Re: Trends in network operator security
On Wed, 8 Jan 2003 todd.glassey@att.net wrote:
Arent these more the attack trends of tier-3 providers and not network operators.
Maybe. I don't see too many tier-1 network operators attacking other tier-1 network operators. The trend I continue to see affecting network operators is customer security incidents, i.e. compromised end-user applications.
Seems to me that The the real issues is when the tier-2 and tier-1 infrastructure come under attack. Otherwise these others are all at the applications layer - which so few on this list are interested in.
There are lots of interesting problems, but I don't know if 2003 is the year. DOS is just too much fun. Route hijacks/bogus origins Compromised infrastructure MLPS alteration Authentication attacks Physical intrusion
Unnamed Administration sources reported that Sean Donelan said:
There are lots of interesting problems, but I don't know if 2003 is the year. DOS is just too much fun.
Route hijacks/bogus origins Compromised infrastructure MLPS alteration Authentication attacks
Physical intrusion
This last one just hit the big bell atop the pole. Don't recall if NANOG mentioned it, but mid-December someone broke into a DOD-contractor HMO's server farm; and stole all the drives. Google-news on "TriWest"... It was clearly an organized identity theft. They got 500,000 names, medical records and SSNs. What data do YOU have that people might want to steal? Is it encrypted? -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
On Thu, 9 Jan 2003, David Lesher wrote: > Don't recall if NANOG mentioned it, but mid-December someone broke > into a DOD-contractor HMO's server farm; and stole all the drives. > It was clearly an organized identity theft. They got 500,000 > names, medical records and SSNs. Repeat, for those who didn't get the import of that: They took the _medical records_ of _half a million_ US _soldiers_ and their families. Regardless of the identity-theft aspect, it's hard to imagine them not seeing a lucrative aftermarket for that batch of data. -Bill
They took the _medical records_ of _half a million_ US _soldiers_ and their families.
Regardless of the identity-theft aspect, it's hard to imagine them not seeing a lucrative aftermarket for that batch of data.
And just think, courtesy the USA "Patriot" act, next time it won't just be -military- records they get, it will be yours. America is starting to look more and more like the movie "Minority Report".
-Bill
On Thu, 9 Jan 2003, Sean Donelan wrote:
On Wed, 8 Jan 2003 todd.glassey@att.net wrote:
Arent these more the attack trends of tier-3 providers and not network operators.
Maybe. I don't see too many tier-1 network operators attacking other tier-1 network operators. The trend I continue to see affecting network operators is customer security incidents, i.e. compromised end-user applications.
Would be nice to see all tier-X service providers provide more (working) knobs and response teams to help their customers and peers track, diagnose and defend and protect themselves against security attacks. Pete. http://pete.kruckenberg.com/blog
On Thu, 9 Jan 2003, Pete Kruckenberg wrote:
Would be nice to see all tier-X service providers provide more (working) knobs and response teams to help their customers and peers track, diagnose and defend and protect themselves against security attacks.
Symantec charges between $1,000-$2,000/month for a small or mid-size company. http://www.washingtonpost.com/wp-dyn/articles/A28625-2003Jan8.html Every major tier-1 service provider I know has a professional services consulting team customers can hire to help with security.
On Thu, 9 Jan 2003, Sean Donelan wrote:
On Thu, 9 Jan 2003, Pete Kruckenberg wrote:
Would be nice to see all tier-X service providers provide more (working) knobs and response teams to help their customers and peers track, diagnose and defend and protect themselves against security attacks.
Symantec charges between $1,000-$2,000/month for a small or mid-size company.
http://www.washingtonpost.com/wp-dyn/articles/A28625-2003Jan8.html
Every major tier-1 service provider I know has a professional services consulting team customers can hire to help with security.
I think pete's thing was more that all isp's should have 24/7 security folks on call/staff that can track attacks/incidents and hand that tracking off to their partners at other isp's as they reach the edge of their network. Say, what about a consulting service that does this for all large isps :)
participants (6)
-
Bill Woodcock -
Christopher L. Morrow -
David Lesher -
Pete Kruckenberg -
Richard Irving -
Sean Donelan