>
> Where can I locate the formal results of the study of Internet vulnerability
> that yielded the 5% detection figure? I must have been sleeping when this
> reference went through the list...
>
> Andy
>
Of course any such figure has to be taken with a grain of salt. There
is a famous quote from Donn Parker who once said (at an IFIP conference)
that 84.6% of all attacks are never detected. But of course, if they
are never detected, how do we know that it's 84.6%?
The legitimate answer comes from statistics. AT+T and DEC as well as
many others publish detection rates of 1 or more attempted entries per
day on their Internet connections. Several unpublished reports support
this, and my server gets this or more in the way of non-accidental
probes per day. So if we take that as the basis for the real figures,
and then do some sampling and ask sys-admins (in confidence) how many
detections a year they get, we find that the average sysop gets only a
few incidents per year. We conclude that only 1%-5% (depending on the
precise figures derived from the study) of attacks are detected.
As a simple example, (see my book for details) the DoD finds that less than
1 in 8,000 attacks in the DoD are detected and 80% attain root priviledge.
--
-----------------
\Management /\/| 216-686-0090 - PO Box 1480, Hudson, OH 44236
\ /\/ | Check out info-security heaven and test your system
\/\ /\/ | for known vulnerabilities at URL:
\/Analytics| http://all.net:8080
-----------------
Read "Protection and Security on the Information Superhighway"
-just released by Wiley and Sons-
References:
|
|
