful, and the loss is significant, I think the way there - although cute, is irrelevant except
I mean _MINOR_ because lost was minor, in reality. No because it was ssh exploit.
Okay, I still don't follow you. I don't mean to be annoying but I really don't. Let's not move too much into the realm of security and stay in net ops. How is this not a loss and not a risk? If we can't reach an agreement I suggest we take this off-list. Gadi.