[Dshield] Security in Layers

John Holmblad jholmblad at aol.com
Fri Mar 26 23:09:20 GMT 2004


I did not mean to convey by my remarks an anti-IDS bias. In addition to 
using IDS to detect attacks from the "inside", I am a strong proponent 
of using per desktop firewalls and strong enforcement of the principle 
of least privilege on all enterprise systems (not just the servers) with 
auditing of access to sensitive resources especially in the small & 
medium enterprise market.  In other words create the mind set in the  
organization enforce by policy that the desktop/laptop computer is a BT 
(business tool) with business specific purposes and not a  PC with 
"freestyle" personlization capabilities.

Although I do not have personal experience with Cisco's Security Agent 
(formerly called the Okena Stormwatch system) which  claims to not just 
detect but also prevent intrusions, I believe that this kind of solution 
could be a viable mitigant to the risk of insider attack whether from a 
Trojan or disgruntled employee. I have checked the pricing on this 
technology with Cisco and they offer  a version of that product, lets 
call it the limited edition,  whose pricing is tuned for medium sized 
enterprises. The price of that version starts at $8000 in the US for a 
small number of desktops + additional cost for additional desktops. For 
125 desktops the total price works out to ~$129/desktop not including 
the cost of the server hardware to run the management server software.

In the end each enterprise has to conduct its own analysis of the total 
cost in its own economic situation of any potential solution which may 
include capital and/or labor and/or service outsourcing costs. When it 
comes to security solutions, obviously a security professional who is 
involved in such analysis and decision making has to have a good 
understanding for each potential solution of what the corresponding 
component costs are. I think one reason why sysadmins are often so 
overloaded in their jobs is that insufficient attention is paid to the 
labor component of those costs. In simpler terms we all tend to 
underestimate how much work it is for an individual or team to maintain 
a given solution and in my experience this underestimation problem gets 
worse the further up the management chain you go.


Best Regards,


John Holmblad


Televerage International



(H) 703 620 0672

(M) 703 407 2278

(F)  703 620 5388


primary email address:  jholmblad at aol.com

backup email address:  jholmblad at verizon.net


www page:                     www.vtext.com/users/jholmblad

text email address:        jholmblad at vtext.com

More information about the list mailing list