Regarding the recent conversations about risk assessment. I can
offer the following quantative numbers...
I work with a gentleman named Steve Smaha who did his research paper
at UC Davis on Distributed Intrustion Detection (DIDS). As part of the
project they wrote a network level monitor and captured Internet
traffic for 3 months. During that time they discovered 400 network
based attachs. After contacting many of the systems administrators
subject to the attacks they came up with a discovery rate of about 2-4%.
That is >90% of all network attacks are undiscovered.
Hope that makes you sleep better at night.
Charisse Castagnoli Smallworks of Travis Co.
com 512 338 0619