Firewalls: Re: Security Risk Assessment (was Re: Access control for SMTP?)

Firewalls
(September 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Security Risk Assessment (was Re: Access control for SMTP?)
From:	charisse @ Smallworks . COM (Charisse Castagnoli)
Date:	Sun, 26 Sep 93 10:25:00 CDT
To:	nagler @ olsen . ch, uunet!research.att.com!smb
Cc:	Firewalls @ GreatCircle . COM

Regarding the recent conversations about risk assessment.  I can 
offer the following quantative numbers...

I work with a gentleman named Steve Smaha who did his research paper
at UC Davis on Distributed Intrustion Detection (DIDS).  As part of the
project they wrote a network level monitor and captured Internet
traffic for 3 months.  During that time they discovered 400 network
based attachs.  After contacting many of the systems administrators
subject to the attacks they came up with a discovery rate of about 2-4%.
That is >90% of all network attacks are undiscovered.  

Hope that makes you sleep better at night.

Charisse Castagnoli				Smallworks of Travis Co.
charisse @
 smallworks .
 com				512 338 0619

Indexed By Date	Previous:	DNS w/NIS From: "Jonathan B. Horen" <horen @ zeus . datasrv . co . il>
Indexed By Date	Next:	Re: DNS w/NIS From: Brent Chapman <brent @ GreatCircle . COM>
Indexed By Thread	Previous:	Re: Security Risk Assessment (was Re: Access control for SMTP?) From: chk @ alias . com (C. Harald Koch)
Indexed By Thread	Next:	Serious security bug in MorningStar PPP From: Brent Chapman <brent @ GreatCircle . COM>