FW: Cost of Worm Attack Protection

sgorman1 at gmu.edu sgorman1 at gmu.edu
Thu Nov 13 22:58:50 UTC 2003



Ideally you would have a different metric for each AS type depending on their tolerance for risk.  The lower the tolerance for risk the higher the investment made in security precautions.  Unfortanately classifying 14,000+ AS's is taking a little longer than I thought, but that is the end goal.  Hopefully another few weeks.  Even once you have some type of classification schema ideally you still need some kind of cost metric you can scale.  

There is also the problem of data.  The only solid data I've seen at the AS level to approximate size is number of connections to other AS's.  I've seen some stats with number of servers at the AS level but not for the whole AS population.  

----- Original Message -----
From: Sean Donelan <sean at donelan.com>
Date: Thursday, November 13, 2003 5:35 pm
Subject: Re: FW: Cost of Worm Attack Protection

> On Thu, 13 Nov 2003 sgorman1 at gmu.edu wrote:
> > I guess the hypothetical would be if you were in charge of 
> security for
> > an AS what would be the cost to put a best-effort worm 
> mitigation system
> > in.
> 
> What kind of AS?
> 
> An AS used by a military organization that has authority over its 
> usersand can through them in the brig for failing to follow 
> commands and
> policy?
> 
> An AS used by a commercial enterprise that has authority over its 
> usersand can fire them for failing to follow commands and policy?
> 
> An AS used by a university enterprise that has authority over its 
> usersand can expell them for failing to follow commands and policy?
> 
> An AS used by a service provider that has authority over its users and
> can terminate their network access for failing to follow commands and
> policy?
> 
> An AS used by a public agency that is required by law to permit all
> citizens access to information until proven beyond reasonable 
> doubt the
> access was misused?
> 
> 
> 




More information about the NANOG mailing list