[iwar] Historical posting

From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com
Mon, Jan 1, 1999

Messages sorted by: [ date ][ subject ][ author ][ recipient ]
Next message: From: Fred Cohen To: "[iwar] Historical posting"
Previous message: From: Fred Cohen To: "[iwar] Historical posting"

fc  Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, Jan 1, 1999
From: Fred Cohen 
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting

             My 2 cents worth:

>I would disagree with the seeming assumptions here:
	>1) You can't be good at defense without being good at offense
	>2) That the offensive side is sharing with the defensive side

I would suggest that to have a truly strong computer network defense you
must continually
subject an architecture to attacks which are at the current cutting
edge(i.e. NOT SATAN!).
The most secure network environments that I have seen are commercial
organization under
constant attack due to perceived and/or real offenses against a hacker
supported community,
for example the environmental community.

For the US Government this requires a cutting edge "Red Team" i.e. offensive
capability.
The US has done this; a good example would be the publicized "Eligible
Receiver" Exercises
(crypt newsletter 55 - May 99). This also supports the assumption that the
offensive is
sharing with the defensive. However, as an aside I don't believe it has
helped the DOD
Infosec posture at all.

>> The US government has long been under attack by well known individuals
who
>> have decided to wage their version of cyber-warfare on it's own soil.
What

>Who are these individuals? What specific evidence do you have? Can you
>point us to stories, examples, references, personal experience?

MOD & Global Hell government web attacks in May 99(CNN), CDC & LOD script
kiddie tools,
the recent Australian Exchange attack via a DOD box, Many discussions in
2600 referencing
NIPRNET & SIPRNET, etc... Every hacker on the block wants a .mil or .gov!

>> There are lots of threads on the defensive issue, unversities are the
>> greatest ones for these, they are the ones currently researching into the
>> defensive measure. You can't find an IDS system out there without
realizing
>> that it was partialially or totally developed by students.

>In my experience, universities are and have long been the last to come
>to this issue, they are doing it poorly, few substantial research
>results have come out of universities, and they are always way behind
>the results from other sectors in this field.  I can't find an IDS
>system out there that came from a university.  Can you identify one in
>real-world use?

I have no information relating to IDS' at universities, however the majority
of useful UNIX security tools are developed at university research centers
such
as COAST at Purdue. Tripwire, swatch, tiger, etc...

>I guess we must see things very differently, but I invite you to prove
>these beliefs of mine wrong with some facts.

Next message: From: Fred Cohen To: "[iwar] Historical posting"
Previous message: From: Fred Cohen To: "[iwar] Historical posting"