[Nolug] Meeting - Worm Control and Deflection

From: Joey Kelly <joey_at_joeykelly.net>
Date: Thu, 26 Aug 2004 12:05:33 -0500
Message-Id: <200408261205.33427.joey@joeykelly.net>

---------- Forwarded Message ----------

This is an automated event reminder from the Baton Rouge Chapter of the
Information Systems Security Association. For questions please contact
info@br-issa.org.

There are only 12 days left until the following event:

Event Name: Meeting - Worm Control and Deflection
Speaker: Stuart Hoffmann from Arbor Networks
Topic: Worm Control and Deflection
Date: 2004-09-07 18:30:00

Location: Bluebonnet Regional Library

Worms are a threat unlike other threats. Worms are not DoS. Worms are
not a virus threat. Worms amplify security vulnerabilities by
exploiting them worldwide within minutes. Speed, pervasiveness, and
widespread susceptibility allow worms to transcend the classic threat
model and become a service-level threat: SQL Slammer doesn't attack
individual SQL Servers, it affects the SQL Service as a whole.
Service-level threats require service-level responses. A total
service-level response can only be realized at the network level.

Speed: Worms propagate faster than the "control loops" of conventional
security technology. The IDS/IPS "detect, correlate, filter" cycle runs
slower than a worm, providing a window of vulnerability.
End effect: "Whack-a-mole" --- even with pervasive IPS deployment,
network converges to a state where all vulnerable hosts are infected.

Safety: There exist machines (trading feed, manufacturing floor,
telesurgery) that cannot be disrupted even if they are infected. 100%
accuracy does no good in these environments.
End effect: Worm defense is more expensive than the original worm
outbreak.

Pervasiveness: Most network security technology is deployed at the
Internet perimeter. Worms get in anyways: infected laptops, partner
networks.
End effect: Without pervasive internal coverage of detection &
mitigation technology, worm spread cannot be stopped.

At this presentation you will learn how to protect yourself from this
threat.

To learn more visit the calendar at:
http://www.br-issa.org/calendar.php3

Know someone who might want to join the ISSA? Have a colleague you'd
like to bring along? Feel free to send them this email.

The Baton Rouge Chapter of the Information Systems Security Association
- http://www.br-issa.org
...

------------------------------------------------------- 

-- 
Joey Kelly
< Minister of the Gospel | Linux Consultant >
http://joeykelly.net
"I may have invented it, but Bill made it famous."
 --- David Bradley, the IBM employee that invented CTRL-ALT-DEL
___________________
Nolug mailing list
nolug@nolug.org
Received on 08/26/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST