RE: Your counsel on defeating DDOS Attacks
> An idea we've bandied about a bit within MITRE is the notion of a "top
> 20 list" of the most serious and commonly exploited vulnerabilities,
I like this idea. I don't know how you'd establish what was on it, though.
Top 20 tried? Top 20 used to hack people with?
> It would just so happen that RPC services would dominate the top spots
> for the foreseeable future ;-) but it could also leave room for NT.
I'm sure there's a spot for everyone at some point or another. Generally,
when I was at ISS, about the time someone started a 'my OS is more secure
than your OS" debate was when their OS would come up with a ghastly bug the
> The top 20 list could be used to raise the bar by actually defining
> one. Conformance to the top 20 list then becomes a requirement. It
> would establish an absolute minimum that anybody should be sure they
> are protected from.
I like this. It would also give the auditing and IDS vendors significant
incentive to make sure that their tools contain checks for the top 20.
> Other lists could contain less "important"
> problems, and would imply additional levels of protection.
It would also help end-users, since the auditing tool vendors all check for
hundreds of items, and users don't always know what to start fixing.
> The list
> could be updated on a periodic basis, with input from across the
> community. As we begin to get a grip on how to model "policy," there
> could be different lists for different policies.
Very interesting ideas.