[Dshield] F-Secure: So who is Diabl0?

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Tue Aug 30 16:30:39 GMT 2005

On Tue, 30 Aug 2005 03:08:13 EDT, jayjwa said:
> people out there that do this sort of stuff. If I was responsible for a 
> company such as CNN, or some other multi-billion dollar firm, you could be 
> darn well sure I wouldn't be letting my networks fall prey to a kid that 
> downloaded some point -n- click bot, worm or whatever.

The problem is that if you're a multi-billion dollar firm, you likely have tens
of thousands of employees, the vast majority of whom are good little worker
drones who don't share your enthusiasm for keeping the network secure.

There's plenty of methods for mitigation, ranging from user training to
fascist locking down of the network portals to only registered MAC addresses
and forcing corporate-only control of the desktop via GPO - but none of
this *ensures* that your network won't fall victim. It only makes it less likely.

And at some point, your network has gotten fascist enough that the added
expense of adding more fascism exceeds the additional drop in likelyhood of
an incident.  When you hit this point of diminishing returns, it's time to
stop and go have a pint of Guinness at the London Underground(*)....

(*) Yes, there *is* a Guinness-and-darts pub in town called that, as many
SANS instructors can testify... :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050830/6e41b869/attachment.bin

More information about the list mailing list