[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Your counsel on defeating DDOS Attacks
> An idea we've bandied about a bit within MITRE is the notion of a "top > 20 list" of the most serious and commonly exploited vulnerabilities, I like this idea. I don't know how you'd establish what was on it, though. Top 20 tried? Top 20 used to hack people with? > It would just so happen that RPC services would dominate the top spots > for the foreseeable future ;-) but it could also leave room for NT. I'm sure there's a spot for everyone at some point or another. Generally, when I was at ISS, about the time someone started a 'my OS is more secure than your OS" debate was when their OS would come up with a ghastly bug the next day. > The top 20 list could be used to raise the bar by actually defining > one. Conformance to the top 20 list then becomes a requirement. It > would establish an absolute minimum that anybody should be sure they > are protected from. I like this. It would also give the auditing and IDS vendors significant incentive to make sure that their tools contain checks for the top 20. > Other lists could contain less "important" > problems, and would imply additional levels of protection. It would also help end-users, since the auditing tool vendors all check for hundreds of items, and users don't always know what to start fixing. > The list > could be updated on a periodic basis, with input from across the > community. As we begin to get a grip on how to model "policy," there > could be different lists for different policies. Very interesting ideas.