[iwar] Historical posting

From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com
Mon, Jan 1, 1999

Messages sorted by: [ date ][ subject ][ author ][ recipient ]
Next message: From: Fred Cohen To: "[iwar] Historical posting"
Previous message: From: Fred Cohen To: "[iwar] Historical posting"

fc  Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, Jan 1, 1999
From: Fred Cohen 
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting

             At 08:37 PM 10/18/99 -0400, you wrote:
>From: "Glenn Williamson" grwilliamson@h...
>
>I think current government thinking is along the lines of defensive nature,
>but the post side of a defensive nature is developing an offensive nature.
>How can you learn what you would need defensivly without learning the flip
>side.

I agree that both sides need to be investigated, and deployment of the
consequent capability is probably inevitable...

It just seems to me (perhaps naively) that, in the "cyber" case, defense is
so much more attainable than it is in the physical world.

Consider the contrast with the "Star Wars" defensive shield concept.  There,
enormous effort and funding are required to shoot down a satisfactory fraction
of incoming projectiles, and a modest offensive investment can almost surely
take the defense down (a few well-aimed satellites packed with gravel, a large
proportion of fake warheads, etc.)  And the enemy, being huge enough to launch
an offense in the first place, is easily identified and targeted for a
retaliatory strike.  Hence Mutually Assured Destruction works well (so far).

In the cyber case, the enemy may be lightweight, transient, and virtually
unidentified.  They may reveal no particular affiliation with any identifiable
nation.  Where to direct a retaliatory strike?  I don't believe that "M.A.D."
is a viable strategy in cyberwarfare.  In fact, this may be one arena where
surely one's security is not enhanced by making others less secure.

Key to an effective cyber-offense is the "discovery" process (take Dan Farmer's
"Satan" tool for example) that helps identify an adversary's systems, topology,
available services, and software versions, from which vulnerabilities can be
deduced.  This is why I take an interest in Fred Cohen's Deception Tool Kit.
It presents a real twist to cyberwarfare, and I cannot begin to deduce its
benefit/liability relationship.  On the one hand, I laud it for its ability
to frustrate the potential adversary.  On the other, I am concerned for the
future of "good-bots" that may be needed, like an auto-immune response, to
eliminate malicious agents.  Will DTK thwart them as well?  Is this bad?

___tony___

Tony Bartoletti                                             LL
IOWA Center                                              LL LL
Lawrence Livermore National Laboratory                LL LL LL
PO Box 808, L - 089                                   LL LL LL
Livermore, CA 94551-9900                              LL LL LLLLLLLL
phone: 925-422-3881   fax: 925-423-8081               LL LLLLLLLL
email: azb@l...                                   LLLLLLLL

Next message: From: Fred Cohen To: "[iwar] Historical posting"
Previous message: From: Fred Cohen To: "[iwar] Historical posting"